infection virus win32:BHO-KD [Trj]

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Voici le rapport de combofix

ComboFix 08-01-09.2 - Administrateur 2008-01-15 12:50:03.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 1:00]
Running from: D:\Documents and Settings\Administrateur\Mes documents\telechargement\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 12:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-18 02:35 . 2007-12-18 02:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\U3
2007-12-17 20:31 . 2007-12-17 20:31 <REP> d-------- C:\Program Files\Nicolas MERLET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 11:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Free Download Manager
2008-01-15 11:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-01-06 16:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2007-12-17 19:13 --------- d-----w C:\Program Files\MSN Messenger
2007-12-12 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2007-12-10 05:44 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2007-12-10 05:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2007-12-10 04:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\IMVU
2007-12-06 18:57 19,456 ----a-w C:\WINDOWS\system32\drivers\wfhxlxdc.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-28 11:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 16:39 --------- d-----w C:\Program Files\Google
2007-11-23 11:02 --------- d-----w C:\Program Files\Guitar FX BOX 2.6
2007-11-19 20:27 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-19 20:27 --------- d-----w C:\Program Files\RALINK
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{246665B1-C07F-4A5D-BBA7-204CB0C46262}]
2004-08-04 01:54 92416 --a------ C:\WINDOWS\system32\comctl3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"Free Download Manager"="D:\Program Files\Free Download Manager\fdm.exe" [2006-08-20 23:24 2068527]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-06-26 14:53 20005928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 10:15 83968]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"avast!"="D:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-03-22 23:46:00]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-03-22 23:46:00]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widget Engine.lnk - D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-03-22 23:46:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ralink Wireless Utility.lnk - C:\WINDOWS\RaUI.exe [2007-09-30 20:42:30]
VOIP080.lnk - C:\Program Files\Philips\VOIP080\VOIP080.exe [2006-06-29 08:47:46]

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 08:01]
R0 xhpfycsx;xhpfycsx;C:\WINDOWS\system32\drivers\wfhxlxdc.dat []
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 08:01]
R2 PDSched;PDScheduler;"D:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2004-11-01 11:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 12:51:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-01-15 12:53:29
ComboFix-quarantined-files.txt 2008-01-15 11:52:33
ComboFix2.txt 2008-01-15 11:46:27

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

voici le rapport de combofix (j'espère que la protection résidente c'est bien désactivé cette fois)

ComboFix 08-01-09.2 - Administrateur 2008-01-15 18:30:36.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.546 [GMT 1:00]
Running from: D:\Documents and Settings\Administrateur\Mes documents\telechargement\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\comctl3.dll
C:\WINDOWS\system32\drivers\wfhxlxdc.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\comctl3.dll
C:\WINDOWS\system32\drivers\wfhxlxdc.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_XHPFYCSX
-------\xhpfycsx


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 12:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-18 02:35 . 2007-12-18 02:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\U3
2007-12-17 20:31 . 2007-12-17 20:31 <REP> d-------- C:\Program Files\Nicolas MERLET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 17:33 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Free Download Manager
2008-01-15 17:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-01-06 16:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2007-12-17 19:13 --------- d-----w C:\Program Files\MSN Messenger
2007-12-12 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2007-12-10 05:44 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2007-12-10 05:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2007-12-10 04:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\IMVU
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-28 11:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 16:39 --------- d-----w C:\Program Files\Google
2007-11-23 11:02 --------- d-----w C:\Program Files\Guitar FX BOX 2.6
2007-11-19 20:27 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-19 20:27 --------- d-----w C:\Program Files\RALINK
.

((((((((((((((((((((((((((((( snapshot@2008-01-15_12.45.02,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 11:41:58 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-15 17:30:26 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-15 11:41:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-15 17:30:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-15 11:41:58 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-15 17:30:26 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-15 11:41:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-15 17:30:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-15 11:41:58 5,382,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-15 17:30:27 5,419,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-15 11:41:58 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-15 17:30:27 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-15 17:36:59 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_640.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"Free Download Manager"="D:\Program Files\Free Download Manager\fdm.exe" [2006-08-20 23:24 2068527]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-06-26 14:53 20005928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 10:15 83968]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"avast!"="D:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 08:01]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 08:01]
R2 PDSched;PDScheduler;"D:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2004-11-01 11:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 18:37:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 18:41:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 17:40:50
ComboFix2.txt 2008-01-15 11:53:30
ComboFix3.txt 2008-01-15 11:46:27


Puis le rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RaUI.exe
C:\Program Files\Philips\VOIP080\VOIP080.exe
C:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\Administrateur\Mes documents\telechargement\HiJackThis.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] "D:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O4 - Global Startup: VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F81E9F3-B524-4F66-9106-7E392D8CC7F8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{554ABAA2-6116-4FFA-B801-4485FE285301}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F81E9F3-B524-4F66-9106-7E392D8CC7F8}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F81E9F3-B524-4F66-9106-7E392D8CC7F8}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe

--
End of file - 6247 bytes

On continue  

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

voici le rapport de antivir (qui juste comme ca a trouvé d'autre saleté que avast ne trouvait pas ... vive avast)



AntiVir PersonalEdition Classic
Report file date: mardi 15 janvier 2008 19:34

Scanning for 1041443 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PUMBA

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:34:00
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 18:34:00
ANTIVIR3.VDF : 7.0.2.1 2048 Bytes 15/01/2008 18:34:00
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 15/01/2008 18:34:00
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 18:34:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 15 janvier 2008 19:34

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'RaUI.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'fdm.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PDSched.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '33' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-41d6c211
[0] Archive type: ZIP
--> BnnnnBaa.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
--> VaannnaaBaa.class
[DETECTION] Is the Trojan horse TR/ClassLoader
--> Dnnny.class
[DETECTION] Contains detection pattern of the Java virus JAVA/Exploit.Bytverify.5
--> Bnnnnn.class
[DETECTION] Is the Trojan horse TR/Java.ClassLoader.AS
--> Den.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify
--> Din.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify.A
--> Dun.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify.B
[INFO] The file was moved to '47bffd58.qua'!
C:\QooBox\Quarantine\catchme2008-01-15_183726.95.zip
[0] Archive type: ZIP
--> comctl3.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.5
--> wfhxlxdc.dat
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '480103f8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\love30.zip.vir
[0] Archive type: ZIP
--> love30.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4803040c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\comctl3.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47fa0411.qua'!
C:\System Volume Information\_restore{077C2248-D735-4F4C-AA78-96D9E37D85D3}\RP3\A0000072.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47bd03dc.qua'!
C:\WINDOWS\system32\comctl3.1
[DETECTION] Is the Trojan horse TR/Spy.BZub.NGP
[INFO] The file was moved to '47fa0612.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Disque local>


End of the scan: mardi 15 janvier 2008 21:10
Used time: 1:35:36 min

The scan has been done completely.

6147 Scanning directories
241918 Files were scanned
12 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
241906 Files not concerned
2031 Archives were scanned
2 Warnings
49 Notes




PS : merci beaucoup angeldark pour tte l'aide que tu me donne

Reposte un nouveau rapport Hijackthis.

Voici le rapport demandé.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
D:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\RaUI.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\rsvp.exe
D:\Documents and Settings\Administrateur\Mes documents\telechargement\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O4 - Global Startup: VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F81E9F3-B524-4F66-9106-7E392D8CC7F8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{554ABAA2-6116-4FFA-B801-4485FE285301}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F81E9F3-B524-4F66-9106-7E392D8CC7F8}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F81E9F3-B524-4F66-9106-7E392D8CC7F8}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe

--
End of file - 6337 bytes

C'est mieux ?

oui c beaucoup mieux j'ai plus d'alerte maintenant ^^

Merci beaucoup !!! infiniment merci !!!!

Bon surf  

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :