[Resolu] VBS Malware-gen, Win32 Trojan-gen et rootkit

Bonjour,

Avast a detecte plusieurs virus sur mon ordinateur :
- VBS Malware-Gen, qui reapparait meme apres avoir ete mis en quarantaine ou supprimé
- Win32 Trojan-gen
- Avast detecte egalement un rootkit : C:\WINDOWS\System32\drivers\21988230.sys qui reapparait a chaque redemarrage meme apres avoir ete supprimé.

J'ai effectué un nettoyage avec Malwaresbyte anti malware. cela semble avoir résolu les deux premiers problemes, mais jai toujours une alerte d'avast pour le rootkit!

Merci davance pour votre aide!

Salut Dam75


On va vérifier cela :

Télécharge Hijackthis V 2.02 sur le bureau :

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


- Double clique sur HJTInstall.exe sur le bureau

- Clique sur Install ensuite sur I Accept

- ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

- lancer HJT et clic sur Do a system scan and save a logfile

Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.


Dans ta prochaine réponse, faire un clic droit et coller.


Aide : http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/t(...)


@++

Merci pour ta reponse!

voici le resultat du scan :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:57:36, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Samsung\EmoDio\SMSTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\eMule\emule.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programme\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactiv(...)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://www.mymow.com/webmail/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://www.mymow.com/postauthI/epi.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab55668.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15508 bytes

Salut Dam75


Télécharge SDFix par AndyManchesta sur le Bureau :

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe


Double clic sur SDFix.exe sur le bureau et clic sur Install , choisi le bureau pour l’intallation et un dossier sera créer sur le bureau.


Redémarre ton PC en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur.


Ouvre le dossier SDFix sur le bureau et double clique sur RunThis.bat, appuie sur Y pour lancer le nettoyage.

Il y aura redémarrage, quand Finished s’affichera appuie sur un touche pour terminer.

Poste le rapport qui se trouve dans le dossier SDFix sous le nom de Report.txt dans ta prochaine réponse avec un nouveau rapport HijackThis.


@++

Ok alors jai lancé SDFix, cela a bien marché au depart, lordi a redemarre et pendant la deuxieme phase du scan par SDFIx lórdi a planté (écran bleu) et a redemmaré.

avast detecte toujours le meme rootkit.


voici pour info le rapport généré par sdfix, mais qui est sans doute incomplet :

SDFix: Version 1.218
Run by Renaudeau on 22/08/2008 at 01:19

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Dokumente und Einstellungen\Renaudeau\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Dokumente und Einstellungen\Renaudeau\Lokale Einstellungen\Temp\aax456.tmp.exe - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt10.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt12.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt13.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt16B.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt1B.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt267.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt28.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt28F.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt298.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2A.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2A4.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2B.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2B1.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2D.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2E.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2E8.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2F.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2F7.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt2FD.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt308.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt31.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt321.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt32A.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt33.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt331.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt334.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt336.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt339.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt34.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt345.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt353.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt36.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt37B.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt38.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt3A3.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt48.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt49C.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt525.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt527.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt53E.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt59.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt64.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt76.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt77.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt79.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt7A.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt88.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.tt8E.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.ttB9.tmp - Deleted
C:\DOKUME~1\RENAUD~1\LOKALE~1\Temp\.ttCB.tmp - Deleted





Removing Temp Files

ADS Check :

----


voici le nouveau rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:38:04, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Samsung\EmoDio\SMSTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programme\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactiv(...)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://www.mymow.com/webmail/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://www.mymow.com/postauthI/epi.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab55668.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15610 bytes

Salut Dam75


Procédure à appliquer en entier. Si tu as des difficultés à une étape passe la mais signale le dans ta prochaine réponse.
- Si tu as des questions à poser n'hésite pas


---


Télécharge :

- OTMoveIt (de Old_Timer) sur le bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe


Télécharge et installe :

- Ccleaner http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs(...)
- Lors de son installation décoche la case devant : Ajouter la Barre d'Outils Yahoo! CCleaner


- MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe


- Mets le à jour

Tutoriel pour MalwareByte's ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php


-----


Redémarre ton PC en mode sans échec

Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur


-----


Relance Hijackthis, clique sur Do a scan system only coche la case devant les lignes suivantes

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


- Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked

- Quitte HijackThis


-----


Démarre Ccleaner


- Clique sur Options, onglet Avancé et décoche la case Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures.

- Clique sur Registre décoche la case devant Intégrité du registre

- Clique sur Nettoyeur
- Onglet Windows ne coche pas la case Avancé
- Onglet Applications laisse toutes les cases cochées


- Clique sur le bouton Analyse puis celle-ci finie sur Lancer le nettoyage


-----


- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok


-----


Redémarre ton PC en mode normal poste :

- Un nouveau rapport Hijackthis
- Le rapport MalwareByte's Anti-Malware


@++

Merci!

Alors tout a fonctionné (par contre jai telecharge OTMoveIt mais ensuite dans les differentes etapes vous ne disiez pas de l'utiliser). Malwarebytes na rien detecté, l'ordinateur a redemarré sans probleme.

Avast continue de detecter le meme rootkit.

voici le nouveau rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:35, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Samsung\EmoDio\SMSTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programme\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactiv(...)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://www.mymow.com/webmail/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://www.mymow.com/postauthI/epi.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab55668.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15403 bytes


Merci beaucoup!

Salut Dam75


Je te conseille très vivement de désinstaller Avast! pour Antivir, voir ce lien :

~ Avast! ne vous protège plus ? ~

L'utilitaire pour ça désinstallation :

http://www.avast.com/fre/avast-uninstall-utility.html


Tutoriel et téléchargement Antivir :

http://www.malekal.com/tutorial_antivir.php


Suivre le tutoriel et faire un scan en mode sans échec, sauvegarde le rapport et redémarre en mode normal et poste le rapport.


@++

Jai installe Antivir, lancé un scan et jai egalement refait un nettoyage avec CCleanner et Malwarebytes en complement, car avant tout cela Avast avait a nouveau redetecte les tout premiers virus.

voici les differents rapports :

Antivir :

Avira AntiVir Personal
Report file date: samedi 23 août 2008 00:16

Scanning for 1567932 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Renaudeau
Computer name: DAMIEN

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 22:08:17
ANTIVIR3.VDF : 7.0.6.58 236032 Bytes 22/08/2008 22:08:20
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 22/08/2008 22:08:38
AESCN.DLL : 8.1.0.23 119156 Bytes 22/08/2008 22:08:36
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 22/08/2008 22:08:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 22/08/2008 22:08:33
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 22/08/2008 22:08:32
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 22/08/2008 22:08:27
AEEMU.DLL : 8.1.0.7 430452 Bytes 22/08/2008 22:08:23
AECORE.DLL : 8.1.1.8 172406 Bytes 22/08/2008 22:08:21
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 22/08/2008 22:08:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\programme\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 23 août 2008 00:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\Programme\Microsoft Common\wuauclt.exe
[DETECTION] Is the TR/Dldr.Agent.26624.10 Trojan
[NOTE] The file was moved to '49103bae.qua'!
C:\WINDOWS\system32\lphca9qj0ej33.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] TR/Dropper.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<lphca9qj0ej33>=sz:lphca9qj0ej33.exe
[NOTE] The file was moved to '49173bb5.qua'!

The registry was scanned ( '98' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0068005.exe
[DETECTION] Is the TR/Dldr.Agent.26624.10 Trojan
[NOTE] The file was moved to '48df4d94.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070053.exe
[DETECTION] Is the TR/Dldr.Agent.26624.10 Trojan
[NOTE] The file was moved to '48df4da0.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070074.exe
[DETECTION] Is the TR/Dldr.Agent.26624.10 Trojan
[NOTE] The file was moved to '48df4da7.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070077.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4db1.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070078.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4db5.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070079.DLL
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '48df4db9.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070080.DLL
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '48df4dbe.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070081.DLL
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '48df4dc1.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070082.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4dc8.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070083.DLL
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '48df4dcb.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070084.DLL
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '48df4dd5.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070085.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0a6.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070086.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4dd6.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070087.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0a7.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070088.DLL
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '48df4dd8.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070089.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4dd7.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070090.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0a8.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070091.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0a9.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070092.SCR
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4dda.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070093.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0ab.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070094.EXE
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '48df4dd9.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070095.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0aa.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070096.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4ddb.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070097.EXE
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0ac.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070098.scr
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4ddc.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070099.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0ad.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070100.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4dde.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070105.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48df4ddd.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP336\A0070123.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b0af.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP338\A0073593.exe
[DETECTION] Is the TR/Dldr.Agent.26624.10 Trojan
[NOTE] The file was moved to '48df4df7.qua'!
C:\System Volume Information\_restore{391197E0-8C57-4C06-9C98-32E013C26E86}\RP338\A0073594.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4941b088.qua'!
C:\WINDOWS\system32\phca9qj0ej33.bmp
[DETECTION] Is the TR/Fakealert.AAF Trojan
[NOTE] The file was moved to '4912531b.qua'!
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IZWOJV8M\s1can[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49125339.qua'!
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OOBVPOES\sn[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '490a5377.qua'!
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RLGK3O4A\scn[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '491d536d.qua'!
C:\WINDOWS\system32\drivers\21988230.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48e85367.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Das Gerät ist nicht bereit.


End of the scan: samedi 23 août 2008 02:01
Used time: 1:45:51 Hour(s)

The scan has been done completely.

7740 Scanning directories
335828 Files were scanned
38 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
38 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
335789 Files not concerned
8424 Archives were scanned
1 Warnings
38 Notes

-----

Malwarebytes :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1076
Windows 5.1.2600 Service Pack 2

13:32:44 23/08/2008
mbam-log-08-23-2008 (13-32-36).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 108548
Temps écoulé: 3 hour(s), 57 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Security.Hijack) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Programme\Microsoft Common (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



merci beaucoup!

Salut Dam75


On va creuser un peu plus :

Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


==> Sauvegarde et ferme toutes les fenêtres actives, il va y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée pour lancer le scan

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++

et voila! desole mais mon systeme est allemand et du coup combofix sest automatiquement mis en allemand

ComboFix 08-08-21.02 - Renaudeau 2008-08-23 16:03:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1031.18.557 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Renaudeau\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((( Dateien erstellt von 2008-07-23 bis 2008-08-23 ))))))))))))))))))))))))))))))
.

2008-08-23 00:06 . 2008-08-23 00:06 <DIR> d-------- C:\Programme\Avira
2008-08-23 00:06 . 2008-08-23 00:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-08-22 08:46 . 2008-08-22 08:46 <DIR> d-------- C:\Programme\CCleaner
2008-08-22 01:18 . 2008-08-22 01:18 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-22 01:14 . 2008-08-22 01:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-22 00:56 . 2008-08-22 00:56 <DIR> d-------- C:\Programme\Trend Micro
2008-08-22 00:32 . 2008-08-22 00:32 61,440 --a------ C:\WINDOWS\system32\drivers\oldeij.sys
2008-08-21 23:23 . 2008-08-21 23:23 <DIR> d-------- C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Malwarebytes
2008-08-21 23:22 . 2008-08-21 23:22 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-08-21 23:22 . 2008-08-21 23:22 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-08-21 23:22 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-21 23:22 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-21 08:22 . 2004-08-10 14:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-08-18 14:51 . 2003-03-24 16:52 94,208 --a--c--- C:\WINDOWS\system32\dllcache\fpencode.dll
2008-08-18 14:49 . 2008-08-18 14:49 <DIR> d-------- C:\WINDOWS\ShellNew
2008-08-18 14:48 . 2008-08-18 14:48 <DIR> d-------- C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft Web Folders
2008-08-18 09:08 . 2008-06-14 19:57 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-18 09:08 . 2008-06-14 19:57 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-18 09:07 . 2008-05-01 16:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-29 14:11 . 2008-07-29 14:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\The Game Equation
2008-07-28 12:50 . 2008-07-28 12:50 <DIR> d-------- C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Oberon Games
2008-07-28 12:50 . 2008-07-28 12:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Oberon Games
2008-07-27 19:42 . 2008-07-27 19:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hot Lava Games

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 13:26 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Skype
2008-08-23 11:59 --------- d-----w C:\Programme\eMule
2008-08-22 22:11 --------- d-----w C:\Programme\Alwil Software
2008-08-19 08:26 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\OpenOffice.org2
2008-08-18 12:47 --------- d-----w C:\Programme\microsoft frontpage
2008-08-18 07:10 --------- d-----w C:\Programme\Java
2008-08-17 20:16 --------- d-----w C:\Programme\WordBiz
2008-08-17 20:15 --------- d-----w C:\Programme\MSN Games
2008-07-29 17:43 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\skypePM
2008-07-29 14:26 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-07-28 21:01 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Juniper Networks
2008-07-28 14:06 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-28 14:06 --------- d-----w C:\Programme\Ubi Soft
2008-07-28 14:03 --------- d-----w C:\Programme\Druids - Battle of Magic
2008-07-27 17:38 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sandlot Games
2008-07-21 11:38 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Playrix Entertainment
2008-07-21 11:14 --------- d-----w C:\Programme\Yahoo!
2008-07-21 09:54 --------- d-----w C:\Programme\Google
2008-07-19 09:22 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Yahoo!
2008-07-17 23:54 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\VisualShape
2008-07-17 23:54 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VisualShape
2008-07-17 22:53 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreshGames
2008-07-17 22:26 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
2008-07-17 16:55 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\PlayFirst
2008-07-17 16:55 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
2008-07-07 20:16 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 10:07 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Wildfire
2008-07-02 17:19 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\U3
2008-07-02 14:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gogii
2008-06-27 13:13 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\cerasus.media
2008-06-27 12:11 --------- d-----w C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Meridian93
2008-06-27 09:59 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HipSoft
2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-26 18:14 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
2008-05-26 18:14 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-05-26 18:14 507,904 ----a-w C:\WINDOWS\system32\MSLUP71.dll
2008-05-26 18:14 45,056 ----a-w C:\WINDOWS\system32\Ogg.dll
2008-05-26 18:14 352,256 ----a-w C:\WINDOWS\system32\MSLUR71.dll
2008-05-26 18:14 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-05-26 18:14 200,704 ----a-w C:\WINDOWS\system32\muzwmts.dll
2008-05-26 18:14 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-05-26 18:14 110,592 ----a-w C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-05-26 18:14 110,592 ----a-w C:\WINDOWS\system32\tg_dump.dll
2008-05-26 18:14 1,046,528 ----a-w C:\WINDOWS\system32\MFC71LU.DLL
2008-05-26 18:13 483,328 ----a-w C:\WINDOWS\system32\muzapp.dll
2008-05-26 18:13 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll
2008-05-26 18:13 167,936 ----a-w C:\WINDOWS\system32\muzapp.exe
2008-05-26 18:13 135,168 ----a-w C:\WINDOWS\system32\muzaf1.dll
2008-05-26 18:13 118,784 ----a-w C:\WINDOWS\system32\MaDRM.dll
2008-04-15 16:11 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"TOSCDSPD"="C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:05 65536]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-20 06:16 67128]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"eMuleAutoStart"="C:\Programme\eMule\emule.exe" [2006-09-14 16:15 5001216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04 7557120]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04 49152]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"THotkey"="C:\Programme\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352]
"Tvs"="C:\Programme\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"SmoothView"="C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 11:01 118784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"LogitechCameraAssistant"="C:\Programme\Logitech\Video\CameraAssistant.exe" [2006-01-05 08:58 489472]
"LogitechVideo[inspector]"="C:\Programme\Logitech\Video\InstallHelper.exe" [2006-01-05 09:15 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-06-10 14:56 282624]
"D-Link AirPlus G"="C:\Programme\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"ANIWZCS2Service"="C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58 81920]
"SMSTray"="C:\Programme\Samsung\EmoDio\SMSTray.exe" [2008-06-26 05:44 479232]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-05-26 18:24 185896]
"Google Desktop Search"="C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-21 11:54 29744]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"nwiz"="nwiz.exe" [2006-05-01 22:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 16:16 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 17:51 192512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programme\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programme\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);C:\WINDOWS\system32\Drivers\NEOFLTR_600_12507.SYS [2007-12-28 05:23]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:34]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2007-01-09 16:16]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S1 21988230;21988230;C:\WINDOWS\system32\drivers\21988230.sys []
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-21 11:54]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [2006-10-04 08:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30455036-c60a-11dc-9fd3-00a0d1541509}]
\shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\shell\explore\command - F:\system.exe
\shell\open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549eb91c-8ee4-11db-9f5f-00a0d1541509}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{891ca1a4-7a7f-11dc-9fca-00a0d1541509}]
\Shell\AutoRun\command - E:\start.exe
\Shell\iledefrance\command - E:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3e59c74-4859-11dd-9fe0-00a0d1541509}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b5ec9a-2fb0-11dd-9fdd-00a0d1541509}]
\shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\shell\explore\command - system.exe
\shell\open\command - system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c2f215-c12f-11db-9f81-00a0d1541509}]
\shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\shell\explore\command - E:\system.exe
\shell\open\command - E:\system.exe
.
Inhalt des "geplante Tasks" Ordners

2008-07-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programme\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
.
.
------- Zus„tzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Mozilla\Firefox\Profiles\b0jq7sba.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 16:09:05
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\Programme\Toshiba\ConfigFree\NDSTray.exe
C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Programme\Toshiba\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Dokumente und Einstellungen\Renaudeau\Anwendungsdaten\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Programme\Windows Desktop Search\wds_sl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-23 16:17:31 - PC wurde neu gestartet [Renaudeau]
ComboFix-quarantined-files.txt 2008-08-23 14:17:25

Pre-Run: 8,084,406,272 Bytes frei
Post-Run: 7,983,374,336 Bytes frei

260 --- E O F --- 2008-08-19 20:48:36


merci!

Salut Dam75


Télécharge clean.zip (de Malekal) http://www.malekal.com/download/clean.zip
décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier Clean

- Ouvre le dossier Clean double-clic sur clean.cmd ou clean
- Choisis l'option 1 valide par Entrée.
- Laisse le scan se dérouler
- Poste le rapport ici dans ta prochaine réponse.
- Le rapport ce trouve également ici C:\rapport_clean.txt

Un tuto : http://mickael.barroux.free.fr/securite/clean.php


@++

voila ce que contient le rapport !


23/08/2008 a 16:49:17,03

*** Recherche C:

*** Recherche C:\WINDOWS\

*** Recherche C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche C:\Programme

Salut Dam75


1- Redémarre ton PC en mode sans échec

Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session et non la session Administrateur


- Ouvre le dossier Clean double-clic sur clean.cmd ou clean
- Choisis l'option 2 valide par Entrée.
- Laisse le scan se dérouler.
- Un rapport sera généré sauvegarde le.


2- Redémarre en mode normal

-Poste le rapport de Clean


Refais un scan avec Antivir et poste le rapport


@++

Voici les deux rapports :

- rapport de clean :

Script executed in Safe Mode
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 23/08/2008 a 17:06:50,78

Microsoft Windows XP [Version 5.1.2600]

*** Suppression C:

*** Suppression C:\WINDOWS\

*** Suppression C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression C:\Programme

*** Deletion of the registry keys successful..
*** End of the report !

---

rapport d'antivir :

Avira AntiVir Personal
Report file date: samedi 23 août 2008 19:00

Scanning for 1567932 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Renaudeau
Computer name: DAMIEN

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 22:08:17
ANTIVIR3.VDF : 7.0.6.58 236032 Bytes 22/08/2008 22:08:20
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 22/08/2008 22:08:38
AESCN.DLL : 8.1.0.23 119156 Bytes 22/08/2008 22:08:36
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 22/08/2008 22:08:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 22/08/2008 22:08:33
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 22/08/2008 22:08:32
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 22/08/2008 22:08:27
AEEMU.DLL : 8.1.0.7 430452 Bytes 22/08/2008 22:08:23
AECORE.DLL : 8.1.1.8 172406 Bytes 22/08/2008 22:08:21
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 22/08/2008 22:08:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\programme\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 23 août 2008 19:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SSScsiSV.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SSAAD.exe' - '1' Module(s) have been scanned
Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
Scan process 'AirGCFG.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned
Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'CFSServ.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'Toshiba.exe' - '1' Module(s) have been scanned
Scan process 'THotkey.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NetMDSB.exe' - '1' Module(s) have been scanned
Scan process 'MZCCntrl.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
77 processes with 77 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '94' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Das Gerät ist nicht bereit.


End of the scan: samedi 23 août 2008 19:40
Used time: 40:05 Minute(s)

The scan has been done completely.

7748 Scanning directories
333300 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
333298 Files not concerned
8386 Archives were scanned
2 Warnings
0 Notes

Merci beaucoup!

Salut Dam75


As-tu d'autre souci?


@++

ecoute pour le moment tout semble ok, je nai plus dalerte de la part d'antivir!
je ne sais pas si tu as dautres conseils, mais dans tous les cas un grand merci pour ton aide extremement precieuse !!!!!

bonne continuation!

Salut Dam75


Tout est OK pour moi, on va faire un petit nettoyage de ton PC en supprimant les utilitaires téléchargés :

Double-clique sur OTMoveIt2.exe sur le bureau

Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a Internet, Autorise le.

Une liste apparaît dans la partie gauche d'OTmoveIT.

Un message apparaît pour confirmer le nettoyage. Confirme.

Tu pourras aussi supprimer tous les rapports qui on été généré lors de la désinfection.


-----


- Je te donne quelques consignes de sécurité :

- Windows Update parfaitement à jour http://www.windowsupdate.com/ (catégories critique, Services Pack et Services Release)
- pare-feu bien paramétré
- antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
- une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
- une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
- scan hebdomadaire antispyware
- un contôle régulier de la console JAVA pour s'assurer qu'elle est à jour http://www.java.com/en/download/help/testvm.xml
- un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
http://www.malekal.com/scan_vulnerabilite.php


Si tu considère ton problème comme résolu, édite ton premier poste et ajoute [résolu] dans le titre.


@++

derniere question :
- quel spyware me conseilles-tu ?
- y a-t-il une manipulation speciale a faire pour parametrer le pare-feu ?
- pour le nettoyage du systeme, notamment le nettoyage de la base de registre et scandisk, faut-il utiliser des logiciels particuliers ?

merci!

Salut Dam75


Comme Pare feu je te conseil : ZoneAlarm

- Anti-spyware ---> Spybot - Search & Destroy , SpySweeper

- Anti-Malware ---> MalwareByte's


Un site a visité : http://www.malekal.com/menu_windows_securite.php


@++