[Résolu]mon processus explorer.exe se ferme tout le temps

Bonjour,
Mon processus explorer.exe se ferme de temps en temps alors je le redémarre manuellement mais il se referme et ainsi de suite

J ai déja nettoyer mon pc avec avast,ad aware,spybot,ccleaner,a squared,vundo etc... mais toujours le meme probleme.
je pense que le probleme vient d un dll dans system32 car souvent rundll32.exe est lancer au moment ou le probleme surgit.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 03:09:01, on 16/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopUpBlocker ; XpTuner2004 - {49E0E0F0-5C30-11D4-945D-000000000010} - C:\PROGRA~1\SIMONT~1\XP-TUN~1\PopUp.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8630AF6A-3409-4708-9A04-ED9D00CE5F9E} - (no file)
O2 - BHO: (no name) - {967B6797-4BD2-4D66-B3FC-5DE1BA9FD623} - C:\WINDOWS\system32\nnnnomn.dll
O2 - BHO: (no name) - {C061C694-BC6B-40BB-97AC-0B587AB172C3} - (no file)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll
O20 - Winlogon Notify: nnnnomn - C:\WINDOWS\SYSTEM32\nnnnomn.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 6674 bytes

ok je fait sa

As-tu le rapport de Vundofix ?

Scan started at 18:23:09 16/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\bavxbbkm.dll
C:\WINDOWS\system32\duacehht.ini
C:\WINDOWS\system32\fbtjniki.dll
C:\WINDOWS\system32\ikinjtbf.ini
C:\WINDOWS\system32\mkbbxvab.ini
C:\WINDOWS\system32\prdxjsxt.dll
C:\WINDOWS\system32\rjvggupt.ini
C:\WINDOWS\system32\thhecaud.dll
C:\WINDOWS\system32\tpuggvjr.dll
C:\WINDOWS\system32\txsjxdrp.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bavxbbkm.dll
C:\WINDOWS\system32\bavxbbkm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\duacehht.ini
C:\WINDOWS\system32\duacehht.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fbtjniki.dll
C:\WINDOWS\system32\fbtjniki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ikinjtbf.ini
C:\WINDOWS\system32\ikinjtbf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mkbbxvab.ini
C:\WINDOWS\system32\mkbbxvab.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\prdxjsxt.dll
C:\WINDOWS\system32\prdxjsxt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rjvggupt.ini
C:\WINDOWS\system32\rjvggupt.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\thhecaud.dll
C:\WINDOWS\system32\thhecaud.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tpuggvjr.dll
C:\WINDOWS\system32\tpuggvjr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\txsjxdrp.ini
C:\WINDOWS\system32\txsjxdrp.ini Has been deleted!

Performing Repairs to the registry.
Done!

je sais pas si sa a un rapport mais depuis quelque redémarrage je ne vois plus l icone d avast ni plus aucun n icone en bas a droite.

up

bonjour bob

Bon celà n'a pas suffit.

1) Télécharge VirtumondeBegone ---> http://secured2k.home.comcast.net/ [...] BeGone.exe

Lance VitumondeBegone.exe puis suis les instructions.
Une fois son travail terminé, redémarre ton PC puis poste le rapport

2)Poste un nouveau log hijackthis

[05/16/2007, 18:44:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Bureau\VirtumundoBeGone.exe" )
[05/16/2007, 18:44:29] - Detected System Information:
[05/16/2007, 18:44:29] - Windows Version: 5.1.2600, Service Pack 2
[05/16/2007, 18:44:29] - Current Username: Ronan (Admin)
[05/16/2007, 18:44:29] - Windows is in NORMAL mode.
[05/16/2007, 18:44:29] - Searching for Browser Helper Objects:
[05/16/2007, 18:44:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/16/2007, 18:44:29] - BHO 2: {49E0E0F0-5C30-11D4-945D-000000000010} (PopUpBlocker ; XpTuner2004)
[05/16/2007, 18:44:29] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - No filename found. Continuing.
[05/16/2007, 18:44:29] - BHO 4: {8630AF6A-3409-4708-9A04-ED9D00CE5F9E} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - No filename found. Continuing.
[05/16/2007, 18:44:29] - BHO 5: {967B6797-4BD2-4D66-B3FC-5DE1BA9FD623} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - Checking for HKLM\...\Winlogon\Notify\nnnnomn
[05/16/2007, 18:44:29] - Found: HKLM\...\Winlogon\Notify\nnnnomn - This is probably Virtumundo.
[05/16/2007, 18:44:29] - Assigning {967B6797-4BD2-4D66-B3FC-5DE1BA9FD623} MSEvents Object
[05/16/2007, 18:44:29] - BHO list has been changed! Starting over...
[05/16/2007, 18:44:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/16/2007, 18:44:29] - BHO 2: {49E0E0F0-5C30-11D4-945D-000000000010} (PopUpBlocker ; XpTuner2004)
[05/16/2007, 18:44:29] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - No filename found. Continuing.
[05/16/2007, 18:44:29] - BHO 4: {8630AF6A-3409-4708-9A04-ED9D00CE5F9E} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - No filename found. Continuing.
[05/16/2007, 18:44:29] - BHO 5: {967B6797-4BD2-4D66-B3FC-5DE1BA9FD623} (MSEvents Object)
[05/16/2007, 18:44:29] - ALERT: Found MSEvents Object!
[05/16/2007, 18:44:29] - BHO 6: {C061C694-BC6B-40BB-97AC-0B587AB172C3} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - No filename found. Continuing.
[05/16/2007, 18:44:29] - BHO 7: {E34902BE-37AE-4EBE-8C22-9CF08CB12754} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - Checking for HKLM\...\Winlogon\Notify\jkklk
[05/16/2007, 18:44:29] - Found: HKLM\...\Winlogon\Notify\jkklk - This is probably Virtumundo.
[05/16/2007, 18:44:29] - Assigning {E34902BE-37AE-4EBE-8C22-9CF08CB12754} MSEvents Object
[05/16/2007, 18:44:29] - BHO list has been changed! Starting over...
[05/16/2007, 18:44:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/16/2007, 18:44:29] - BHO 2: {49E0E0F0-5C30-11D4-945D-000000000010} (PopUpBlocker ; XpTuner2004)
[05/16/2007, 18:44:29] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - No filename found. Continuing.
[05/16/2007, 18:44:29] - BHO 4: {8630AF6A-3409-4708-9A04-ED9D00CE5F9E} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - No filename found. Continuing.
[05/16/2007, 18:44:29] - BHO 5: {967B6797-4BD2-4D66-B3FC-5DE1BA9FD623} (MSEvents Object)
[05/16/2007, 18:44:29] - ALERT: Found MSEvents Object!
[05/16/2007, 18:44:29] - BHO 6: {C061C694-BC6B-40BB-97AC-0B587AB172C3} ()
[05/16/2007, 18:44:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:29] - No filename found. Continuing.
[05/16/2007, 18:44:29] - BHO 7: {E34902BE-37AE-4EBE-8C22-9CF08CB12754} (MSEvents Object)
[05/16/2007, 18:44:29] - ALERT: Found MSEvents Object!
[05/16/2007, 18:44:29] - Finished Searching Browser Helper Objects
[05/16/2007, 18:44:29] - *** Detected MSEvents Object
[05/16/2007, 18:44:29] - Trying to remove MSEvents Object...
[05/16/2007, 18:44:30] - Terminating Process: IEXPLORE.EXE
[05/16/2007, 18:44:31] - Terminating Process: RUNDLL32.EXE
[05/16/2007, 18:44:31] - Disabling Automatic Shell Restart
[05/16/2007, 18:44:31] - Terminating Process: EXPLORER.EXE
[05/16/2007, 18:44:31] - Suspending the NT Session Manager System Service
[05/16/2007, 18:44:31] - Terminating Windows NT Logon/Logoff Manager
[05/16/2007, 18:44:32] - Re-enabling Automatic Shell Restart
[05/16/2007, 18:44:32] - File to disable: C:\WINDOWS\system32\nnnnomn.dll
[05/16/2007, 18:44:32] - Renaming C:\WINDOWS\system32\nnnnomn.dll -> C:\WINDOWS\system32\nnnnomn.dll.vir
[05/16/2007, 18:44:32] - File successfully renamed!
[05/16/2007, 18:44:32] - Removing HKLM\...\Browser Helper Objects\{967B6797-4BD2-4D66-B3FC-5DE1BA9FD623}
[05/16/2007, 18:44:32] - Removing HKCR\CLSID\{967B6797-4BD2-4D66-B3FC-5DE1BA9FD623}
[05/16/2007, 18:44:32] - Adding Kill Bit for ActiveX for GUID: {967B6797-4BD2-4D66-B3FC-5DE1BA9FD623}
[05/16/2007, 18:44:32] - Deleting ATLEvents/MSEvents Registry entries
[05/16/2007, 18:44:32] - Removing HKLM\...\Winlogon\Notify\nnnnomn
[05/16/2007, 18:44:32] - Searching for Browser Helper Objects:
[05/16/2007, 18:44:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/16/2007, 18:44:32] - BHO 2: {49E0E0F0-5C30-11D4-945D-000000000010} (PopUpBlocker ; XpTuner2004)
[05/16/2007, 18:44:32] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2007, 18:44:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:32] - No filename found. Continuing.
[05/16/2007, 18:44:32] - BHO 4: {8630AF6A-3409-4708-9A04-ED9D00CE5F9E} ()
[05/16/2007, 18:44:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:32] - No filename found. Continuing.
[05/16/2007, 18:44:32] - BHO 5: {C061C694-BC6B-40BB-97AC-0B587AB172C3} ()
[05/16/2007, 18:44:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:32] - No filename found. Continuing.
[05/16/2007, 18:44:32] - BHO 6: {E34902BE-37AE-4EBE-8C22-9CF08CB12754} (MSEvents Object)
[05/16/2007, 18:44:32] - ALERT: Found MSEvents Object!
[05/16/2007, 18:44:32] - Finished Searching Browser Helper Objects
[05/16/2007, 18:44:32] - *** Detected MSEvents Object
[05/16/2007, 18:44:32] - Trying to remove MSEvents Object...
[05/16/2007, 18:44:33] - Terminating Process: IEXPLORE.EXE
[05/16/2007, 18:44:33] - Terminating Process: RUNDLL32.EXE
[05/16/2007, 18:44:33] - Disabling Automatic Shell Restart
[05/16/2007, 18:44:33] - Terminating Process: EXPLORER.EXE
[05/16/2007, 18:44:33] - Suspending the NT Session Manager System Service
[05/16/2007, 18:44:33] - Terminating Windows NT Logon/Logoff Manager
[05/16/2007, 18:44:33] - Re-enabling Automatic Shell Restart
[05/16/2007, 18:44:33] - File to disable: C:\WINDOWS\system32\jkklk.dll
[05/16/2007, 18:44:33] - Renaming C:\WINDOWS\system32\jkklk.dll -> C:\WINDOWS\system32\jkklk.dll.vir
[05/16/2007, 18:44:33] - File successfully renamed!
[05/16/2007, 18:44:33] - Removing HKLM\...\Browser Helper Objects\{E34902BE-37AE-4EBE-8C22-9CF08CB12754}
[05/16/2007, 18:44:33] - Removing HKCR\CLSID\{E34902BE-37AE-4EBE-8C22-9CF08CB12754}
[05/16/2007, 18:44:34] - Adding Kill Bit for ActiveX for GUID: {E34902BE-37AE-4EBE-8C22-9CF08CB12754}
[05/16/2007, 18:44:34] - Deleting ATLEvents/MSEvents Registry entries
[05/16/2007, 18:44:34] - Removing HKLM\...\Winlogon\Notify\jkklk
[05/16/2007, 18:44:34] - Searching for Browser Helper Objects:
[05/16/2007, 18:44:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/16/2007, 18:44:34] - BHO 2: {49E0E0F0-5C30-11D4-945D-000000000010} (PopUpBlocker ; XpTuner2004)
[05/16/2007, 18:44:34] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2007, 18:44:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:34] - No filename found. Continuing.
[05/16/2007, 18:44:34] - BHO 4: {8630AF6A-3409-4708-9A04-ED9D00CE5F9E} ()
[05/16/2007, 18:44:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:34] - No filename found. Continuing.
[05/16/2007, 18:44:34] - BHO 5: {C061C694-BC6B-40BB-97AC-0B587AB172C3} ()
[05/16/2007, 18:44:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2007, 18:44:34] - No filename found. Continuing.
[05/16/2007, 18:44:34] - Finished Searching Browser Helper Objects
[05/16/2007, 18:44:34] - Finishing up...
[05/16/2007, 18:44:34] - A restart is needed.
[05/16/2007, 18:44:34] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[05/16/2007, 18:44:48] - Attempting to Restart via STOP error (Blue Screen!)

Oui le deuxième a bien nettoyé.

1)Lances hijackthis, do a scan only. coches sur la gauche ces lignes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8630AF6A-3409-4708-9A04-ED9D00CE5F9E} - (no file)
O2 - BHO: (no name) - {C061C694-BC6B-40BB-97AC-0B587AB172C3} - (no file)

Cliques ensuite sur fixchecked et valides, Fermes hijackthis


2)Fais un scan en ligne avec internet Explorer. A la fin du scan, postes le rapport
http://webscanner.kaspersky.fr ("Exécutez l'analyse en ligne" ). Sélectionne "disque local C:\"

et voila
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, May 16, 2007 8:24:35 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 16/05/2007
Enregistrements dans la base antivirus Kaspersky : 301952
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: faux
Analyser les bases de messagerie: vrai

Cible de l'analyse - Dossiers:
C:\

Statistiques de l'analyse:
Total d'objets analysés: 280092
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:17:34

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.000\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.000\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.000\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.000\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\call256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\callmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chat512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatmsg1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatmsg16384.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatmsg2048.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatmsg256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatmsg4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatmsg512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatmsg8192.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\chatsync\c6\c60d671abb5df64d.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\contactgroup256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\dyncontent\bundle.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\index2.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\profile16384.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\transfer256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\transfer512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\user1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\user16384.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\user256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\user4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Application Data\Skype\ronanm35\voicemail256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Local Settings\Historique\History.IE5\MSHist012007051620070517\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Ronan.XPSP2-E3ECBFD24\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{82628B98-2B0D-42D3-8B1D-431F081455CB}\RP17\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_380.dat L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.