Virus récalcitrant [Résolu]

Bonjour,

Pour enlever Ask.com, AskToolbar, utilise Ad-Remover :
http://www.teamxscript.org/adremoverTelechargement.html

Pour enlever SSHNAS, mets à jour Malwarebytes' Anti-Malware et fais un scan.

Bonjour,


Merci pour votre aide, Malwarebytes' Anti-Malware est bien à jour mais il n'a rien détecter (scan ce matin 8h00).

Je viens de faire un scan avec Ad-Remover et voici le rapport ;



======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 16/01/11 à 02:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 09:57:31 le 16/01/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Propriétaire@PRIV-B7080641F8 ( )

============== RECHERCHE ==============


Dossier trouvé: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\conduit
Fichier trouvé: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\searchplugins\conduit.xml
Fichier trouvé: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\searchplugins\mywebsearch.xml
Dossier trouvé: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit

-- Fichier ouvert: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\Prefs.js --
Ligne trouvée: user_pref("CT2613520.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Ligne trouvée: user_pref("CT2613520.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261...
Ligne trouvée: user_pref("CT2613520.ct2613520.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=U...
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearc...
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2613520");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2613520");
Ligne trouvée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 07 2011 09:35:33 GMT+0100");
Ligne trouvée: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613520");
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&Sea...
Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZVfo...
Ligne trouvée: user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea...
Ligne trouvée: user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Ligne trouvée: user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Ligne trouvée: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&q=");
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Clé trouvée: HKLM\Software\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Clé trouvée: HKLM\Software\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2613520
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKCU\Software\Ask.com
Clé trouvée: HKCU\Software\AskToolbar
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.13 (fr)] **

-- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Propriétaire\\Bureau
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&SearchSource=3&q={searchTerms}
browser.search.selectedEngine, Protection ZoneAlarm Customized Web Search
browser.startup.homepage, hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZVfox000&ptb=SIdFcn1JPeLfTQ6YsceIxw
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&q=

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 3 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 16/01/2011 (5496 Octet(s))
C:\Ad-Report-SCAN[2].txt - 16/01/2011 (2651 Octet(s))

Fin à: 09:58:27, 16/01/2011

============== E.O.F ==============

Bonjour,

Merci pour votre réponse, j'ai déjà fais un scan avec Malwarebytes' Anti-Malware à jours se matin mais il n'a rien trouver.

Donc voila le rapport de Ad-Remover :

======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 16/01/11 à 02:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 09:54:22 le 16/01/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Propriétaire@PRIV-B7080641F8 ( )

============== RECHERCHE ==============


Dossier trouvé: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\conduit
Fichier trouvé: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\searchplugins\conduit.xml
Fichier trouvé: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\searchplugins\mywebsearch.xml
Dossier trouvé: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit

-- Fichier ouvert: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\Prefs.js --
Ligne trouvée: user_pref("CT2613520.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Ligne trouvée: user_pref("CT2613520.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261...
Ligne trouvée: user_pref("CT2613520.ct2613520.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=U...
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearc...
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2613520");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2613520");
Ligne trouvée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 07 2011 09:35:33 GMT+0100");
Ligne trouvée: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613520");
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&Sea...
Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZVfo...
Ligne trouvée: user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea...
Ligne trouvée: user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Ligne trouvée: user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Ligne trouvée: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&q=");
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Clé trouvée: HKLM\Software\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Clé trouvée: HKLM\Software\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2613520
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKCU\Software\Ask.com
Clé trouvée: HKCU\Software\AskToolbar
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.13 (fr)] **

-- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\3o51ufmz.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Propriétaire\\Bureau
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&SearchSource=3&q={searchTerms}
browser.search.selectedEngine, Protection ZoneAlarm Customized Web Search
browser.startup.homepage, hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZVfox000&ptb=SIdFcn1JPeLfTQ6YsceIxw
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613520&q=

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 16/01/2011 (2651 Octet(s))

Fin à: 09:55:15, 16/01/2011

============== E.O.F ==============

Merci !

Bonjour,


Merci pour votre aide, j'ai déjà fais un scan avec Malwarebytes' Anti-Malware à jour se matin mais il n'a rien trouver.


Voilà le rapport de Ad-Remover :

http://www.cijoint.fr/cjlink.php?file=cj201101/cijoHEVYpW.txt

Tu peux faire l'option Nettoyer d'Ad-Remover puis poster un nouveau rapport ZHPDiag.

Je viens de nettoyer avec Ad-Remover puis redémarrer (plantage de Windows).


Voilà le rapport de ZHPDiag ;

http://www.cijoint.fr/cjlink.php?file=cj201101/cij6xboHhq.txt

Tu peux désinstaller Ad-Remover.

--> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").


O64 - Services: CurCS - (.not file.) - SSHNAS (SSHNAS) .(.Pas de propriétaire - Pas de description.) - LEGACY_SSHNAS


--> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.

--> Une fois ZHPFix ouvert, clique sur le bouton "H" (Coller les lignes Helper).

--> Dans l'encadré principal, tu verras donc la ligne que tu as copié précédemment apparaître.

--> Clique sur "OK", puis "Tous" et enfin "Nettoyer".

--> Copie-colle le rapport dans ton prochain message.

Le rapport est enregistré sur ton Bureau. Il s'appelle ZHPFixReport.

Voilà le rapport ;


Rapport de ZHPFix 1.12.3237 par Nicolas Coolman, Update du 12/01/2011
Fichier d'export Registre :
Run by Propriétaire at 16.01.2011 11:21:48
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
O64 - Services: CurCS - (.not file.) - SSHNAS (SSHNAS) .(.Pas de propriétaire - Pas de description.) - LEGACY_SSHNAS => Clé supprimée avec succès


========== Récapitulatif ==========
1 : Clé(s) du Registre


End of the scan

Bien.

"Mon pc est infecter pas une bestiole"

--> Qui te l'a indiqué ?

Quand je suis sur skype, une personne peux voir tous se qui se passe. L'historique de mes sites, voir mes mails ect...

J'ai les symptômes suivants :

Activité anormale de la carte réseau et du disque : des données sont chargées en mon absence ;

Réactions curieuses de la souris ;

Plantages à répétition ;


Y'a tous symptôme d'une infection par un cheval de Troie.

Faut pas être parano non plus, je n'ai rien vu de très inquiétant dans le rapport ZHPDiag.

En désactivent la restauration système et en la réactivent, Malwarebytes' Anti-Malware à découvert et a supprimer 5 trojan horse.

Norton360 n'avais rien vu !

Tu peux me poster le rapport ?

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5512

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.01.2011 18:57:58
mbam-log-2011-01-13 (18-57-58).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 267475
Temps écoulé: 45 minute(s), 49 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HiSoft\CrackDownloader (CrackTool.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\H3O8CABBPI (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790475BD765B5535AB94 (Malware.Trace) -> Value: SRS_IT_E8790475BD765B5535AB94 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NYEEzYqtLvLqWa (Trojan.Agent) -> Value: NYEEzYqtLvLqWa -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\HomePage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\propriétaire\mes documents\téléchargements\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\mes documents\téléchargements\crackdownloader 2.2 (hisoft) _parazite urbain\crackdownloader 2.2.0xe (CrackTool.Agent) -> Quarantined and deleted successfully.

Tu peux supprimer tout ce qu'il y a dans la quarantaine.

31 élément en quarantaine

Re,

J'ai fais un scan avec Ad-Aware et il a trouver ceci Trojan.Win32.Generic!BT.


Résultat scan des ports (zebulon.fr) ;

21 ftp
22
23
25
79
80
110
113
119
135
139
143
389
443
445
1002 N/A Port non standard Trojans possibles : N/A
1024 N/A Port réservé Trojans possibles : Jade, Latinus, NetSpy, Remote Administration Tool - RAT [no 2]
1025 N/A Port non standard Trojans possibles : Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm
1026 N/A Port non standard Trojans possibles : N/A
1027 N/A Port non standard Trojans possibles : ICKiller
1028 N/A Port non standard Trojans possibles : N/A
1029 N/A Port non standard Trojans possibles : InCommand Access, ICQ Nuke 98
1030 N/A Port non standard Trojans possibles : N/A
1720 h323hostcall Port non standard. Peut être utilisé par NetMeeting Trojans possibles : N/A
5000 N/A Utilisé pour communiquer avec tous les périphériques UpnP reliés à votre réseau

J'ai fais un scan complet avec AD-Aware, voici le rapport ;

Logfile created: 16.01.2011 14:44:57
Ad-Aware version: 9.0.1
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Propriétaire

*********************** Definitions database information ***********************
Lavasoft definition file: 150.239
Genotype definition file version: 2011/01/14 08:16:20
Extended engine definition file: 8086.0

******************************** Scan results: *********************************
Scan profile name: Analyse complète (ID: full)
Objects scanned: 254539
Objects detected: 9


Type Detected
==========================
Processes.......: 0
Registry entries: 1
Hostfile entries: 0
Files...........: 8
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: c:\documents and settings\propriétaire\mes documents\downloads\crackdownloader_2_2.zip::crackdown.exe Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 936 MD5: C214925A6E327165F985AAEEF29BD7F3
Description: c:\documents and settings\propriétaire\mes documents\téléchargements\cd2.2_parazite_urbain.rar::crackdownloader 2.2 (hisoft) _parazite urbain\crackdownloader 2.2.exe Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 936 MD5: C214925A6E327165F985AAEEF29BD7F3
Description: c:\documents and settings\propriétaire\mes documents\téléchargements\setup\xdemo.zip::xpymep.exe Family Name: Win32.TrojanDownloader.Pher Engine: 1 Clean status: Success Item ID: 0 Family ID: 1394358 MD5: DD6B78C6BC01A1F07E7CA71FA5681A19

Quarantined items:
Description: HKLM:SYSTEM\ControlSet001\Control\Lsa:restrictanonymous Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 34823 Family ID: 936
Description: c:\documents and settings\propriétaire\mes documents\téléchargements\setup\xdemo\xpymep.0xe Family Name: Win32.TrojanDownloader.Pher Engine: 1 Clean status: Success Item ID: 0 Family ID: 1394358 MD5: dd6b78c6bc01a1f07e7ca71fa5681a19
Description: c:\documents and settings\propriétaire\mes documents\téléchargements\setup\xpymep.0xe Family Name: Win32.TrojanDownloader.Pher Engine: 1 Clean status: Success Item ID: 0 Family ID: 1394358 MD5: dd6b78c6bc01a1f07e7ca71fa5681a19
Description: c:\documents and settings\propriétaire\mes documents\téléchargements\submitok\discounts-shops.com_fullofsearchcom.0tml Family Name: Trojan-Clicker.HTML.IFrame (v) Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: a8c845e0c456435050b06141e69dc0ae
Description: c:\n360_backup\{f9e12210-fdad-421a-9512-51ea198a2cbb}\{5\08cc82d-d3e7-473b-87d7-f15dc04d86b6}.0 Family Name: Trojan-Clicker.HTML.IFrame (v) Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: db49178cad2169368b58d49e71aea955
Description: c:\system volume information\_restore{f25840e2-f7c4-4efd-a6eb-e07f2b378518}\rp20\a0004794.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 214edd4d063346142c25953d99d3885a

Scan and cleaning complete: Finished correctly after 13304 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Analyse complète
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sun Jan 16 13:50:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sun Jan 16 19:50:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sun Jan 16 01:50:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sun Jan 16 07:50:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sun Jan 16 13:50:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: fr, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: PRIV-B7080641F8
Processor name: Intel(R) Pentium(R) D CPU 3.00GHz
Processor identifier: x86 Family 15 Model 6 Stepping 5
Processor speed: ~3000MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1541, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 1058086912 bytes
Physical memory total: 2145824768 bytes
Virtual memory available: 1838182400 bytes
Virtual memory total: 2147352576 bytes
Memory load: 50%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 872 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: AUTORITE NT
PID: 964 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: AUTORITE NT
PID: 988 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: AUTORITE NT
PID: 1032 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: AUTORITE NT
PID: 1044 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: AUTORITE NT
PID: 1224 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: AUTORITE NT
PID: 1260 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1340 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 1456 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1704 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: AUTORITE NT
PID: 1860 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: AUTORITE NT
PID: 1984 name: C:\WINDOWS\Explorer.EXE owner: Propriétaire domain: PRIV-B7080641F8
PID: 328 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Propriétaire domain: PRIV-B7080641F8
PID: 344 name: C:\WINDOWS\RTHDCPL.EXE owner: Propriétaire domain: PRIV-B7080641F8
PID: 360 name: C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 488 name: C:\Program Files\Nero\Nero 7\InCD\InCD.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 496 name: C:\Program Files\Soft4Ever\looknstop\looknstop.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 600 name: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 1576 name: C:\WINDOWS\system32\ctfmon.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 1796 name: C:\Program Files\Skype\Phone\Skype.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 1664 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 1316 name: C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe owner: SYSTEM domain: AUTORITE NT
PID: 812 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: AUTORITE NT
PID: 1328 name: C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe owner: SYSTEM domain: AUTORITE NT
PID: 904 name: C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1740 name: C:\WINDOWS\system32\HPZipm12.exe owner: SYSTEM domain: AUTORITE NT
PID: 1700 name: C:\WINDOWS\system32\PnkBstrA.exe owner: SYSTEM domain: AUTORITE NT
PID: 772 name: C:\Program Files\Secunia\PSI\PSIA.exe owner: SYSTEM domain: AUTORITE NT
PID: 2912 name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe owner: SYSTEM domain: AUTORITE NT
PID: 2980 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 3516 name: C:\Program Files\Skype\Plugin Manager\skypePM.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 3528 name: C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 2156 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: AUTORITE NT
PID: 2296 name: C:\WINDOWS\system32\wbem\wmiapsrv.exe owner: SYSTEM domain: AUTORITE NT
PID: 2408 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: AUTORITE NT
PID: 2608 name: C:\WINDOWS\System32\alg.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 2564 name: C:\Program Files\Secunia\PSI\sua.exe owner: SYSTEM domain: AUTORITE NT
PID: 2940 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 3500 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Propriétaire domain: PRIV-B7080641F8
PID: 2176 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Propriétaire domain: PRIV-B7080641F8

Startup items:
Name: 36X Raid Configurer
imagepath: C:\WINDOWS\system32\JMRaidSetup.exe boot
Name: nwiz
imagepath: nwiz.exe /installquiet
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
Name: AdobeAAMUpdater-1.0
imagepath: "C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Name: AdobeCS5ServiceManager
imagepath: "C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
Name: NeroFilterCheck
imagepath: C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
Name: InCD
imagepath: C:\Program Files\Nero\Nero 7\InCD\InCD.exe
Name: Look 'n' Stop
imagepath: "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Name: Adobe ARM
imagepath: "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: HP Software Update
imagepath: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Name:
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Pré-chargeur Browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Démon de cache des catégories de composant
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name:
imagepath: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Secunia PSI Tray.lnk
imagepath: C:\Program Files\Secunia\PSI\psi_tray.exe
Name:
location: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
imagepath: C:\Program Files\WinZip\WZQKPICK.EXE

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Service de la passerelle de la couche Application
Name: AudioSrv
displayname: Audio Windows
Name: Browser
displayname: Explorateur d'ordinateur
Name: CryptSvc
displayname: Services de cryptographie
Name: DcomLaunch
displayname: Lanceur de processus serveur DCOM
Name: Dhcp
displayname: Client DHCP
Name: ERSvc
displayname: Service de rapport d'erreurs
Name: Eventlog
displayname: Journal des événements
Name: EventSystem
displayname: Système d'événements de COM+
Name: FastUserSwitchingCompatibility
displayname: Compatibilité avec le Changement rapide d'utilisateur
Name: helpsvc
displayname: Aide et support
Name: HidServ
displayname: HID Input Service
Name: InCDsrv
displayname: InCD Helper
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Serveur
Name: lanmanworkstation
displayname: Station de travail
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: N360
displayname: Norton 360
Name: Netman
displayname: Connexions réseau
Name: Nla
displayname: NLA (Network Location Awareness)
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug-and-Play
Name: Pml Driver HPZ12
displayname: Pml Driver HPZ12
Name: PnkBstrA
displayname: PnkBstrA
Name: ProtectedStorage
displayname: Emplacement protégé
Name: RasMan
displayname: Gestionnaire de connexions d'accès distant
Name: RpcSs
displayname: Appel de procédure distante (RPC)
Name: SamSs
displayname: Gestionnaire de comptes de sécurité
Name: seclogon
displayname: Connexion secondaire
Name: Secunia PSI Agent
displayname: Secunia PSI Agent
Name: Secunia Update Agent
displayname: Secunia Update Agent
Name: SENS
displayname: Notification d'événement système
Name: SharedAccess
displayname: Pare-feu Windows / Partage de connexion Internet
Name: ShellHWDetection
displayname: Détection matériel noyau
Name: Spooler
displayname: Spouleur d'impression
Name: srservice
displayname: Service de restauration système
Name: StarWindServiceAE
displayname: StarWind AE Service
Name: stisvc
displayname: Acquisition d'image Windows (WIA)
Name: TapiSrv
displayname: Téléphonie
Name: TermService
displayname: Services Terminal Server
Name: Themes
displayname: Thèmes
Name: TrkWks
displayname: Client de suivi de lien distribué
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Infrastructure de gestion Windows
Name: WmiApSrv
displayname: Carte de performance WMI
Name: wuauserv
displayname: Mises à jour automatiques
Name: WZCSVC
displayname: Configuration automatique sans fil