J'ai un problème qui revient sans arrêt. J'ai formaté 6 fois mais ca semble toujours revenir après quelques semaines. J'ai toujours des pages d'avertissement qui s'affiche me disant de downloader des programmes pour désinfecter mon Pc (VirusEffaceur, TrojanFiltre, AntiSpywareExpert, etc ...), et des pages de publicité s'affichent à toute les 2 minutes sur a peu près n'importe quoi. Avg a détecté Cheval de Troie Pakes.AI et Cheval de Troie KillAV.FF. J'en ai marre de cette pub qui apparaît sans cesse!!

Hello ,

Télécharge HiJackThis < ici

lance le programme , clique sur [ do a system scan and save a logfile ]
copie / colle le rapport généré

>> Tuto HiJackThis v2.0.2 <<

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:43, on 2008-05-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\CHMVGXMJ\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0CCB7673-04D5-4DE7-916B-384A3642BAF4} - C:\WINDOWS\System32\opnonkLB.dll
O2 - BHO: {8a60165d-9e5f-cc58-af94-f4330e796335} - {533697e0-334f-49fa-85cc-f5e9d56106a8} - C:\WINDOWS\System32\sbhwrxwx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C052586A-81A9-4D33-A69E-50FC90190419} - C:\WINDOWS\System32\nnnnMDTl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [70ed1bcb] rundll32.exe "C:\WINDOWS\System32\bdbsrwwl.dll",b
O4 - HKLM\..\Run: [BM73de2857] Rundll32.exe "C:\WINDOWS\System32\edvasuqm.dll",s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: opnonkLB - C:\WINDOWS\SYSTEM32\opnonkLB.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6967 bytes

Re , c'est du Vundo

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactivera après le scan

Télécharge ComboFix < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )

ComboFix 08-05-21.3 - Admin 2008-05-23 11:57:15.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.228 [GMT -4:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Google\googletoolbar1.dll
C:\WINDOWS\BM73de2857.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\msnimport.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bttmkrah.ini
C:\WINDOWS\system32\jkkJaabx.dll
C:\WINDOWS\system32\jqlqlylj.ini
C:\WINDOWS\system32\lTDMnnnn.ini
C:\WINDOWS\system32\lTDMnnnn.ini2
C:\WINDOWS\system32\lwwrsbdb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnnMDTl.dll
C:\WINDOWS\system32\optosrak.ini
C:\WINDOWS\system32\vnblnnpl.ini
C:\WINDOWS\system32\xbaaJkkj.ini
C:\WINDOWS\system32\xbaaJkkj.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.

2008-05-23 11:16 . 2008-05-23 11:16 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-05-23 11:15 . 2008-05-23 11:15 <REP> d-------- C:\Program Files\Lavasoft
2008-05-23 10:42 . 2008-05-23 10:42 114,176 --a------ C:\WINDOWS\system32\bdbsrwwl.dll
2008-05-23 10:36 . 2008-05-23 10:36 136,192 --a------ C:\WINDOWS\system32\sbhwrxwx.dll
2008-05-23 10:34 . 2008-05-23 10:34 125,952 --a------ C:\WINDOWS\system32\edvasuqm.dll
2008-05-22 21:38 . 2008-05-22 21:38 268 --ah----- C:\sqmdata01.sqm
2008-05-22 21:38 . 2008-05-22 21:38 244 --ah----- C:\sqmnoopt01.sqm
2008-05-22 16:46 . 2008-05-22 16:46 115,200 --a------ C:\WINDOWS\system32\lpnnlbnv.dll
2008-05-22 16:41 . 2008-05-22 16:41 <REP> d---s---- C:\Documents and Settings\claude\UserData
2008-05-22 14:56 . 2008-05-22 14:56 <REP> d-------- C:\Documents and Settings\claude\Contacts
2008-05-22 12:30 . 2008-05-22 12:30 114,688 --a------ C:\WINDOWS\system32\jlylqlqj.dll
2008-05-22 12:24 . 2008-05-22 12:24 58,880 --a------ C:\WINDOWS\system32\opnonkLB.dll
2008-05-22 12:02 . 2008-05-22 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-05-22 12:02 . 2008-05-22 12:02 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Pro
2008-05-22 11:52 . 2008-05-22 11:52 <REP> d-------- C:\SIERRA
2008-05-21 16:45 . 2008-05-21 16:45 244 --ah----- C:\sqmnoopt00.sqm
2008-05-21 16:45 . 2008-05-21 16:45 232 --ah----- C:\sqmdata00.sqm
2008-05-20 12:28 . 2008-05-20 12:28 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-20 12:26 . 2008-05-20 12:27 13,824 --a------ C:\d.exe
2008-05-20 12:26 . 2008-05-20 12:26 4,096 --a------ C:\xtqvpfan.exe
2008-05-20 12:26 . 2008-05-20 12:26 2 --a------ C:\1894587236
2008-05-19 15:25 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-05-19 15:25 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-05-19 15:25 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-05-19 15:25 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-05-19 15:25 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-05-19 15:25 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-05-19 15:25 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-05-19 15:25 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-05-17 22:43 . 2008-05-19 15:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-10 21:22 . 2008-05-10 21:22 <REP> d-------- C:\Documents and Settings\claude\Application Data\HP
2008-05-10 21:21 . 2008-05-22 14:56 <REP> d-------- C:\Documents and Settings\claude\Application Data\AVG7
2008-05-10 21:21 . 2002-12-11 17:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-10 21:20 . 2008-05-16 21:08 <REP> d--h----- C:\Documents and Settings\claude\Voisinage r‚seau
2008-05-10 21:20 . 2008-05-08 07:24 <REP> d--h----- C:\Documents and Settings\claude\Voisinage d'impression
2008-05-10 21:20 . 2008-05-08 16:52 <REP> d--h----- C:\Documents and Settings\claude\ModÅ les
2008-05-10 21:20 . 2008-05-22 14:58 <REP> dr------- C:\Documents and Settings\claude\Mes documents
2008-05-10 21:20 . 2008-05-08 07:24 <REP> dr------- C:\Documents and Settings\claude\Menu D‚marrer
2008-05-10 21:20 . 2008-05-10 21:21 <REP> dr------- C:\Documents and Settings\claude\Favoris
2008-05-10 21:20 . 2008-05-21 16:43 <REP> d-------- C:\Documents and Settings\claude\Bureau
2008-05-10 21:20 . 2008-05-22 16:41 <REP> d-------- C:\Documents and Settings\claude
2008-05-10 19:14 . 2008-05-22 12:05 <REP> d-------- C:\Program Files\Sierra On-Line
2008-05-10 19:14 . 2008-05-22 12:05 173 --a------ C:\WINDOWS\SIERRA.INI
2008-05-10 19:13 . 2008-05-10 19:13 <REP> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-05-10 19:13 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-10 11:04 . 2008-05-10 11:04 17,144 --a------ C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2008-05-10 00:08 . 2008-05-10 00:08 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Gamelab
2008-05-08 23:17 . 2008-05-08 23:17 385 --a------ C:\WINDOWS\ODBC.INI
2008-05-08 23:10 . 2008-05-08 23:12 <REP> d-------- C:\WINDOWS\ShellNew
2008-05-08 22:46 . 2008-05-08 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-05-08 22:46 . 2008-05-08 22:46 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Ludia
2008-05-08 21:28 . 2008-05-08 21:28 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Nero
2008-05-08 21:24 . 2008-05-08 21:24 <REP> d-------- C:\Program Files\Nero
2008-05-08 21:24 . 2008-05-08 21:26 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-05-08 21:24 . 2008-05-08 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-08 21:24 . 2008-05-08 21:24 <REP> d-------- C:\Documents and Settings\Admin\Incomplete
2008-05-08 21:23 . 2008-05-22 16:03 <REP> d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-05-08 21:22 . 2008-05-08 21:22 <REP> d-------- C:\WINDOWS\Sun
2008-05-08 21:09 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2008-05-08 21:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-08 21:03 . 2008-05-08 21:04 <REP> d-------- C:\Program Files\Java
2008-05-08 21:03 . 2008-05-08 21:03 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-08 20:57 . 2008-05-08 20:57 <REP> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-05-08 18:53 . 2008-05-22 11:58 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-08 18:37 . 2008-05-22 16:07 <REP> d-------- C:\Program Files\LimeWire
2008-05-08 18:13 . 2008-05-08 18:19 <REP> d-------- C:\Program Files\Winamp
2008-05-08 18:10 . 2004-08-11 01:45 2,362,104 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-05-08 18:10 . 2002-12-11 15:16 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2008-05-08 18:10 . 2004-08-11 01:45 380,144 --a--c--- C:\WINDOWS\system32\dllcache\wmadmod.dll
2008-05-08 18:10 . 2008-05-08 21:22 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-08 18:10 . 2002-12-11 19:12 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2008-05-08 18:10 . 2002-12-11 17:34 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2008-05-08 18:10 . 2002-12-11 17:34 241,664 --a--c--- C:\WINDOWS\system32\dllcache\mpg4dmod.dll
2008-05-08 18:10 . 2004-08-11 01:45 229,376 --a--c--- C:\WINDOWS\system32\dllcache\wmasf.dll
2008-05-08 18:10 . 2002-12-11 18:09 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-05-08 18:10 . 2002-12-11 17:34 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-05-08 18:06 . 2008-05-08 18:06 25 --a------ C:\WINDOWS\mixerdef.ini
2008-05-08 18:05 . 2008-05-08 18:05 <REP> d-------- C:\Program Files\Padus
2008-05-08 18:03 . 2008-05-08 18:03 <REP> d-------- C:\Program Files\MSN Content Plus Inc
2008-05-08 18:03 . 2008-05-08 18:03 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-08 18:03 . 2008-05-08 18:03 <REP> d---s---- C:\Documents and Settings\Admin\UserData
2008-05-08 18:03 . 2008-05-08 18:03 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-05-08 18:03 . 2008-05-08 18:03 108,336 --a------ C:\WINDOWS\MSWINSCK.ocx
2008-05-08 18:02 . 2008-05-08 18:02 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2008-05-08 17:40 . 2008-05-08 17:41 <REP> d-------- C:\Program Files\directx9
2008-05-08 17:32 . 2008-05-08 17:32 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-08 17:32 . 2008-05-08 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-08 17:32 . 2008-05-10 10:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-08 17:32 . 2008-05-23 11:39 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AVG7
2008-05-08 17:27 . 2008-05-17 21:35 <REP> d-------- C:\Documents and Settings\Admin\Contacts
2008-05-08 17:25 . 2008-05-16 23:20 <REP> d-------- C:\Program Files\MSN Messenger
2008-05-08 17:20 . 2008-05-08 17:20 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2008-05-08 17:16 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Google
2008-05-08 17:16 . 2008-05-08 17:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-08 17:16 . 2008-05-22 21:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-08 17:15 . 2008-05-08 17:15 <REP> d-------- C:\Documents and Settings\Admin\Application Data\HP
2008-05-08 17:15 . 2004-08-04 09:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-08 17:13 . 2008-05-08 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-08 17:12 . 2008-05-08 17:12 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-08 17:12 . 2008-05-08 17:15 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-05-08 17:12 . 2008-05-08 17:12 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-08 17:12 . 2008-05-08 22:10 <REP> d-------- C:\Program Files\BitLord
2008-05-08 17:12 . 2008-05-08 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-08 17:11 . 2006-12-06 02:02 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-08 17:11 . 2006-12-06 02:02 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-08 17:11 . 2006-12-06 02:02 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-08 17:10 . 2008-05-08 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-08 17:09 . 2008-05-08 17:15 <REP> d-------- C:\Program Files\HP
2008-05-08 17:09 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-08 17:08 . 2008-05-08 21:14 148,080 --a------ C:\WINDOWS\hpoins12.dat
2008-05-08 17:08 . 2007-01-22 12:05 1,470 --------- C:\WINDOWS\hpomdl12.dat
2008-05-08 17:06 . 2008-05-08 17:07 <REP> d-------- C:\WUTemp
2008-05-08 17:06 . 2008-05-08 17:26 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-05-08 17:06 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2008-05-08 17:06 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-05-08 17:03 . 2008-05-16 23:20 <REP> d--hs---- C:\WINDOWS\Installer
2008-05-08 17:03 . 2008-05-22 09:40 <REP> d--h----- C:\Documents and Settings\Admin\Voisinage r‚seau
2008-05-08 17:03 . 2008-05-08 07:24 <REP> d--h----- C:\Documents and Settings\Admin\Voisinage d'impression
2008-05-08 17:03 . 2008-05-08 16:52 <REP> d--h----- C:\Documents and Settings\Admin\ModÅ les
2008-05-08 17:03 . 2008-05-10 22:47 <REP> dr------- C:\Documents and Settings\Admin\Mes documents
2008-05-08 17:03 . 2008-05-08 07:24 <REP> dr------- C:\Documents and Settings\Admin\Menu D‚marrer
2008-05-08 17:03 . 2008-05-22 09:38 <REP> dr------- C:\Documents and Settings\Admin\Favoris
2008-05-08 17:03 . 2008-05-23 11:59 <REP> d-------- C:\Documents and Settings\Admin\Bureau
2008-05-08 17:03 . 2008-05-22 14:55 <REP> d-------- C:\Documents and Settings\Admin
2008-05-08 17:02 . 2008-05-08 17:31 <REP> d--hs---- C:\Documents and Settings\NetworkService

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 01:46 0 ----a-w C:\Program Files\temp01
2008-05-08 20:58 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 20:55 --------- d-----w C:\Program Files\Services en ligne
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CCB7673-04D5-4DE7-916B-384A3642BAF4}]
2008-05-22 12:24 58880 --a------ C:\WINDOWS\System32\opnonkLB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{533697e0-334f-49fa-85cc-f5e9d56106a8}]
2008-05-23 10:36 136192 --a------ C:\WINDOWS\System32\sbhwrxwx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 15:16 49152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-05-08 18:03 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 17:16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-09 17:49 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"70ed1bcb"="C:\WINDOWS\System32\bdbsrwwl.dll" [2008-05-23 10:42 114176]
"BM73de2857"="C:\WINDOWS\System32\edvasuqm.dll" [2008-05-23 10:34 125952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-08 17:34 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CCB7673-04D5-4DE7-916B-384A3642BAF4}"= C:\WINDOWS\System32\opnonkLB.dll [2008-05-22 12:24 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnonkLB]
opnonkLB.dll 2008-05-22 12:24 58880 C:\WINDOWS\system32\opnonkLB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-08 17:16 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 14:41 33792 C:\Program Files\Winamp\winampa.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7FDA5DA0-0C92-E780-F273-B9207984D491}]
C:\WINDOWS\System32:svchost.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 12:01:46
Windows 5.1.2600 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\opnonkLB.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\bdbsrwwl.dll
-> C:\WINDOWS\System32\edvasuqm.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-23 12:04:11 - machine was rebooted [Admin]
ComboFix-quarantined-files.txt 2008-05-23 16:04:04

Pre-Run: 71,082,364,928 octets libres
Post-Run: 72,554,098,688 octets libres

250

Re ,

T'es bien infectée ... on va faire du ménage ,

Télécharge MalwareBytes' Anti-Malwares < ici

Double clique sur Download_mbam-setup.exe pour lancer l'installation
Autorise le téléchargement des mises à jour !

Redémarre en mode sans echec ( > Mode Sans Echec < )

Double clique sur le raccourci Malwarebytes présent sur ton bureau
Coche Exécuter un examen complet , puis clique sur [Rechercher]
A la fin du scan , clique sur [Afficher les resultats]
Si objets infectés sont trouvés , clique sur [Supprimer la sélection]

Poste le rapport ( il se trouve aussi dans l'onglet Rapports/Logs )

---------------------------------------------------

Ensuite , refais un Combofix et poste le rapport

Je fais tout ça et je reviens

Alors voici le rapport de Malwarebytes

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 781

Type de recherche: Examen complet (C:\|)
Eléments examinés: 56686
Temps écoulé: 26 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnllKBq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnonkLB.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afb1b6e3-cd25-40e0-9e6a-a6b6ecc91a61} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afb1b6e3-cd25-40e0-9e6a-a6b6ecc91a61} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ccb7673-04d5-4de7-916b-384a3642baf4} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ccb7673-04d5-4de7-916b-384a3642baf4} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnonklb (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70ed1bcb (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM73de2857 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0ccb7673-04d5-4de7-916b-384a3642baf4} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnllkbq -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnllkbq -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\lngfiasp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psaifgnl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnllKBq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qBKllnnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qBKllnnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9801B6F4-680A-469B-AAFF-6897AFC70090}\RP29\A0003162.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9801B6F4-680A-469B-AAFF-6897AFC70090}\RP29\A0003163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aiyvcjbf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnonkLB.dll (Trojan.Vundo) -> Delete on reboot.

En me rendant ici j'ai encore recu des pub et quand je les ferme, je recois une alerte Buffer overburn detected et mon explorer plante.

Analyse de ComboFix

ComboFix 08-05-21.3 - Admin 2008-05-23 12:55:45.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.241 [GMT -4:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM73de2857.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\qBKllnnn.ini
C:\WINDOWS\system32\qBKllnnn.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.

2008-05-23 12:1