Que des problèmes (virus, trojans et autres) depuis nouvelle connexion à Interne

Pour ton log attent que quelqu'un d'expérimenté l'analyse. Sinon essaye déjà d'analyser ton PC avec ewido et spybot.

Bonjour,

Installe Ewido
Lance Ewido puis mets le à jour en cliquant sur " Update Now ".

Redémarre en mode sans échec

Relance Ewido puis choisis l'onglet " Scanner "
Fais un " Complete System Scan "
** Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse **
Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.

Aide sur Ewido de Rub_Mic

Ok, j'ai fait tout ca...

Au dernier démarrage, Ewindo m'a encore détecté trois trucs (mis en quarantaine) et j'ai eu aussi le message d'erreur suivant : "Erreur de chargement de C:\WINDOWS\System32\wchshield.exe. Le module spécifié est introuvable.". Avast n'a plus affiché de virus cette fois...

Voila le rapport généré par Ewindo (a l'air très bien fait d'ailleurs ce logiciel, je ne connaissais pas) :

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:24:04 24/06/2006

+ Scan result:



HKLM\SOFTWARE\AKSoft -> Adware.AkSoft : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AKSoft\X-Tractor -> Adware.AkSoft : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bot.exe -> Backdoor.Agobot.aip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4XO6R42B\bot[1].exe -> Backdoor.Agobot.aip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\bot[1].exe -> Backdoor.Agobot.aip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5AJGHAB\bot[1].exe -> Backdoor.Agobot.aip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jimbo.exe -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jsssvc.exe -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Isass.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csrs.exe.bak -> Dropper.Paradrop.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cuthh.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yknsdw.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).
F:\Jeux vidéos - Trucs et astuces\Guild Wars Utils\Softs\Color Mix Setup.zip/Color Mix Setup/ColorMix.CAB/ColorMix.exe -> Dropper.Small.tx : Cleaned with backup (quarantined).
F:\Jeux vidéos - Trucs et astuces\Guild Wars Utils\Softs\Color Mix Setup\Color Mix Setup\ColorMix.CAB/ColorMix.exe -> Dropper.Small.tx : Cleaned with backup (quarantined).
C:\Program Files\Cowabanga\Cowabanga.exe -> Dropper.VB.nn : Cleaned with backup (quarantined).
:mozilla.398:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.399:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.400:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.401:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.177:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.310:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.417:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.512:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.139:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.291:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.292:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.294:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.107:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.108:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.10:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.150:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.590:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.200:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@ads13.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.162:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.161:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.548:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned.
:mozilla.616:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.617:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.618:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.380:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.381:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.382:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.383:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.384:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.385:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.78:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.597:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@e-2dj6wjlyghazwlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.80:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.314:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.293:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.356:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.357:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.372:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.588:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.589:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.503:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.613:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.619:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.97:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.436:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.475:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.480:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.324:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.325:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.326:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.327:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.581:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.299:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.300:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.301:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.302:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.303:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.329:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.479:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.498:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.586:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.205:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.206:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.207:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.208:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.285:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.160:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.90:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.91:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.92:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.93:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.94:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.95:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.96:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.304:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.305:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.20:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.21:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.504:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.505:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.506:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.507:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.144:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.145:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.101:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.102:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.103:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.7:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.131:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.132:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.133:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.135:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.136:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.137:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.138:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.331:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.332:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


Au fait, je n'ai pas très bien compris le "copie/colle en mode normal". Y a plusieurs façons de copier/coller ? lol

repost un log hijackthis

Voila :

Logfile of HijackThis v1.99.1
Scan saved at 12:59:00, on 25/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: bw+0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)


... et je reçois encore des messages de trojans et virus d'avast et de ewido, et maintenant j'ai en plus des boites de dialogues me disant que mon système est infecté et qu'il m'est recommandé d'installer tel ou tel antivirus, mais qui s'avère être un virus d'après avast lorsque je suis automatiquement redirigé vers leur site...

fais ca:

1/ Télécharge Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue

Redémarre en mode sans échec.
2/ Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.

Voila :

SmitFraudFix v2.65

Rapport fait à 17:54:31,21, lun. 26/06/2006
Executé à partir de C:\Documents and Settings\JC\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Je parlais du mode normal d'Ewido

(pour rendre ton log mieux lisible)
- Lance Hijackthis ->Do a system scan only
->Coche les lignes puis clique sur Fix checked:

O18 - Protocol: bw+0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

- Poste un nouveau rapport Hijackthis.

- Fais un scan en ligne Kaspersky
Aide pour le scan en ligne
Sauvegarde puis colle le rapport en fin d'analyse.

Ok, voila le nouveau rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 20:03:48, on 26/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)



Voila le rapport kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER - RAPPORT
lundi 26 juin 2006 20:57:38
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Version de Kaspersky On-line Scanner: 5.0.78.0
Dernière mise à jour de la base antivirus Kaspersky : 26/06/2006
Enregistrements dans la base antivirus Kaspersky : 190819
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie.: vrai

Cible de l'analyse - Dossiers:
C:\

Statistiques de l'analyse:
Total d'objets analysés :: 92706
Nombre de virus trouvés: 11
Nombre d'objets infectés: 58
Nombre d'objets suspects: 1
Durée de l'analyse: 00:47:11

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\JC\mrexe.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\itavi32.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\itavi32.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096182.exe Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096206.exe Infecté: Backdoor.Win32.PoeBot.c ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096283.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096310.dll Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096325.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096325.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096326.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096358.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096358.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096359.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096393.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096393.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096394.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096411.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096413.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096413.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096414.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096429.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096429.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096433.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096434.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096455.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096457.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096457.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096458.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096527.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096527.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096528.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096551.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096551.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096553.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0096922.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0096922.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0097933.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099030.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099031.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099044.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099044.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099053.exe Infecté: Trojan-Proxy.Win32.Agent.cv ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099059.exe Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099060.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099067.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099068.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099069.exe Infecté: Backdoor.Win32.PoeBot.c ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099072.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099073.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0100017.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0100018.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\116[1].avi/stream/data0001/data0002 Infecté: Trojan.Win32.Scapur.k ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\116[1].avi/stream/data0001 Infecté: Trojan.Win32.Scapur.k ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\116[1].avi/stream Infecté: Trojan.Win32.Scapur.k ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\116[1].avi NSIS: infecté - 3 ignoré
C:\WINDOWS\system32\eraseme_63663.exe Infecté: Backdoor.Win32.SdBot.aad ignoré
C:\WINDOWS\system32\i Infecté: Trojan-Downloader.BAT.Ftp.ab ignoré
C:\WINDOWS\system32\msnchecker.exe Suspect : Packed.Win32.CryptExe ignoré
C:\WINDOWS\win32.exe Infecté: Backdoor.Win32.SdBot.aad ignoré

Analyse terminée.



Et j'ai maintenant parfois un message qui me dit que le système va redémarrer automatiquement dans une minute et qu'il faut sauvegarder tout son travail. C'est demandé par AUTORITE NT\SYSTEM et il met aussi que C:\WINDOWS\system32\lsass.exe s'est mal terminé et a renvoyé le code 128... Des nouveaux virus encore et toujours ...  

Re,

Redémarre en mode sans échec

- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation

- Suppime ces fichiers ou dossiers si existe:

C:\Documents and Settings\JC\mrexe.exe
C:\itavi32.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\<- supprime tout ce que tu peux dedans
C:\WINDOWS\system32\eraseme_63663.exe
C:\WINDOWS\system32\i Infecté:
C:\WINDOWS\system32\msnchecker.exe
C:\WINDOWS\win32.exe

- Lance un nettoyage Ccleaner
Bouton "Analyse" puis "Lancer le Néttoyage"

Redémarre normalement

Désactive puis réactive la restauration du systeme.

Ensuite:

----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur " Windows Update Manager "
Chosis dans Type de démarrage l'option " Désactivé "
Clique en bas sur " Arrêter "
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete a NT Service
Tape " UpdateManager " puis valide.
----------

Supprime:
C:\WINDOWS\update\updmgr.exe

Je ne sais pas où c'est, est-ce que c'est une option qui devait s'afficher au redémarrage ?

Sinon tout le reste est fait...

Voila ce que j'avais encore au dernier démarrage :
- le message C:\WINDOWS\system32\wchshield.exe qui n'a pas pu se charger, le module spéficié est introuvable
- ewindo qui m'indique des virus même dans des programmes "standards"
- et parfois un redémarrage automatique après une minute par AUTORITE NT\SYSTEM

http://service1.symantec.com/SUPPORT/INTER/(...)

Poste un rapport Hijackthis

Ok c'est fait, et voila le rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 22:32:28, on 26/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunServices: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Et au fait, merci pour l'aide apportée jusqu'à maintenant, c'est sympa, enfin j'espère que ca va bientot être résolu quand même :-D

Tu t'es fait re-infecte, installe d'urgence un firewall:
http://www.malekal.com/kerio_firewall.html

Redémarre en mode sans échec

- Lance Hijackthis ->Do a system scan only
->Coche les lignes puis clique sur Fix checked:

O4 - HKLM\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunServices: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunServices: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\RunOnce: [Windows MS Update 32] sucker.exe

- Suppime ces fichiers ou dossiers si existe:

Dans C:\Windows ou C:\Windows\System32:
sucker.exe
et C:\WINDOWS\System32\wchshield.exe

Super, je crois bien que c'est la première fois que je vois pas de messages d'erreur au démarrage depuis que j'ai internet chez moi :-D

J'ai seulement eu ewido qui m'a encore trouvé un truc dans FireFox. Il m'affiche un truc à chaque démarrage en fait, bizarre...

Voila mon dernier log Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 23:11:23, on 26/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {694B5762-D4A1-42AA-820D-D7243BC5533A} - C:\WINDOWS\System32\sstts.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O20 - Winlogon Notify: sstts - C:\WINDOWS\System32\sstts.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Pour ce qui est des antivirus et autres firewalls, j'ai donc pour l'instant Kerio, ewido et avast qui tournent en permanence, est-ce que c'est suffisant ? Il vaut quand même mieux pas en avoir de trop non ?

Bon c'est vrai que ca va beaucoup mieux, mais j'ai encore quelques erreurs au démarrage :

- ewido qui détecte un nouveau truc à chaque démarrage dans des programmes qui devraient être surs, le dernier en date :

Malware Found : Adware.Agent C:\Program Files\Windows NT\wdialer.exe (risk medium)


- un message d'erreur relatif à Kerio apparemment :

Microsoft Visual C++ Runtime Library

Program : C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.


Des idées ?

Re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer.

Coche Run VundoFix as a task.

Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok

Clique sur le bouton Scan for Vundo.

Lorsque le scan est complété, clique sur le bouton Remove Vundo.

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Voila, le rapport VundoFix :


VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 11:20:04 2/07/2006

Listing files found while scanning....


C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
Attempting to delete C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Performing Repairs to the registry.
Done!



Et le rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 11:26:20, on 2/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Samurize\Client.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5E6A7C0C-E14B-4E4C-91D8-9BBCCE24C037} - C:\WINDOWS\System32\sstts.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Bonjour,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes puis clique sur Fix checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {5E6A7C0C-E14B-4E4C-91D8-9BBCCE24C037} - C:\WINDOWS\System32\sstts.dll (file missing)

As tu d'autres problemes ?

Et bien pour l'instant, toujours ewido qui détecte un nouveau truc à chaque démarrage dans des programmes qui devraient être surs, et encore parfois mon mot de passe qui ne passe pas à l'ouverture de session Windows, ca m'oblige à redémarrer pour que ca passe...

A part ca ca a l'air d'aller ;-)

C'est quoi l'emplacement du fichier detecte ?

Voila quelques exemples de messages que j'ai au démarrage avec ewido (1 par démarrage, ca change à chaque fois) :

Malware found
Adware.Agent
C:\Program Files\QuickTime\Sample.exe
Risk Medium

Malware found
Adware.Agent
C:\Program Files\Matroska Playback\RealMediaSplitte.exe
Risk Medium

Malware found
Adware.Agent
C:\Program Files\Media Player Classic\wmplayerc.exe
Risk Medium

...

Je crois que tu as un virus qui infecte tes .exe....inquietant.

Étape 1:

Crée un dossier que tu vas nommer Sysclean Package dans C:\Program Files par exemple.

Désactive, le temps de la procédure, tous les contrôleurs d'intégrité
(si présents) comme le tea timer de Spybot, Process Guard, Hanti hook,
Winpooch, etc..

Note: Les possesseurs d'Avast antivirus ne doivent pas utiliser Sysclean autrement qu'en mode sans échec car Avast considère sysclean.com comme infecté par le virus VBS:Redlof !!Pour scanner le pc en mode normal(en cas de problème pour accéder au mode sans échec) il faudra désactiver Avast le temps du scan pour éviter tout conflit.(cette remarque peut être valable pour d'autres antivirus!)

Étape 2:

Télécharge Sysclean Package et enregistre le dans le dossier que tu viens de créer.

Étape 3: Mise à jour.

Rends toi à la page suivante:Controlled Pattern Release,et accepte le disclaimer en cliquant sur I Accept.

Une nouvelle fenêtre vas s'ouvrir:télécharge le fichier nommé lptXXX.zip (ou X représente la version du fichier,c'est le premier de la liste.),et dézippe le dans le dossier que tu viens de créer.

Étape 4:

Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".)
Choisir le compte usuel (et non Administrateur).
En cas de problème , appliquer la procédure de Symantec "Comment démarrer l'ordinateur en mode sans échec"

Étape 5:

Comment utiliser Trend Micro Sysclean Package :

Lance le fichier "Sysclean" par un double clic. Une fenêtre nommée "Trend Micro Sysclean Package" va s'ouvrir.

coche la case "Automatically clean or delete detected files"

Clique sur le bouton Scan

Patiente le scan peut prendre du temps!

Une fois le scan terminé, clique sur le bouton View Log .Sauvegarde le rapport au format texte qui a été généré.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.

Et au passage, désactive la réstauration système, parce que, quand on voit ça :-o :-o :-o

C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096182.exe Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096206.exe Infecté: Backdoor.Win32.PoeBot.c ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096283.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096310.dll Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096325.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096325.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096326.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096358.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096358.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096359.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096393.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096393.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096394.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096411.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096413.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096413.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096414.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096429.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096429.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096433.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096434.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096455.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096457.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096457.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096458.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096527.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096527.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096528.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096551.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096551.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096553.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0096922.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0096922.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0097933.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099030.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099031.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099044.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099044.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099053.exe Infecté: Trojan-Proxy.Win32.Agent.cv ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099059.exe Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099060.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099067.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099068.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099069.exe Infecté: Backdoor.Win32.PoeBot.c ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099072.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099073.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0100017.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0100018.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré

Ca fait peur ^^

Il reste au moins 10 virus dans la restoration,

Tu peux faire démarrer sur poste de travail tu fais clique droit => propriété =>onglet restauration du systeme => coche désactivé la restauration du système.

Ensuite tu refait ton analyse antivirus tu élimines les virus détecté et seulement après tu réactives la réstauration système :-D