éiminer Win32:Trojan-gen. {UPX!}

Bonjour,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.

Voici le contenu du fichier report.txt :

SDFix: Version 1.155

Run by hervault jules on 10/03/2008 at 23:35

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\HERVAU~1\Bureau\DSINFE~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\0exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\10exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\10exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\11exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\13exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\13exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\15exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\16exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\18exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\18exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\19exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\19exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\1exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\1exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\21exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\21exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\22exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\22exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\23exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\23exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\25exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\28exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\28exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\29exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\2exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\30exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\31exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\31exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\32exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\33exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\33exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\34exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\34exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\36exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\38exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\38exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\42exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\43exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\43exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\44exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\48exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\48exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\49exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\4exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\4exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\50exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\50exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\51exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\51exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\52exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\53exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\54exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\55exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\57exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\58exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\58exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\59exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\60exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\61exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\62exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\64exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\64exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\65exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\66exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\66exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\67exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\67exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\68exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\69exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\6exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\71exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\72exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\74exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\74exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\75exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\75exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\76exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\77exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\78exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\79exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\7exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\80exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\80exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\81exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\82exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\83exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\84exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\84exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\86exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\87exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\88exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\89exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\89exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\8exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\90exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\90exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\91exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\92exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\93exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\95exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\96exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\97exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\99exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml19.exe - Deleted
C:\WINDOWS\system\smvss.exe - Deleted


Could Not Remove C:\autorun.inf



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 23:50:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:a92210cc
"s2"=dword:a3818a1b
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,12,17,54,a6,c0,21,b0,25,1f,7f,d2,6d,ff,9e,f8,6d,da,cf,8a,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,02,ef,f5,3d,65,22,fa,ac,14,41,c4,90,cc,ca,22,82,..
"khjeh"=hex:93,69,f5,7f,26,cb,1e,6a,97,61,2d,a9,f9,b9,56,d2,14,35,34,f0,14,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,19,83,b3,5a,d0,0c,ef,e9,92,3b,1e,8a,47,e0,f3,95,67,1b,0b,a7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,12,17,54,a6,c0,21,b0,25,1f,7f,d2,6d,ff,9e,f8,6d,da,cf,8a,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,02,ef,f5,3d,65,22,fa,ac,14,41,c4,90,cc,ca,22,82,..
"khjeh"=hex:93,69,f5,7f,26,cb,1e,6a,97,61,2d,a9,f9,b9,56,d2,14,35,34,f0,14,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,19,83,b3,5a,d0,0c,ef,e9,92,3b,1e,8a,47,e0,f3,95,67,1b,0b,a7,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000045

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 33


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled ANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

C:\autorun.inf Found

File Backups: - C:\DOCUME~1\HERVAU~1\Bureau\DSINFE~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 22 Jun 2006 215 A.SHR --- "C:\BOOT.BAK"
Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 23 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Apr 2007 37,888 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL0635.tmp"
Sun 19 Nov 2006 35,840 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL1157.tmp"
Sun 9 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL1462.tmp"
Sun 29 Apr 2007 26,112 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL2995.tmp"
Sat 24 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL3597.tmp"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Thu 25 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Sat 16 Feb 2008 1,035 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\xzvYfyupcepPG68\sujSrrpTjQQ.tmp"
Tue 17 Apr 2007 29,696 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\ModŠles\~WRL0176.tmp"
Sat 24 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0003.tmp"
Sun 9 Dec 2007 26,624 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0004.tmp"
Sat 24 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0005.tmp"
Sat 24 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0012.tmp"
Sat 24 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0412.tmp"
Sat 24 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0446.tmp"
Sun 29 Apr 2007 38,400 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0530.tmp"
Sun 29 Apr 2007 34,816 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1049.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1689.tmp"
Sat 24 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1804.tmp"
Sun 9 Dec 2007 26,624 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1825.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1939.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL2128.tmp"
Sat 24 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL2968.tmp"
Sat 24 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL3867.tmp"
Sun 29 Apr 2007 34,816 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL4020.tmp"
Thu 24 Jan 2008 1,745 ...HR --- "C:\Documents and Settings\hervault jules\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Fri 24 Jun 2005 1,121 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\UXI0WYQy19R0F\kF6Tz2ZRIJ.tmp"
Thu 30 Nov 2006 257,536 A.SH. --- "C:\Documents and Settings\hervault jules\Mes documents\Docs\Cours A2\ann‚e 2007 2008\pas en cours\SP\droit administratif\~WRL3147.tmp"
Mon 4 Dec 2006 253,952 A.SH. --- "C:\Documents and Settings\hervault jules\Mes documents\Docs\Cours A2\ann‚e 2007 2008\pas en cours\SP\droit administratif\~WRL3407.tmp"

Finished!


Et voici le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:58:45, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Recycler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dlcccoms.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Recycled] C:\WINDOWS\system32\Recycler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA­9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA­9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.mediapluspro.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacCo...
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.wtv-zone.com/whales/images/clapton/clapton17...

End of file - 10359 bytes

C'est mieux non ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

J'ai toujours le virus. Je n'y connaiS rien mais j'ai comme l'impression qu'il se loge,à la base, dans mon disque dur externe car le message d'alerte apparait au démarrage de l'ordinateur en même temps que s'affiche une fenêtre avec le contenu de mon disque dur externe. D'autant plus que cette fenêtre ne s'affichait pas toute seule au démarrage d'habitude, mais lorsque je connectait, le disque dur et seulement après que windows m'ait demandé l'action a effectué... Voilà... Enfin en tout cas le virus est toujours là uisque j'ai eu une alerte dès le redémarrage de l'ordinateur.

Quoi ?!

Et bien, j'ai fait tout ce que tu m'as dit de faire avec SDfix et le redémarrage en mode sans échec, mais ça n'a pas changé grand chose vu que, dès que j'ai relancé mon PC, avast m'a remis un message d'alerte pour le même virus.

Et en fait, je pense que ça serait mon disque dur externe qui serait infecté car l'alerte ne s'affiche qu'au moment ou j'ouvre ce disque dur externe, ou au démarrage de windows, lorsque celui-ci s'ouvre tout seul (ce qui n'est pas normal)...

Voilà, donc en gros j'ai toujours le même problème...

Tu as fait ce que j'ai dit avec AntiVir ?

Merci pour ton aide, mais finalement j'ai un ami qui est venu chez moi régler ça...Il n'y a plus de problème...

Merci encore...

Si tu le dis.