Fichiers infectés windows/system32

Désactive la restauration système (n'oublie pas de la réactiver une fois les menaces supprimés)

Télécharge Spybot et Malwarebytes, mets les à jours.

Redémarre en mode sans échec et scan ton pc avec ces 2 antispywares(scan complet pour Malwarebytes), supprime les indésirables.

Toujours en mode sans échec, supprime les dossier du nom :
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared

Redémarre en mode normal, scan ton pc avec AVG Anti-rootkit(scan complet), supprime ce qu'il trouve.

♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


♦ Déconnecte toi et ferme toutes applications en cours !

♦ Double clique(clic droit "executer en temps qu'administrateur pour vista) sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

♦ Double-clique(clic droit "executer en temps qu'administrateur" pour vista) sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

♦ Laisse travailler l'outil et ne touche à rien ...

♦ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

ensuite copie-colle un nouveau rapport HijackThis
Comment Installer correctement Hijackthis
explication pour générer un rapport

Je viens d'effectuer toutes les manipulations indiquées.

Donc voici le rapport fourni par Ad-Remover :


.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 31/03/10 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:18:08 le 17/04/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 3 - X86
Nom du PC: DELMAS-X7CNP9DM | Utilisateur actuel: DELMAS (Administrateur)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Documents and Settings\DELMAS\Application Data\Mozilla\FireFox\Profiles\n4sg11ih.default\searchplugins\askcom.xml
C:\Program Files\GamesBar
C:\WINDOWS\system32\rbwdpyvtla.dll
.
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2031CC95-2AAC-4270-246B-286D3C02087E}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2031CC95-2AAC-4270-246B-286D3C02087E}
HKCU\Software\Wit
HKLM\Software\Classes\CLSID\{2031CC95-2AAC-4270-246B-286D3C02087E}
HKLM\Software\GamesBarSetup
HKLM\Software\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6.3 (fr) *
.
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.download.lastDir: D:
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.search.defaultenginename: Search
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2500339&SearchSource=3&q={searchTerms}
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.search.selectedEngine: Avanquest FR Customized Web Search
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.startup.homepage: hxxp://search.conduit.com/?ctid=CT2500339&SearchSource=13
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2500339&q=
.
TROUVÉ: C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com");
TROUVÉ: C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - user_pref("browser.search.order.1", "Ask.com");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://myhomewebs.com
Show_ToolBar: yes
Start Page: hxxp://orange.fr/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://myhomewebs.com
Default_Search_URL: hxxp://myhomewebs.com
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: no
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://myhomewebs.com
Start Page: hxxp://myhomewebs.com
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\DELMAS\Favoris\NORBERT\Innov'Patch, le Patch Minceur - Phytolabel.url
.
========================================
.
C:\DOCUME~1\DELMAS\LOCALS~1\Temp: 7 Fichier(s), 5 Dossier(s)
C:\WINDOWS\temp: 8 Fichier(s), 3 Dossier(s)
Temporary Internet Files: 1898 Fichier(s), 20 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 1 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 506 Octet(s)
C:\Ad-Report-SCAN[2].txt - 3800 Octet(s)
.
Fin à: 18:23:32, 17/04/2010
.
============== E.O.F - SCAN[2] ==============




et voici le nouveau rapport de Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:39, on 17/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PVSW\Bin\WGE_SRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
C:\OLIFAXVX\TOOLBAR.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomewebs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhomewebs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll
R3 - URLSearchHook: Avanquest FR Toolbar - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\tbAvan.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {D761A5FF-988F-4CDA-A513-A43733272E0C} - c:\windows\system32\rgmsucl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll
O3 - Toolbar: Avanquest FR Toolbar - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\tbAvan.dll
O4 - HKLM\..\Run: [20659] C:\WINDOWS\TEMP\lsrm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE (User 'Default user')
O4 - .DEFAULT Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE (User 'Default user')
O4 - Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE
O4 - Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm
O9 - Extra 'Tools' menuitem: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://www.ma-config.com/plugins/MaConfig_4_0_3_1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - C:\PVSW\Bin\WGE_SRV.EXE

--
End of file - 7354 bytes


Merci encore pour ces réponses rapides, clairs et très précises.

Relance Ad-Remover(clic droit "executer en temps qu'administrateur" )
Clic sur Nettoyer.
Redémarre le pc.
Copie-colle le rapport d'Ad-remover.

Relance Hijackthis.
Clic sur Do a system scan only
Coches les lignes suivantes :
R3 - URLSearchHook: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll
R3 - URLSearchHook: Avanquest FR Toolbar - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\tbAvan.dll
O2 - BHO: (no name) - {D761A5FF-988F-4CDA-A513-A43733272E0C} - c:\windows\system32\rgmsucl.dll
O3 - Toolbar: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll
O3 - Toolbar: Avanquest FR Toolbar - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\tbAvan.dll
O4 - HKLM\..\Run: [20659] C:\WINDOWS\TEMP\lsrm.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

Clic sur Fix Checked.

Voici le rapport d'Ad-remover :

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 31/03/10 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:17:10 le 17/04/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 3 - X86
Nom du PC: DELMAS-X7CNP9DM | Utilisateur actuel: DELMAS (Administrateur)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.


J'ai lancer Hijackthis, et ai supprimé les lignes mentionnées mais n'ai pas trouvé la ligne:

O4 - HKLM\..\Run: [20659] C:\WINDOWS\TEMP\lsrm.exe

Est ce normal?


Encore merci.

Ce rapport sera peut être plus approprié, désolé pour la mauvaise manipulation :


.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 31/03/10 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:24:34 le 17/04/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 3 - X86
Nom du PC: DELMAS-X7CNP9DM | Utilisateur actuel: DELMAS (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.

(!) -- Fichiers temporaires supprimés.
.
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6.3 (fr) *
.
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.download.lastDir: D:
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.search.defaultenginename: Search
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2500339&SearchSource=3&q={searchTerms}
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.startup.homepage: hxxp://search.conduit.com/?ctid=CT2500339&SearchSource=13
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\DELMAS\..\n4sg11ih.default\prefs.js - keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2500339&q=
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: no
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\DELMAS\Favoris\NORBERT\Innov'Patch, le Patch Minceur - Phytolabel.url
.
========================================
.
C:\DOCUME~1\DELMAS\LOCALS~1\Temp: 2 Fichier(s), 4 Dossier(s)
C:\WINDOWS\temp: 3 Fichier(s), 3 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 24 Dossier(s)
.
C:\Ad-Remover\Quarantine: 2 Fichier(s)
C:\Ad-Remover\Backup: 14 Fichier(s)
.
C:\Ad-Report-CLEAN[3].txt - 3001 Octet(s)
.
Fin à: 19:29:01, 17/04/2010
.
============== E.O.F - CLEAN[3] ==============

Bonjour,

Je me permets de relancer le sujet pour savoir quelles sont les manipulations suivantes à effectuer suite au rapport précèdent.

Encore merci pour votre aide.

le mieux qu'il te reste à faire maintenant c'est de désinstaller Avast (utilitaire de désinstallation) au profit de MSE ou Antivir

Je viens d'installer Antivir, mais le nombre de détection est encore plus élevé.

Je vous laisse quand même le rapport d'antivir, si vous pouvez en tirer quelque chose:



Avira AntiVir Personal
Report file date: lundi 19 avril 2010 13:44

Scanning for 2013487 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : DELMAS
Computer name : DELMAS-X7CNP9DM

Version information:
BUILD.DAT : 10.0.0.565 32097 Bytes 12/04/2010 16:29:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 19/04/2010 11:29:53
AVSCAN.DLL : 10.0.3.0 46440 Bytes 19/04/2010 11:29:53
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 16:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 07:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 15:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 14:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 09:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 11:29:53
VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 11:29:53
VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 11:29:53
VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 11:29:53
VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 11:29:53
VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 11:29:53
VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 11:29:53
VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 11:29:53
VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 11:29:53
VBASE014.VDF : 7.10.6.91 2048 Bytes 15/04/2010 11:29:53
VBASE015.VDF : 7.10.6.92 2048 Bytes 15/04/2010 11:29:53
VBASE016.VDF : 7.10.6.93 2048 Bytes 15/04/2010 11:29:53
VBASE017.VDF : 7.10.6.94 2048 Bytes 15/04/2010 11:29:53
VBASE018.VDF : 7.10.6.95 2048 Bytes 15/04/2010 11:29:53
VBASE019.VDF : 7.10.6.96 2048 Bytes 15/04/2010 11:29:53
VBASE020.VDF : 7.10.6.97 2048 Bytes 15/04/2010 11:29:53
VBASE021.VDF : 7.10.6.98 2048 Bytes 15/04/2010 11:29:53
VBASE022.VDF : 7.10.6.99 2048 Bytes 15/04/2010 11:29:53
VBASE023.VDF : 7.10.6.100 2048 Bytes 15/04/2010 11:29:53
VBASE024.VDF : 7.10.6.101 2048 Bytes 15/04/2010 11:29:53
VBASE025.VDF : 7.10.6.102 2048 Bytes 15/04/2010 11:29:53
VBASE026.VDF : 7.10.6.103 2048 Bytes 15/04/2010 11:29:53
VBASE027.VDF : 7.10.6.104 2048 Bytes 15/04/2010 11:29:53
VBASE028.VDF : 7.10.6.105 2048 Bytes 15/04/2010 11:29:53
VBASE029.VDF : 7.10.6.106 2048 Bytes 15/04/2010 11:29:53
VBASE030.VDF : 7.10.6.107 2048 Bytes 15/04/2010 11:29:53
VBASE031.VDF : 7.10.6.118 111104 Bytes 19/04/2010 11:29:53
Engineversion : 8.2.1.220
AEVDF.DLL : 8.1.1.3 106868 Bytes 13/02/2010 10:16:21
AESCRIPT.DLL : 8.1.3.26 1286521 Bytes 19/04/2010 11:29:53
AESCN.DLL : 8.1.5.0 127347 Bytes 25/02/2010 16:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 17/03/2010 09:09:47
AERDL.DLL : 8.1.4.6 541043 Bytes 19/04/2010 11:29:53
AEPACK.DLL : 8.2.1.1 426358 Bytes 19/04/2010 11:29:53
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 09:09:46
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 19/04/2010 11:29:53
AEHELP.DLL : 8.1.11.3 242039 Bytes 19/04/2010 11:29:53
AEGEN.DLL : 8.1.3.7 373106 Bytes 19/04/2010 11:29:53
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/11/2009 07:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 19/04/2010 11:29:53
AEBB.DLL : 8.1.0.3 53618 Bytes 10/09/2009 10:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 10:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 10:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 14:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 19/04/2010 11:29:53
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 19/04/2010 11:29:53
AVARKT.DLL : 10.0.0.14 227176 Bytes 19/04/2010 11:29:53
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 07:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 10:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 13:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 12:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 11:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 19/04/2010 11:29:53

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, A:, F:, G:, H:, I:, J:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: lundi 19 avril 2010 13:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'W3dbsmgr.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WGE_SRV.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ntvdm.exe' - '1' Module(s) have been scanned
Scan process 'TOOLBAR.EXE' - '1' Module(s) have been scanned
Scan process 'RtWLan.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!

Starting to scan executable files (registry).
C:\WINDOWS\system32\scfykddb.dll
[DETECTION] Is the TR/Dldr.Agent.dfhk Trojan
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100419-134224-136E2FEC\ARK8.tmp
[DETECTION] Is the TR/Agent.42496.BD Trojan

The registry was scanned ( '400' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100419-134224-136E2FEC\ARK8.tmp
[DETECTION] Is the TR/Agent.42496.BD Trojan
C:\Documents and Settings\DELMAS\Local Settings\Temporary Internet Files\Content.IE5\UOFWZI2Q\iframe2[1].script
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\16AXQ9DV\curl[1].php
[DETECTION] Contains recognition pattern of the JS/Redirector.k.795 Java script virus
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PUTL8S1I\.in.serdassdef.php[1]
[DETECTION] Contains recognition pattern of the JS/Redirector.k.795 Java script virus
C:\Program Files\ChameleonTom\wit4ie.dll
[DETECTION] Is the TR/BHO.215552 Trojan
C:\Program Files\EasyPrediction\2.0\ltie.dll
[DETECTION] Is the TR/BHO.aedi Trojan
C:\WINDOWS\services .exe
[DETECTION] Is the TR/PCK.Katusha.J.1752 Trojan
C:\WINDOWS\system32\scfykddb.dll
[DETECTION] Is the TR/Dldr.Agent.dfhk Trojan
C:\WINDOWS\system32\xukgdrxj.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NJUXTXB9\mn4[1].txt
[DETECTION] Is the TR/PCK.Katusha.J.1752 Trojan
Begin scan in 'D:\' <NORBERT>
Begin scan in 'E:\' <NORBERT 2>
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [1]: Fonction incorrecte.

Beginning disinfection:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NJUXTXB9\mn4[1].txt
[DETECTION] Is the TR/PCK.Katusha.J.1752 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f54efec.qua'.
C:\WINDOWS\system32\xukgdrxj.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '57f4c0b3.qua'.
C:\WINDOWS\services .exe
[DETECTION] Is the TR/PCK.Katusha.J.1752 Trojan
[NOTE] The file was moved to the quarantine directory under the name '05a29aab.qua'.
C:\Program Files\EasyPrediction\2.0\ltie.dll
[DETECTION] Is the TR/BHO.aedi Trojan
[NOTE] The file was moved to the quarantine directory under the name '639ed598.qua'.
C:\Program Files\ChameleonTom\wit4ie.dll
[DETECTION] Is the TR/BHO.215552 Trojan
[NOTE] The file was moved to the quarantine directory under the name '266ff853.qua'.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PUTL8S1I\.in.serdassdef.php[1]
[DETECTION] Contains recognition pattern of the JS/Redirector.k.795 Java script virus
[NOTE] The file was moved to the quarantine directory under the name '590eca32.qua'.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\16AXQ9DV\curl[1].php
[DETECTION] Contains recognition pattern of the JS/Redirector.k.795 Java script virus
[NOTE] The file was moved to the quarantine directory under the name '15b2e68c.qua'.
C:\Documents and Settings\DELMAS\Local Settings\Temporary Internet Files\Content.IE5\UOFWZI2Q\iframe2[1].script
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '69aaa62b.qua'.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100419-134224-136E2FEC\ARK8.tmp
[DETECTION] Is the TR/Agent.42496.BD Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '5db1b950.qua'.
C:\WINDOWS\system32\scfykddb.dll
[DETECTION] Is the TR/Dldr.Agent.dfhk Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CFD6751-2190-45AF-9C38-FEF430E51818}> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '4071ac30.qua'.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CFD6751-2190-45AF-9C38-FEF430E51818}> was removed successfully.


End of the scan: lundi 19 avril 2010 14:23
Used time: 37:14 Minute(s)

The scan has been done completely.

6483 Scanned directories
240810 Files were scanned
12 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
10 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
240798 Files not concerned
4142 Archives were scanned
0 Warnings
10 Notes


Peut on encore faire quelque chose pour lui?

Merci

bah c'est plutôt une bonne anouvelle, ça veut dire qu'Avira fait mieux sont boulot qu'Avast.

Avira à trouvé et supprimer(ou mis en quarantaine) les virus/spywares trouvés.
as-tu encore des alertes venant d'Antivir?

Je viens d'effectuer plusieurs analyses et celles ci sont très positive, aucune détection.
Cependant à chaque démarrage j'ai le droit à de nouvelles alertes, je les mets donc en quarantaine mais celles ci reviennent à chaque fois que je relance le pc.
Des fichiers comme 'msxsltsso.dll' ou bien 'scfykddb.dll' (toujours présent) présents dans le system32 reviennent sans arrêt même si ceux ci sont placés en quarantaine, et bien d'autres.

Que dois je faire après tant de résistance?