windows security alert

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

voilà le rapport :

22:27 03/02/2008Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:37, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\locker.exe
C:\PROGRA~1\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmona.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\ctfmona .exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7B.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\Skype\Phone\Skype .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.985\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [EasySpywareCleaner] C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe
O4 - HKLM\..\Run: [MSCTFMON] C:\WINDOWS\SYSTEM32\intelcore32.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\PROGRA~1\MOZILLA FIREFOX\plugins\NPSWF32_FlashUtil.exe -p
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 5303 bytes

petit up

Message supprimé : chacun son sujet !
Et pas besoin de up  

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Impossible d'établir un scan de Combofix j'ai tjs un message en comme quoi fichier dll n'est pas valide qui apparait et empeche le scan... en fait a chaque fois que j'ouvre une application on me dit qu'un fichier dll est érroné.
Que faire?

Quelle .dll ?

C:\windows\system32\wowfx.dll n'est pas une image windows valide

On va essayer autrement.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Apres manip :

Rapport Vundofix :

VundoFix V6.7.7

Checking Java version...

Scan started at 18:37:28 2008-02-05

Listing files found while scanning....

C:\WINDOWS\system32\bpmsktck.dll
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\fsxhbasp.dll
C:\WINDOWS\system32\jkhfc.exe
C:\WINDOWS\system32\nivfpfzt.dll
C:\windows\system32\nivfpfzt.dllbox
C:\WINDOWS\system32\svvelcrq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bpmsktck.dll
C:\WINDOWS\system32\bpmsktck.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\cfhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fsxhbasp.dll
C:\WINDOWS\system32\fsxhbasp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfc.exe
C:\WINDOWS\system32\jkhfc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nivfpfzt.dll
C:\WINDOWS\system32\nivfpfzt.dll Has been deleted!

Attempting to delete C:\windows\system32\nivfpfzt.dllbox
C:\windows\system32\nivfpfzt.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvelcrq.dll
C:\WINDOWS\system32\svvelcrq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sysrest32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sysrest32 .exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {f06b4aa7-b8c0-4858-5094-22dd5feb46cb} - {bc64bef5-dd22-4905-8584-0c8b7aa4b60f} - C:\WINDOWS\system32\bpmsktck.dll (file missing)
O2 - BHO: (no name) - {E5E59AC8-12F1-450B-8CC7-499BEC8A04F7} - C:\WINDOWS\system32\jkhfc.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EasySpywareCleaner] C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe
O4 - HKLM\..\Run: [MSCTFMON] C:\WINDOWS\SYSTEM32\intelcore32.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [3ced9f48] rundll32.exe "C:\WINDOWS\system32\mkaumcue.dll",b
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: ddccdba - ddccdba.dll (file missing)
O20 - Winlogon Notify: winszd32 - winszd32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 4425 bytes

Tu peux recommencer Combofix ?

ComboFix 08-02.03.1 - Administrateur 2008-02-05 18:59:25.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.587 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
ADS - svchost.exe: deleted 51712 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\xpdx.sys
C:\Documents and Settings\Administrateur\Application Data\antivirus.exe
C:\Documents and Settings\Administrateur\Application Data\pcpriv.exe
C:\Documents and Settings\Administrateur\Application Data\ultra
C:\Documents and Settings\Administrateur\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\install\install.exe
C:\Program Files\Helper
C:\Program Files\Helper\ifastseek.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\eucmuakm.ini
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\srluomyl.ini
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\wowfx.dll . . . . Echec de suppression
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\Temp\1390498548.exe
C:\WINDOWS\Temp\1525830124.exe
C:\WINDOWS\Temp\395075070.exe
C:\WINDOWS\Temp\553315854.exe
C:\WINDOWS\wl.exe

----- BITS: Possible sites infect‚s -----

hxxp://msgr.dlservice.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FCI
-------\LEGACY_NTMLSVC
-------\FCI
-------\xpdx


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))))))))
.

2008-02-05 18:45 . 2008-02-05 18:45 29,184 --a------ C:\WINDOWS\system32\sysrest32 .exe
2008-02-05 18:37 . 2008-02-05 18:37 <REP> d-------- C:\VundoFix Backups
2008-02-04 17:43 . 2008-02-04 17:43 304 --ah----- C:\sqmdata01.sqm
2008-02-04 17:43 . 2008-02-04 17:43 244 --ah----- C:\sqmnoopt01.sqm
2008-02-04 07:31 . 2008-02-04 07:31 88,640 --a------ C:\WINDOWS\system32\mkaumcue.dll
2008-02-03 23:43 . 2008-02-03 23:43 280 --ah----- C:\sqmdata00.sqm
2008-02-03 23:43 . 2008-02-03 23:43 244 --ah----- C:\sqmnoopt00.sqm
2008-02-03 19:06 . 2008-02-03 19:06 15,328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-01-05 12:21 . 2008-01-05 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfeStop.com
2008-01-05 12:20 . 2008-02-03 20:10 <REP> d-------- C:\Program Files\InfeStop
2008-01-05 11:57 . 2008-01-05 11:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\spy-rid.com
2008-01-05 11:56 . 2008-02-03 20:06 <REP> d-------- C:\Program Files\Spy-Rid
2008-01-05 11:55 . 2008-02-03 19:05 29,824 --a------ C:\WINDOWS\system32\ctfmona .exe
2008-01-05 11:52 . 2008-02-03 20:10 <REP> d-------- C:\Program Files\EasySpywareCleaner
2008-01-05 11:52 . 2008-01-05 11:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EasySpywareCleaner.com
2008-01-05 11:46 . 2008-01-06 22:53 9,728 --a------ C:\WINDOWS\system32\printer .exe
2008-01-05 11:17 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-05 11:17 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-05 11:17 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-05 11:17 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-05 11:17 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 11:17 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-05 11:17 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-05 11:17 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 10:58 . 2008-01-05 10:58 <REP> d-------- C:\Program Files\Alwil Software
2008-01-05 10:58 . 2005-06-08 20:12 18,944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-01-05 10:48 . 2008-01-05 10:48 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-01-05 10:47 . 2008-02-03 19:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-05 00:00 . 2008-01-05 00:00 24,576 --a------ C:\WINDOWS\system32\winbug32.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 17:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-02-04 20:24 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-04 20:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-02-03 18:53 --------- d-----w C:\Program Files\PCI Audio Applications
2008-01-04 23:01 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-04 22:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 17:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-02 17:03 --------- d-----w C:\Program Files\Atari
2007-12-29 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2007-12-29 18:45 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-29 17:07 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 17:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 14:13 73,216 ----a-w C:\WINDOWS\WinLockDll.dll
2007-12-07 08:35 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Microsoft Games
2007-12-07 08:30 --------- d-----w C:\Program Files\DIFX
2007-12-05 17:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-03 12:26 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-12-03 12:26 22,328 ----a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2007-12-03 12:26 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
.

<pre>

----a-w            79,224 2008-02-03 17:53:20  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w           167,368 2008-02-03 18:05:47  C:\Program Files\DAEMON Tools\daemon .exe

----a-w           305,490 2008-02-03 17:02:37  C:\Program Files\EasySpywareCleaner\EasySpywareCleaner .exe

----a-w           229,814 2008-02-03 18:05:47  C:\Program Files\InfeStop\InfeStopRemover .exe

----a-w           132,496 2008-02-03 18:05:04  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe

----a-w            90,112 2008-02-03 18:04:57  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe

----a-w            69,632 2008-02-03 18:04:58  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote .exe

----a-w           823,296 2008-02-03 18:05:01  C:\Program Files\PCI Audio Applications\Mixer .exe

----a-w        22,879,528 2008-02-03 18:06:17  C:\Program Files\Skype\Phone\Skype .exe

----a-w           312,590 2008-02-03 18:05:47  C:\Program Files\Spy-Rid\Spy-Rid .exe

----a-w            29,824 2008-02-03 18:05:46  C:\WINDOWS\system32\ctfmona .exe

----a-w           155,648 2008-02-03 18:04:54  C:\WINDOWS\system32\NeroCheck .exe

----a-w             9,728 2008-01-06 21:53:17  C:\WINDOWS\system32\printer .exe

----a-w            29,184 2008-02-05 17:45:15  C:\WINDOWS\system32\sysrest32 .exe

</pre>

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
C:\Program Files\Outerinfo\Outerinfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc64bef5-dd22-4905-8584-0c8b7aa4b60f}]
C:\WINDOWS\system32\bpmsktck.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52 8531968]
"nwiz"="nwiz.exe" [2007-10-28 16:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52 81920]
"EasySpywareCleaner"="C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe" [ ]
"MSCTFMON"="C:\WINDOWS\SYSTEM32\intelcore32.exe" [ ]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [ ]
"3ced9f48"="C:\WINDOWS\system32\mkaumcue.dll" [2008-02-04 07:31 88640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccdba]
ddccdba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winszd32]
winszd32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

R2 UacFlt;Philips Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uacbflt.sys [2002-06-14 06:40]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 19:36]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys [2008-02-03 19:06]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 19:04:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-05 19:06:16 - machine was rebooted [Administrateur]
ComboFix-quarantined-files.txt 2008-02-05 18:06:07

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

ComboFix 08-02.03.1 - Administrateur 2008-02-05 20:16:12.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.593 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE
C:\WINDOWS\system32\bpmsktck.dll
C:\WINDOWS\system32\ctfmona .exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\SYSTEM32\intelcore32.exe
C:\WINDOWS\system32\mkaumcue.dll
C:\WINDOWS\system32\printer .exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32 .exe
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\winbug32.dll
C:\WINDOWS\system32\wowfx.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\EasySpywareCleaner.com
C:\Documents and Settings\Administrateur\Application Data\InfeStop.com
C:\Documents and Settings\Administrateur\Application Data\spy-rid.com
C:\Program Files\EasySpywareCleaner
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner .exe
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.local
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.log
C:\Program Files\EasySpywareCleaner\Kernel.dll
C:\Program Files\EasySpywareCleaner\msvcp71.dll
C:\Program Files\EasySpywareCleaner\msvcr71.dll
C:\Program Files\EasySpywareCleaner\Resources.dll
C:\Program Files\EasySpywareCleaner\Uninstall.exe
C:\Program Files\EasySpywareCleaner\WndLayer.dll
C:\Program Files\InfeStop
C:\Program Files\InfeStop\InfeStopRemover .exe
C:\Program Files\InfeStop\InfeStopRemover.exe.local
C:\Program Files\InfeStop\InfeStopRemover.exe.log
C:\Program Files\InfeStop\Krnel.dll
C:\Program Files\InfeStop\msvcp71.dll
C:\Program Files\InfeStop\msvcr71.dll
C:\Program Files\InfeStop\Res.dll
C:\Program Files\InfeStop\Uninstall.exe
C:\Program Files\InfeStop\WinLayer.dll
C:\Program Files\Spy-Rid
C:\Program Files\Spy-Rid\krnl.dll
C:\Program Files\Spy-Rid\msvcp71.dll
C:\Program Files\Spy-Rid\msvcr71.dll
C:\Program Files\Spy-Rid\resource.dll
C:\Program Files\Spy-Rid\Spy-Rid .exe
C:\Program Files\Spy-Rid\Spy-Rid.exe.local
C:\Program Files\Spy-Rid\Spy-Rid.exe.log
C:\Program Files\Spy-Rid\Uninstall.exe
C:\Program Files\Spy-Rid\wndlr.dll
C:\WINDOWS\system32\ctfmona .exe
C:\WINDOWS\system32\mkaumcue.dll
C:\WINDOWS\system32\printer .exe
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32 .exe
C:\WINDOWS\system32\winbug32.dll
C:\WINDOWS\system32\wowfx.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))))))))
.

2008-02-05 18:37 . 2008-02-05 18:37 <REP> d-------- C:\VundoFix Backups
2008-02-04 17:43 . 2008-02-04 17:43 304 --ah----- C:\sqmdata01.sqm
2008-02-04 17:43 . 2008-02-04 17:43 244 --ah----- C:\sqmnoopt01.sqm
2008-02-03 23:43 . 2008-02-03 23:43 280 --ah----- C:\sqmdata00.sqm
2008-02-03 23:43 . 2008-02-03 23:43 244 --ah----- C:\sqmnoopt00.sqm
2008-01-05 11:17 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-05 11:17 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-05 11:17 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-05 11:17 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-05 11:17 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 11:17 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-05 11:17 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-05 11:17 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 10:58 . 2008-01-05 10:58 <REP> d-------- C:\Program Files\Alwil Software
2008-01-05 10:48 . 2008-01-05 10:48 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-01-05 10:47 . 2008-02-03 19:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 19:16 --------- d-----w C:\Program Files\PCI Audio Applications
2008-02-05 19:16 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-05 18:05 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-02-04 20:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-01-04 23:01 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-04 22:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 17:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-02 17:03 --------- d-----w C:\Program Files\Atari
2007-12-29 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2007-12-29 18:45 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-29 17:07 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 17:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 14:13 73,216 ----a-w C:\WINDOWS\WinLockDll.dll
2007-12-07 08:35 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Microsoft Games
2007-12-07 08:30 --------- d-----w C:\Program Files\DIFX
2007-12-05 17:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-03 12:26 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-12-03 12:26 22,328 ----a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2007-12-03 12:26 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2008-02-03 19:04 90112]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52 8531968]
"nwiz"="nwiz.exe" [2007-10-28 16:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52 81920]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 18:42:22 61440]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 18:53:38 454656]

R2 UacFlt;Philips Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uacbflt.sys [2002-06-14 06:40]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 19:36]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 20:17:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-05 20:17:27
ComboFix-quarantined-files.txt 2008-02-05 19:17:13
ComboFix2.txt 2008-02-05 18:06:16


Rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 3265 bytes

C'est déjà mieux non ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

AntiVir PersonalEdition Classic
Report file date: mardi 5 février 2008 20:44

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: TITANIUM

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 5 février 2008 20:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'mm_tray.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: mardi 5 février 2008 20:46
Used time: 01:29 min

The scan has been done completely.

159 Scanning directories
6225 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
6225 Files not concerned
3 Archives were scanned
1 Warnings
0 Notes

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 3333 bytes

Mieux ?

ben écoute ca a l'air de marcher bien maintenant!! Merci bien!

Bon surf  

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

-->- Recherche:

C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.297\HijackThis.exe: trouvé !
C:\Documents and Settings\Administrateur\Recent\HijackThis.lnk: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\WINDOWS\pskill.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Administrateur\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.297\HijackThis.exe: supprimé !
C:\Documents and Settings\Administrateur\Recent\HijackThis.lnk: supprimé !
C:\WINDOWS\pskill.exe: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !