Que des problèmes (virus, trojans et autres) depuis nouvelle connexion à Interne

Pour ton log attent que quelqu'un d'expérimenté l'analyse. Sinon essaye déjà d'analyser ton PC avec ewido et spybot.

Ok, j'ai fait tout ca...

Au dernier démarrage, Ewindo m'a encore détecté trois trucs (mis en quarantaine) et j'ai eu aussi le message d'erreur suivant : "Erreur de chargement de C:\WINDOWS\System32\wchshield.exe. Le module spécifié est introuvable.". Avast n'a plus affiché de virus cette fois...

Voila le rapport généré par Ewindo (a l'air très bien fait d'ailleurs ce logiciel, je ne connaissais pas) :

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:24:04 24/06/2006

+ Scan result:



HKLM\SOFTWARE\AKSoft -> Adware.AkSoft : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AKSoft\X-Tractor -> Adware.AkSoft : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bot.exe -> Backdoor.Agobot.aip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4XO6R42B\bot[1].exe -> Backdoor.Agobot.aip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\bot[1].exe -> Backdoor.Agobot.aip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5AJGHAB\bot[1].exe -> Backdoor.Agobot.aip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wchshield.exe -> Backdoor.Cloner : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jimbo.exe -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jsssvc.exe -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Isass.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csrs.exe.bak -> Dropper.Paradrop.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cuthh.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yknsdw.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).
F:\Jeux vidéos - Trucs et astuces\Guild Wars Utils\Softs\Color Mix Setup.zip/Color Mix Setup/ColorMix.CAB/ColorMix.exe -> Dropper.Small.tx : Cleaned with backup (quarantined).
F:\Jeux vidéos - Trucs et astuces\Guild Wars Utils\Softs\Color Mix Setup\Color Mix Setup\ColorMix.CAB/ColorMix.exe -> Dropper.Small.tx : Cleaned with backup (quarantined).
C:\Program Files\Cowabanga\Cowabanga.exe -> Dropper.VB.nn : Cleaned with backup (quarantined).
:mozilla.398:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.399:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.400:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.401:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.177:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.310:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.417:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.512:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.139:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.291:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.292:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.294:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.107:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.108:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.10:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.150:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.590:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.200:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@ads13.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.158:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.162:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.161:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.548:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned.
:mozilla.616:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.617:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.618:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.380:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.381:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.382:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.383:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.384:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.385:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.78:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.597:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@e-2dj6wjlyghazwlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.80:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.314:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.293:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.356:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.357:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.372:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.588:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.589:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.503:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.613:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.619:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.97:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.436:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.475:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.480:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.324:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.325:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.326:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.327:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.581:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.299:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.300:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.301:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.302:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.303:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.329:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.479:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.498:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.586:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.205:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.206:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.207:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.208:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.285:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.160:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.90:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.91:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.92:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.93:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.94:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.95:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.96:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.304:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.305:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.20:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.21:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.504:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.505:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.506:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.507:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.144:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.145:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.101:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.102:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.103:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.7:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.131:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.132:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.133:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.135:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.136:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.137:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.138:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JC\Cookies\jc@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.331:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.332:C:\Documents and Settings\JC\Application Data\Mozilla\Firefox\Profiles\rcb2avl6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


Au fait, je n'ai pas très bien compris le "copie/colle en mode normal". Y a plusieurs façons de copier/coller ? lol

Voila :

Logfile of HijackThis v1.99.1
Scan saved at 12:59:00, on 25/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: bw+0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DF472513-0A64-4E10-9EFB-627285743ECC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)


... et je reçois encore des messages de trojans et virus d'avast et de ewido, et maintenant j'ai en plus des boites de dialogues me disant que mon système est infecté et qu'il m'est recommandé d'installer tel ou tel antivirus, mais qui s'avère être un virus d'après avast lorsque je suis automatiquement redirigé vers leur site...

Voila :

SmitFraudFix v2.65

Rapport fait à 17:54:31,21, lun. 26/06/2006
Executé à partir de C:\Documents and Settings\JC\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Ok, voila le nouveau rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 20:03:48, on 26/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)



Voila le rapport kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER - RAPPORT
lundi 26 juin 2006 20:57:38
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Version de Kaspersky On-line Scanner: 5.0.78.0
Dernière mise à jour de la base antivirus Kaspersky : 26/06/2006
Enregistrements dans la base antivirus Kaspersky : 190819
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie.: vrai

Cible de l'analyse - Dossiers:
C:\

Statistiques de l'analyse:
Total d'objets analysés :: 92706
Nombre de virus trouvés: 11
Nombre d'objets infectés: 58
Nombre d'objets suspects: 1
Durée de l'analyse: 00:47:11

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\JC\mrexe.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\itavi32.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\itavi32.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096182.exe Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096206.exe Infecté: Backdoor.Win32.PoeBot.c ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096283.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096310.dll Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096325.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096325.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096326.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096358.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096358.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096359.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096393.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096393.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096394.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096411.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096413.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096413.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096414.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096429.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096429.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096433.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096434.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096455.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096457.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096457.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096458.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096527.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096527.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096528.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096551.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096551.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096553.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0096922.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0096922.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0097933.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099030.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099031.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099044.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099044.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099053.exe Infecté: Trojan-Proxy.Win32.Agent.cv ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099059.exe Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099060.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099067.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099068.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099069.exe Infecté: Backdoor.Win32.PoeBot.c ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099072.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099073.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0100017.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0100018.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\116[1].avi/stream/data0001/data0002 Infecté: Trojan.Win32.Scapur.k ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\116[1].avi/stream/data0001 Infecté: Trojan.Win32.Scapur.k ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\116[1].avi/stream Infecté: Trojan.Win32.Scapur.k ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IPUUJ4FB\116[1].avi NSIS: infecté - 3 ignoré
C:\WINDOWS\system32\eraseme_63663.exe Infecté: Backdoor.Win32.SdBot.aad ignoré
C:\WINDOWS\system32\i Infecté: Trojan-Downloader.BAT.Ftp.ab ignoré
C:\WINDOWS\system32\msnchecker.exe Suspect : Packed.Win32.CryptExe ignoré
C:\WINDOWS\win32.exe Infecté: Backdoor.Win32.SdBot.aad ignoré

Analyse terminée.



Et j'ai maintenant parfois un message qui me dit que le système va redémarrer automatiquement dans une minute et qu'il faut sauvegarder tout son travail. C'est demandé par AUTORITE NT\SYSTEM et il met aussi que C:\WINDOWS\system32\lsass.exe s'est mal terminé et a renvoyé le code 128... Des nouveaux virus encore et toujours ...

Ensuite:

----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur " Windows Update Manager "
Chosis dans Type de démarrage l'option " Désactivé "
Clique en bas sur " Arrêter "
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete a NT Service
Tape " UpdateManager " puis valide.
----------

Supprime:
C:\WINDOWS\update\updmgr.exe

http://service1.symantec.com/SUPPORT/INTER/(...)

Poste un rapport Hijackthis

Tu t'es fait re-infecte, installe d'urgence un firewall:
http://www.malekal.com/kerio_firewall.html

Redémarre en mode sans échec

- Lance Hijackthis ->Do a system scan only
->Coche les lignes puis clique sur Fix checked:

O4 - HKLM\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunServices: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunServices: [Windows MS Update 32] sucker.exe
O4 - HKLM\..\RunOnce: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\Run: [Windows MS Update 32] sucker.exe
O4 - HKCU\..\RunOnce: [Windows MS Update 32] sucker.exe

- Suppime ces fichiers ou dossiers si existe:

Dans C:\Windows ou C:\Windows\System32:
sucker.exe
et C:\WINDOWS\System32\wchshield.exe

Bon c'est vrai que ca va beaucoup mieux, mais j'ai encore quelques erreurs au démarrage :

- ewido qui détecte un nouveau truc à chaque démarrage dans des programmes qui devraient être surs, le dernier en date :

Malware Found : Adware.Agent C:\Program Files\Windows NT\wdialer.exe (risk medium)


- un message d'erreur relatif à Kerio apparemment :

Microsoft Visual C++ Runtime Library

Program : C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.


Des idées ?

Voila, le rapport VundoFix :


VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 11:20:04 2/07/2006

Listing files found while scanning....


C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
Attempting to delete C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Performing Repairs to the registry.
Done!



Et le rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 11:26:20, on 2/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Samurize\Client.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5E6A7C0C-E14B-4E4C-91D8-9BBCCE24C037} - C:\WINDOWS\System32\sstts.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Et bien pour l'instant, toujours ewido qui détecte un nouveau truc à chaque démarrage dans des programmes qui devraient être surs, et encore parfois mon mot de passe qui ne passe pas à l'ouverture de session Windows, ca m'oblige à redémarrer pour que ca passe...

A part ca ca a l'air d'aller ;-)

Voila quelques exemples de messages que j'ai au démarrage avec ewido (1 par démarrage, ca change à chaque fois) :

Malware found
Adware.Agent
C:\Program Files\QuickTime\Sample.exe
Risk Medium

Malware found
Adware.Agent
C:\Program Files\Matroska Playback\RealMediaSplitte.exe
Risk Medium

Malware found
Adware.Agent
C:\Program Files\Media Player Classic\wmplayerc.exe
Risk Medium

...

Et au passage, désactive la réstauration système, parce que, quand on voit ça :-o :-o :-o

C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096182.exe Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096206.exe Infecté: Backdoor.Win32.PoeBot.c ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096283.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096310.dll Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096325.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096325.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096326.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096358.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096358.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP432\A0096359.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096393.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096393.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096394.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096411.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096413.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096413.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096414.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096429.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096429.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096433.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096434.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096455.exe Infecté: Trojan-Downloader.Win32.Adload.ch ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096457.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096457.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP433\A0096458.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096527.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096527.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096528.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096551.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096551.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP434\A0096553.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0096922.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0096922.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP435\A0097933.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099030.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099031.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099044.exe/data0006 Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099044.exe NSIS: infecté - 1 ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099053.exe Infecté: Trojan-Proxy.Win32.Agent.cv ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099059.exe Infecté: Backdoor.Win32.Rbot.aem ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099060.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099067.exe Infecté: Trojan-Dropper.Win32.VB.nn ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099068.exe Infecté: Backdoor.Win32.Agobot.aip ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099069.exe Infecté: Backdoor.Win32.PoeBot.c ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099072.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0099073.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0100017.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré
C:\System Volume Information\_restore{8A79DADB-1FBC-4361-B57F-E3C2D57725CD}\RP437\A0100018.exe Infecté: Backdoor.Win32.Rbot.aeu ignoré

Ca fait peur ^^

Il reste au moins 10 virus dans la restoration,

Tu peux faire démarrer sur poste de travail tu fais clique droit => propriété =>onglet restauration du systeme => coche désactivé la restauration du système.

Ensuite tu refait ton analyse antivirus tu élimines les virus détecté et seulement après tu réactives la réstauration système :-D