Bonjour à tous,
 
suite à une lecture (mais trop tardive) du très bon topic sécurité et prévention, je me permets de demander de l'aide car j'ai un rogue dans mon pc depuis hier soir...  
 
Comme d'hab pour info, ma config :
CM Abit NF7S
Processeur Athlon XP 2800+
2 x 512 MO RAM G-Skill
ATI RADEON 9200 SE (j'ai honte... je vais changer promis).
Carte tuner tv Leadtek
 
Précision j'ai formaté mon DD il y a 1 mois ou presque...
 
 
 
Bon alors pour résumé, je surfais tranquilou, les mains dans les potches, quand tout d'un coup, surprise, changement de mon ecran de fond, message de virus qui m'arrive de tout côté et etc... Bizarre...  
 
Après quelques recherches, je vois que c'est un rogue, antispywareexpert pour info, qui m'a infecté. Alors suite à quelques lectures je lance Malware bytes antimalware, dont voici le rapport ici :
 
 
 
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 930
Windows 5.1.2600  
 
00:25:54 08/07/2008
mbam-log-7-8-2008 (00-25-54).txt
 
Type de recherche: Examen complet (C:\|D:\|H:\|)
Eléments examinés: 87441
Temps écoulé: 1 hour(s), 10 minute(s), 10 second(s)
 
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 23
 
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\lhjkxkcl.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qoMdAtQj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\fdxbameg.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Unloaded module successfully.
 
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34174eb6-fc56-44ee-a11f-e862757bc053} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{34174eb6-fc56-44ee-a11f-e862757bc053} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbaphh (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1ce347d5-97a4-4c62-8281-07b194b783b3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86af81ac-6548-4711-88e1-04c564c50884} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{45cdab3e-cb41-459a-9cde-81647c988c48} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca9afaab-e1d4-4d52-883c-02981238c0da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca9afaab-e1d4-4d52-883c-02981238c0da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bbpq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully.
 
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7cb2a069 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{33da9e3c-935e-4ec2-977d-afe3a3b5e727} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdatqj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdatqj  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-0000356-23390) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Dossier(s) infecté(s):
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Fichier(s) infecté(s):
C:\WINDOWS\system32\qoMdAtQj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jQtAdMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jQtAdMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lhjkxkcl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lckxkjhl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\ebaq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Logiciels\Photos - vidéos\ACDSee\ACDSee5\ACDSeev50WinALLKeymak.Onl\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\fdxbameg.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wbxdpgfeqdb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerome\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
 
Confiant, je redémarre le pc...
 
bonne nouvelle, je n'ai plus de message fanatique d'attaques fantômes qui me conseil d'aller télécharger tel ou tel logiciel.
 
Mauvaise nouvelle, je n'ai plus d'écrans de fond, et impossible d'en remettre un via la commande Affichage / propriétés / bureau.
 
J'ai lancé une analyse complete de mon système avec Antivir (qui au passage ne l'avait pas détecté), je vous donnerais le rapport demain.  
Pourriez vous m'aider ??? me dire si il faut que je lance d'autres logiciels ???  (smitfraudFIX ?)
 
Merci d'avance.

salut,
 
>>Mauvaise nouvelle, je n'ai plus d'écrans de fond, et impossible d'en remettre un >>via la commande Affichage / propriétés / bureau.
 
Vérifie en éditant la BdR avec regedit.exe si *toutes* tes valeurs sont bien à zéro (dword:00000000).
http://www.kellys-korner-xp.com/re [...] enable.reg
 
précaution d'usage: sauvegarde la clé, ou la branche, voire la ruche avant toutes modifs.

Hello,
 
merci houba 78.
 
Oui, toutes mes valeurs sont bien à 0000000.
 
Pour info j'ai tester un scan de mon pc avec rogueremover mais il a rien trouvé.  
Est ce qu'un clean register pourrait arranger le tout ?
 
Pour info je colle mon rapport d'antivir qui a apparemment trouvé d'autres éléments...  
 
Avira AntiVir Personal
Report file date: mardi 8 juillet 2008  00:30
 
Scanning for 1382539 virus strains and unwanted programs.
 
Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (plain)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    DJE-PC
 
Version information:
BUILD.DAT     : 8.1.0.308       16478 Bytes  28/05/2008 17:03:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes  18/03/2008 09:02:56
AVSCAN.DLL    : 8.1.1.0         53505 Bytes  07/02/2008 08:43:37
LUKE.DLL      : 8.1.2.9        151809 Bytes  28/02/2008 08:41:23
LUKERES.DLL   : 8.1.2.1         12033 Bytes  21/02/2008 08:28:40
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.5.1       8182784 Bytes  24/06/2008 17:01:56
ANTIVIR2.VDF  : 7.0.5.51       273408 Bytes  04/07/2008 09:33:05
ANTIVIR3.VDF  : 7.0.5.59        51712 Bytes  07/07/2008 18:13:59
Engineversion : 8.1.0.64  
AEVDF.DLL     : 8.1.0.5        102772 Bytes  25/02/2008 09:58:21
AESCRIPT.DLL  : 8.1.0.46       283002 Bytes  03/07/2008 06:14:17
AESCN.DLL     : 8.1.0.22       119157 Bytes  23/06/2008 05:54:21
AERDL.DLL     : 8.1.0.20       418165 Bytes  17/06/2008 22:26:33
AEPACK.DLL    : 8.1.1.6        364918 Bytes  23/06/2008 05:54:20
AEOFFICE.DLL  : 8.1.0.20       192891 Bytes  23/06/2008 05:54:20
AEHEUR.DLL    : 8.1.0.35      1298806 Bytes  03/07/2008 06:14:15
AEHELP.DLL    : 8.1.0.15       115063 Bytes  17/06/2008 22:26:30
AEGEN.DLL     : 8.1.0.29       307573 Bytes  23/06/2008 05:54:18
AEEMU.DLL     : 8.1.0.6        430451 Bytes  17/06/2008 22:26:28
AECORE.DLL    : 8.1.0.32       168311 Bytes  03/07/2008 06:14:10
AVWINLL.DLL   : 1.0.0.7         14593 Bytes  23/01/2008 17:07:53
AVPREF.DLL    : 8.0.0.1         25857 Bytes  18/02/2008 10:37:50
AVREP.DLL     : 7.0.0.1        155688 Bytes  16/04/2007 13:26:47
AVREG.DLL     : 8.0.0.0         30977 Bytes  23/01/2008 17:07:49
AVARKT.DLL    : 1.0.0.23       307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes  28/02/2008 08:31:31
SQLITE3.DLL   : 3.3.17.1       339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes  23/01/2008 17:08:39
NETNT.DLL     : 8.0.0.1          7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes  10/03/2008 14:37:25
RCTEXT.DLL    : 8.0.32.0        86273 Bytes  06/03/2008 12:02:11
 
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, H:,  
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
 
Start of the scan: mardi 8 juillet 2008  00:30
 
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WTS_KEY.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SATARaid.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'WFWIZ.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'Kmaestro.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'sstray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned
 
Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!
Master boot sector HD1
      [INFO]      No virus was found!
Master boot sector HD2
      [INFO]      No virus was found!
 
Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!
Boot sector 'D:\'
      [INFO]      No virus was found!
Boot sector 'H:\'
      [INFO]      No virus was found!
 
Starting to scan the registry.
The registry was scanned ( '28' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004181.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '48a300d1.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004183.exe
      [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
      [NOTE]      The file was moved to '48a300d3.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004184.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '48a300da.qua'!
C:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004185.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was deleted!
C:\WINDOWS\fdxbameg.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was deleted!
C:\WINDOWS\fsrpknov.dll
      [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
      [NOTE]      The file was deleted!
C:\WINDOWS\system32\lhjkxkcl.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was deleted!
C:\WINDOWS\system32\ljJbAPhH.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was deleted!
C:\WINDOWS\system32\qoMdAtQj.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was deleted!
Begin scan in 'D:\'
D:\Logiciels\Photos - vidéos\CyberLink PowerDVD XP 4.0\FO-PDVD4.EXE
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
D:\Logiciels\WinACE\WinACE_2bcalvi\W211_FR.EXE
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
D:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP49\A0003968.exe
      [DETECTION] Contains detection pattern of the dropper DR/Gator.3202.12
      [NOTE]      The file was deleted!
D:\System Volume Information\_restore{16948C45-5E62-4F0F-8F67-3248B01E16CD}\RP55\A0004182.EXE
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was deleted!
Begin scan in 'H:\' <Documents>
 
 
End of the scan: mardi 8 juillet 2008  08:17
Used time:  7:47:39 min
 
The scan has been done completely.
 
   3972 Scanning directories
 229592 Files were scanned
     11 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      8 files were deleted
      0 files were repaired
      3 files were moved to quarantine
      0 files were renamed
      4 Files cannot be scanned
 229581 Files not concerned
   4055 Archives were scanned
      4 Warnings
     11 Notes
 
Je n'ai plus du tout de message ou d'alerte de antispywareexpert, néanmoins j'ai toujours mon écran blanc, et quelques modif dans mon menu démarrer (àmon avis je peux m attendre à d'autres choses au fur et a mesure).

re,
 
>>(àmon avis je peux m attendre à d'autres choses au fur et a mesure).
 
Je le pense aussi, que la souche n'est pas complètement éradiquée...
 
Viré par MBAM...
C:\WINDOWS\system32\ljJbAPhH.dll (Trojan.Vundo) -> Delete on reboot.
 
Il s'est auto-recrée entre temps puisqu' antivir l'avait re-viré...
C:\WINDOWS\system32\ljJbAPhH.dll  
      [DETECTION] Is the Trojan horse TR/Trash.Gen  
      [NOTE]      The file was deleted!
 
Je te laisse le lien général sur les malveillants, pour les prochaines fois.  
http://www.malekal.com/guide_supression_spywares.php
Dans ton cas, amha c'est cette section qui devrait t'intéresser:
Virtumonde / Msevents / Trojan.vundo
 
ps: 2bcalvi
Dany s'est fait choper il y a 4/5 ans ?, le site avait même disparu de la Toile durant 3-6 mois ?. Puis quelq'un d'autre avait repris le flambeau, en se faisant passer pour Dany ?, mais de qualité moindre voire douteuse.
Perso je me méfierais...