Votre question

infection par tratBHO

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Février 2008 19:05:02

Bonsoir,

J'ai pu constaté en lisant pas mal de sujets sur ce forum que bon nombre de personnes sont infectées par le virus tratBHO. Je fais également parti de cette longue liste de personnes et je n'ai pas vu de méthode particulière pour en venir à bout. J'ai installé quelques applications mais le virus persiste et moi je me décourage, alors est-ce que quelqu'un pourrait-il m'aider?

Merci!

Autres pages sur : infection tratbho

11 Février 2008 19:07:26

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
Contenus similaires
11 Février 2008 19:22:52

Merci pour l'aide!
voilà le rapport HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:04, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.aliceadsl.fr/default.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{564C5611-6834-4DBF-8009-D055CD1CE88A}: NameServer = 212.217.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A46F940E-E772-42A9-98D6-16A413801516}: NameServer = 212.217.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7434 bytes
11 Février 2008 19:25:34

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
11 Février 2008 19:29:48

Je l'ai fait un peu plus tôt (y a 30 min)avec ma protection résidente désactivée :

ComboFix 08-02-11.2 - Standard 2008-02-11 18:50:02.2 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
Endroit: D:\Download\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
.

2008-02-11 18:35 . 2008-02-11 18:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 18:35 . 2008-02-11 18:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 21:10 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-02-08 20:59 . 2008-02-08 20:59 <REP> d-------- C:\VundoFix Backups
2008-02-02 18:22 . 2008-02-02 18:22 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Documents and Settings\Standard\Application Data\Spyware Terminator
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-02 15:54 . 2008-02-02 15:54 <REP> d-------- C:\Program Files\Lavasoft
2008-02-02 15:54 . 2008-02-02 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 15:53 . 2008-02-02 15:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-02 15:41 . 2008-02-02 15:41 <REP> d-------- C:\Program Files\CCleaner
2008-01-29 23:09 . 2008-01-29 23:09 <REP> d--hs---- C:\FOUND.003
2008-01-16 00:38 . 2008-01-16 00:38 <REP> d-------- C:\Program Files\Trend Micro
2008-01-15 19:48 . 2008-01-15 19:48 <REP> d-------- C:\WINDOWS\report
2008-01-15 19:48 . 2008-01-15 19:47 35,063,081 --a------ C:\WINDOWS\LPT$VPN.945
2008-01-15 19:47 . 2008-01-15 19:47 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-15 19:47 . 2008-01-15 19:47 35,063,081 --a------ C:\WINDOWS\VPTNFILE.945
2008-01-15 19:47 . 2008-01-15 19:47 1,909,671 --a------ C:\WINDOWS\tsc.ptn
2008-01-15 19:47 . 2008-01-15 19:47 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-15 19:47 . 2008-01-15 19:47 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-15 19:47 . 2008-01-15 19:47 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-15 19:47 . 2008-01-15 19:47 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-15 19:47 . 2008-01-16 00:34 823 --a------ C:\WINDOWS\tsc.ini
2008-01-15 19:44 . 2008-01-15 19:44 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-15 19:44 . 2008-01-15 19:44 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-15 19:44 . 2008-01-15 19:44 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-15 19:43 . 2008-01-15 19:43 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-15 19:43 . 2008-01-15 19:43 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-15 19:43 . 2008-01-15 19:43 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-15 19:23 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-15 19:23 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-15 19:22 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-15 19:22 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-15 19:22 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-01-15 19:22 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-15 19:22 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-15 19:22 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-01-15 19:22 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-15 19:20 . 2001-08-17 21:28 687,999 --a------ C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2008-01-15 19:19 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-15 19:18 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-15 19:17 . 2004-08-05 14:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-15 19:16 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-01-15 19:15 . 2001-08-23 16:57 286,848 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-15 19:14 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-15 19:13 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-15 19:12 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-15 19:11 . 2004-08-04 00:54 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-15 19:10 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-15 19:09 . 2004-08-05 14:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-15 19:08 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-15 19:07 . 2004-08-04 00:54 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-01-15 19:06 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-15 19:05 . 2004-08-05 14:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-15 19:04 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-15 19:03 . 2004-08-05 14:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-01-15 19:02 . 2004-08-05 14:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-15 19:01 . 2004-08-05 14:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-15 19:00 . 2004-08-05 14:00 10,096,640 --a------ C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-15 18:59 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-15 18:58 . 2001-08-17 20:15 455,680 --a------ C:\WINDOWS\system32\dllcache\fus2base.sys
2008-01-15 18:57 . 2001-08-23 17:16 630,016 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
2008-01-15 18:56 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-15 18:55 . 2001-08-23 17:47 422,429 --a------ C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-01-15 18:54 . 2004-08-05 14:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-15 18:53 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-15 18:52 . 2004-08-04 00:54 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-01-15 18:51 . 2001-08-23 17:46 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-15 00:10 . 2008-01-15 00:10 <REP> d-------- C:\Documents and Settings\Standard\Application Data\reparateurdesysteme
2008-01-15 00:05 . 2008-01-15 00:05 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-15 00:05 . 2008-01-15 00:05 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-01-12 09:35 . 2008-01-12 09:35 1,057,955 ---hs---- C:\WINDOWS\system32\oorephjr.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 19:19 27,264 ----a-w C:\WINDOWS\system32\vdfnqflt.exe
2007-12-14 17:19 --------- d-----w C:\Program Files\ReflexiveArcade
2007-12-14 17:19 --------- d-----w C:\Program Files\Boulder Dash
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 23:13 314,624 ----a-w C:\WINDOWS\system32\jkhfd.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2006-08-01 17:09 19,648 ----a-w C:\Documents and Settings\Standard\Application Data\GDIPFONTCACHEV1.DAT
2007-01-02 18:00 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-11-01 21:56 56 --sh--r C:\WINDOWS\system32\7C291D1F81.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBB90463-4580-48AB-A611-2C20DB9B1EAD}]
2007-12-13 00:13 314624 --a------ C:\WINDOWS\system32\jkhfd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-04-12 07:17 102400]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-20 08:07 90112 C:\WINDOWS\SoundMan.exe]
"Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-03-02 21:52 57344]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 09:23 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 09:23 688218]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 21:05 339968]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31 356352]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-31 03:07 155648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvurqr]
tuvurqr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhfd.dll

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-19 13:49]
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-19 13:49]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 12:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71132432-af98-11db-86ed-0012f0db7d12}]
\Shell\AutoRun\command - I:\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 18:55:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\jkhfd.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\jkhfd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-11 18:57:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-11 17:57:26
ComboFix2.txt 2008-02-10 00:25:50
.
2008-01-08 23:58:19 --- E O F ---
11 Février 2008 19:31:18

désolé pour la barre de défilement!

je remets :

Je l'ai fait un peu plus tôt (y a 30 min)avec ma protection résidente désactivée :

ComboFix 08-02-11.2 - Standard 2008-02-11 18:50:02.2 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
Endroit: D:\Download\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
.

2008-02-11 18:35 . 2008-02-11 18:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 18:35 . 2008-02-11 18:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 21:10 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-02-08 20:59 . 2008-02-08 20:59 <REP> d-------- C:\VundoFix Backups
2008-02-02 18:22 . 2008-02-02 18:22 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Documents and Settings\Standard\Application Data\Spyware Terminator
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-02 15:54 . 2008-02-02 15:54 <REP> d-------- C:\Program Files\Lavasoft
2008-02-02 15:54 . 2008-02-02 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 15:53 . 2008-02-02 15:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-02 15:41 . 2008-02-02 15:41 <REP> d-------- C:\Program Files\CCleaner
2008-01-29 23:09 . 2008-01-29 23:09 <REP> d--hs---- C:\FOUND.003
2008-01-16 00:38 . 2008-01-16 00:38 <REP> d-------- C:\Program Files\Trend Micro
2008-01-15 19:48 . 2008-01-15 19:48 <REP> d-------- C:\WINDOWS\report
2008-01-15 19:48 . 2008-01-15 19:47 35,063,081 --a------ C:\WINDOWS\LPT$VPN.945
2008-01-15 19:47 . 2008-01-15 19:47 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-15 19:47 . 2008-01-15 19:47 35,063,081 --a------ C:\WINDOWS\VPTNFILE.945
2008-01-15 19:47 . 2008-01-15 19:47 1,909,671 --a------ C:\WINDOWS\tsc.ptn
2008-01-15 19:47 . 2008-01-15 19:47 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-15 19:47 . 2008-01-15 19:47 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-15 19:47 . 2008-01-15 19:47 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-15 19:47 . 2008-01-15 19:47 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-15 19:47 . 2008-01-16 00:34 823 --a------ C:\WINDOWS\tsc.ini
2008-01-15 19:44 . 2008-01-15 19:44 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-15 19:44 . 2008-01-15 19:44 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-15 19:44 . 2008-01-15 19:44 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-15 19:43 . 2008-01-15 19:43 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-15 19:43 . 2008-01-15 19:43 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-15 19:43 . 2008-01-15 19:43 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-15 19:23 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-15 19:23 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-15 19:22 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-15 19:22 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-15 19:22 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-01-15 19:22 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-15 19:22 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-15 19:22 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-01-15 19:22 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-15 19:20 . 2001-08-17 21:28 687,999 --a------ C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2008-01-15 19:19 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-15 19:18 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-15 19:17 . 2004-08-05 14:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-15 19:16 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-01-15 19:15 . 2001-08-23 16:57 286,848 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-15 19:14 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-15 19:13 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-15 19:12 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-15 19:11 . 2004-08-04 00:54 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-15 19:10 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-15 19:09 . 2004-08-05 14:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-15 19:08 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-15 19:07 . 2004-08-04 00:54 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-01-15 19:06 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-15 19:05 . 2004-08-05 14:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-15 19:04 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-15 19:03 . 2004-08-05 14:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-01-15 19:02 . 2004-08-05 14:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-15 19:01 . 2004-08-05 14:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-15 19:00 . 2004-08-05 14:00 10,096,640 --a------ C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-15 18:59 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-15 18:58 . 2001-08-17 20:15 455,680 --a------ C:\WINDOWS\system32\dllcache\fus2base.sys
2008-01-15 18:57 . 2001-08-23 17:16 630,016 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
2008-01-15 18:56 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-15 18:55 . 2001-08-23 17:47 422,429 --a------ C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-01-15 18:54 . 2004-08-05 14:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-15 18:53 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-15 18:52 . 2004-08-04 00:54 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-01-15 18:51 . 2001-08-23 17:46 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-15 00:10 . 2008-01-15 00:10 <REP> d-------- C:\Documents and Settings\Standard\Application Data\reparateurdesysteme
2008-01-15 00:05 . 2008-01-15 00:05 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-15 00:05 . 2008-01-15 00:05 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-01-12 09:35 . 2008-01-12 09:35 1,057,955 ---hs---- C:\WINDOWS\system32\oorephjr.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 19:19 27,264 ----a-w C:\WINDOWS\system32\vdfnqflt.exe
2007-12-14 17:19 --------- d-----w C:\Program Files\ReflexiveArcade
2007-12-14 17:19 --------- d-----w C:\Program Files\Boulder Dash
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 23:13 314,624 ----a-w C:\WINDOWS\system32\jkhfd.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2006-08-01 17:09 19,648 ----a-w C:\Documents and Settings\Standard\Application Data\GDIPFONTCACHEV1.DAT
2007-01-02 18:00 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-11-01 21:56 56 --sh--r C:\WINDOWS\system32\7C291D1F81.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBB90463-4580-48AB-A611-2C20DB9B1EAD}]
2007-12-13 00:13 314624 --a------ C:\WINDOWS\system32\jkhfd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-04-12 07:17 102400]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-20 08:07 90112 C:\WINDOWS\SoundMan.exe]
"Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-03-02 21:52 57344]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 09:23 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 09:23 688218]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 21:05 339968]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31 356352]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-31 03:07 155648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvurqr]
tuvurqr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhfd.dll

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-19 13:49]
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-19 13:49]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 12:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71132432-af98-11db-86ed-0012f0db7d12}]
\Shell\AutoRun\command - I:\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 18:55:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\jkhfd.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\jkhfd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-11 18:57:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-11 17:57:26
ComboFix2.txt 2008-02-10 00:25:50
.
2008-01-08 23:58:19 --- E O F ---
11 Février 2008 19:52:28

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\oorephjr.tmp
C:\WINDOWS\system32\vdfnqflt.exe
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\tuvurqr.dll

Folder::
C:\VundoFix Backups
C:\FOUND.003
C:\Documents and Settings\Standard\Application Data\reparateurdesysteme
C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
C:\Program Files\reparateurdesysteme

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBB90463-4580-48AB-A611-2C20DB9B1EAD}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvurqr]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
11 Février 2008 20:07:34

Merci pour ton aide!
Voilà les rapports :

1) Rapport Combofix.txt :

ComboFix 08-02-11.2 - Standard 2008-02-11 19:58:08.3 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.213 [GMT 1:00]
Endroit: C:\Documents and Settings\Standard\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Standard\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\oorephjr.tmp
C:\WINDOWS\system32\tuvurqr.dll
C:\WINDOWS\system32\vdfnqflt.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkhfd.dll
C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
C:\Documents and Settings\All Users\Application Data\reparateurdesysteme\Data\ac
C:\Documents and Settings\All Users\Application Data\reparateurdesysteme\Data\em
C:\Documents and Settings\All Users\Application Data\reparateurdesysteme\Data\oid
C:\Documents and Settings\All Users\Application Data\reparateurdesysteme\Data\user
C:\Documents and Settings\Standard\Application Data\reparateurdesysteme
C:\Documents and Settings\Standard\Application Data\reparateurdesysteme\Logs\update.log
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\oorephjr.tmp
C:\WINDOWS\system32\vdfnqflt.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
.

2008-02-11 18:35 . 2008-02-11 18:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 18:35 . 2008-02-11 18:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-10 01:17 . 2004-08-05 14:00 400,896 --a------ C:\kmd.exe
2008-02-08 21:10 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Documents and Settings\Standard\Application Data\Spyware Terminator
2008-02-02 16:25 . 2008-02-02 16:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-02 15:54 . 2008-02-02 15:54 <REP> d-------- C:\Program Files\Lavasoft
2008-02-02 15:54 . 2008-02-02 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 15:53 . 2008-02-02 15:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-02 15:41 . 2008-02-02 15:41 <REP> d-------- C:\Program Files\CCleaner
2008-01-16 00:38 . 2008-01-16 00:38 <REP> d-------- C:\Program Files\Trend Micro
2008-01-15 19:48 . 2008-01-15 19:48 <REP> d-------- C:\WINDOWS\report
2008-01-15 19:48 . 2008-01-15 19:47 35,063,081 --a------ C:\WINDOWS\LPT$VPN.945
2008-01-15 19:47 . 2008-01-15 19:47 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-15 19:47 . 2008-01-15 19:47 35,063,081 --a------ C:\WINDOWS\VPTNFILE.945
2008-01-15 19:47 . 2008-01-15 19:47 1,909,671 --a------ C:\WINDOWS\tsc.ptn
2008-01-15 19:47 . 2008-01-15 19:47 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-15 19:47 . 2008-01-15 19:47 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-15 19:47 . 2008-01-15 19:47 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-15 19:47 . 2008-01-15 19:47 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-15 19:47 . 2008-01-16 00:34 823 --a------ C:\WINDOWS\tsc.ini
2008-01-15 19:44 . 2008-01-15 19:44 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-15 19:44 . 2008-01-15 19:44 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-15 19:44 . 2008-01-15 19:44 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-15 19:43 . 2008-01-15 19:43 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-15 19:43 . 2008-01-15 19:43 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-15 19:43 . 2008-01-15 19:43 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-15 19:23 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-15 19:23 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-15 19:22 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-15 19:22 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-15 19:22 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-01-15 19:22 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-15 19:22 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-15 19:22 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-01-15 19:22 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-15 19:20 . 2001-08-17 21:28 687,999 --a------ C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2008-01-15 19:19 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-15 19:18 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-15 19:17 . 2004-08-05 14:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-15 19:16 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-01-15 19:15 . 2001-08-23 16:57 286,848 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-15 19:14 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-15 19:13 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-15 19:12 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-15 19:11 . 2004-08-04 00:54 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-15 19:10 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-15 19:09 . 2004-08-05 14:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-15 19:08 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-15 19:07 . 2004-08-04 00:54 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-01-15 19:06 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-15 19:05 . 2004-08-05 14:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-15 19:04 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-15 19:03 . 2004-08-05 14:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-01-15 19:02 . 2004-08-05 14:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-15 19:01 . 2004-08-05 14:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-15 19:00 . 2004-08-05 14:00 10,096,640 --a------ C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-15 18:59 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-15 18:58 . 2001-08-17 20:15 455,680 --a------ C:\WINDOWS\system32\dllcache\fus2base.sys
2008-01-15 18:57 . 2001-08-23 17:16 630,016 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
2008-01-15 18:56 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-15 18:55 . 2001-08-23 17:47 422,429 --a------ C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-01-15 18:54 . 2004-08-05 14:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-15 18:53 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-15 18:52 . 2004-08-04 00:54 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-01-15 18:51 . 2001-08-23 17:46 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-15 00:05 . 2008-01-15 00:05 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 17:19 --------- d-----w C:\Program Files\ReflexiveArcade
2007-12-14 17:19 --------- d-----w C:\Program Files\Boulder Dash
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2006-08-01 17:09 19,648 ----a-w C:\Documents and Settings\Standard\Application Data\GDIPFONTCACHEV1.DAT
2007-01-02 18:00 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-11-01 21:56 56 --sh--r C:\WINDOWS\system32\7C291D1F81.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-04-12 07:17 102400]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-20 08:07 90112 C:\WINDOWS\SoundMan.exe]
"Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-03-02 21:52 57344]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 09:23 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 09:23 688218]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 21:05 339968]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31 356352]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-31 03:07 155648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhfd.dll

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-19 13:49]
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-19 13:49]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 12:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71132432-af98-11db-86ed-0012f0db7d12}]
\Shell\AutoRun\command - I:\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 20:02:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-11 20:03:31 - machine was rebooted
ComboFix2.txt 2008-02-11 17:57:32
ComboFix-quarantined-files.txt 2008-02-11 19:03:28
.
2008-01-08 23:58:19 --- E O F ---



2) Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.aliceadsl.fr/default.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{564C5611-6834-4DBF-8009-D055CD1CE88A}: NameServer = 212.217.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A46F940E-E772-42A9-98D6-16A413801516}: NameServer = 212.217.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7687 bytes
11 Février 2008 20:10:29

Re,

Toujours des problèmes ?

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
11 Février 2008 20:20:54

Les problèmes se manifestent régulièrement lors du démarrage (messages imitation Windows demandant d'installer des applis). Pour l'instant ça a l'air d'aller.

Merci!!!

Voici le rapport de Clean (et pas de fichier "upload_moi.zip) :

2008-02-11 a 20:15:39.34

*** Recherche des fichiers dans C:
C:\kmd.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\starter.exe FOUND
11 Février 2008 20:21:52

Ok, si ça continue, tu me le dis ;) 

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
12 Février 2008 01:32:14

Désolé! Je me suis endormi pendant le scan...

Voici le rapprt de AVG :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 01:14 2008-02-12

+ Résultat de l'analyse:



C:\QooBox\Quarantine\C\WINDOWS\system32\vdfnqflt.exe.vir -> Downloader.Firu.s : Nettoyé.
C:\System Volume Information\_restore{20D0D772-C779-48C3-8DB1-F81891405DE9}\RP9\A0000258.exe -> Downloader.Firu.s : Nettoyé.
C:\QooBox\Quarantine\catchme2008-02-11_200144.56.zip/jkhfd.dll -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.18:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.9:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.24:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.19:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.21:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.22:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@auto.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@ie.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.13:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.15:C:\Documents and Settings\Standard\Application Data\Mozilla\Firefox\Profiles\9nkyu9k1.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Standard\Cookies\standard@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport


et pour "Clean" j'ai lancé l'étape 2 puis j'ai relancé l'étape 1. Du coup voici le rapport :

2008-02-12 a 1:19:51.56

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32



... encore merci pour ton aide!
je vais me couché (recouché même). Si tu pense qu'il reste des choses à faire n'hésite pas, je me reconnecterai demain ou plutôt ce soir (1h du mat')... lol
@+
12 Février 2008 18:37:12

Reposte un Hijackthis
13 Février 2008 00:40:04

salut.
désolé! abonné aux absents ce soir et demain...
voici le rapport HiJackThis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:37, on 2008-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.aliceadsl.fr/default.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{564C5611-6834-4DBF-8009-D055CD1CE88A}: NameServer = 212.217.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A46F940E-E772-42A9-98D6-16A413801516}: NameServer = 212.217.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8041 bytes
13 Février 2008 17:50:42

Re,

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
14 Février 2008 23:11:37

Salut,

Juste au passage, j'voulais te dire MERCI pour ton aide...

Voici le rapport de Antivir (après MAJ de Antivir) :



AntiVir PersonalEdition Classic
Report file date: 2008-02-14 22:31

Scanning for 1109375 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: JOBAR

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 21:29:40
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 21:29:40
ANTIVIR3.VDF : 7.0.2.140 184320 Bytes 2008-02-14 21:29:40
AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 2008-02-14 21:29:40
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-14 21:29:40
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-02-14 22:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'winamp.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned
Scan process 'GUARD.EXE' - '0' Module(s) have been scanned
Scan process 'ATKOSD.EXE' - '1' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
Scan process 'DAEMON.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'AVGAS.EXE' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'QTTASK.EXE' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'WINAMPA.EXE' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{20D0D772-C779-48C3-8DB1-F81891405DE9}\RP9\A0000262.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47e4b7a0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfd.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '481cb7f6.qua'!
Begin scan in 'D:\'


End of the scan: 2008-02-14 23:08
Used time: 36:50 min

The scan has been done completely.

4735 Scanning directories
273241 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
273239 Files not concerned
6807 Archives were scanned
3 Warnings
0 Notes


15 Février 2008 07:12:04

Ça a l'air correct. Plus de problèmes ?
Reposte un Hijackthis.
15 Février 2008 17:56:48

Salut,

Pas de problemes depuis quelques jours...
Voici le rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55, on 2008-02-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.aliceadsl.fr/default.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{564C5611-6834-4DBF-8009-D055CD1CE88A}: NameServer = 212.217.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A46F940E-E772-42A9-98D6-16A413801516}: NameServer = 212.217.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7887 bytes
15 Février 2008 18:09:51

Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Vundo

Puis regarde ce dossier :

Sécurité/Prévention
15 Février 2008 18:39:13

Re,

ca y est, j'ai mis un rapport de mon infection sur Malware Complaints.

Petite question à titre informatif :
dépanner les gens sur ce forum c'est ton métier ou à titre personnel?
En tout cas chapeau pour ton efficacité et encore merci pour ton aide.

@+
15 Février 2008 18:41:12

Re,

Non c'est un passe-temps :) 

Bonne soirée
15 Février 2008 18:46:53

Merci!
Bonne continuation et bonne soirée.
Ciao
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS