Surinfection Win32:Virut,Win32:Rootkit-gen,tr [Résolu]

comence par ça stp:

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

rassure moi t as supprimé les infections ??

car sur ce rapport elles ne sont pas supprimé

regarde dans rapport/log

si t as supprime tu devrais avoir un autre rapport

Bonjour,
je viens d'acheter un ordinateur sous système freedos , je n'arrive pas à installer mon xp (ori) , pour cause mon portable ne retrouve pas de lecteur disque dur ou du moins il demande de vérifier les connections ou configurations liées au lecteur du disque dur.
merci de bien vouloir m'aider
As

réouvre maleware byte
va dans l onglet quarantaine
supprime tout

puis fais ça :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

ok réouvre clean et passe l option 2

puis poste moi le rapport stp

ok on continue maintenant fais ça :

Télécharge HijackThis ici :

-> http://www.01net.com/...

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

bon plusieures choses si ton xp est un original :

instale le SP2 (pack de mise a jours ):

http://www.01net.com/telecharger/windows/Utilitaire/dll_librairies/fiches/29989.html

instal aussi internet 7 :

http://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

apres je te conseil de sésinstaller avast car c est une vrai passoire ( t en a eu le preuve) et instal antivir :

http://www.01net.com/...

puis met le a jours et lance l analyse complete et poste moi le rapport stp

Rapport avira:
Avira AntiVir Personal
Report file date: dimanche 20 avril 2008 17:24

Scanning for 1218459 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NICOLAS-YH79R6H

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 15:12:55
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 15:13:00
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 15:13:24
AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 15:13:22
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 15:13:19
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 15:13:17
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 15:13:15
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 15:13:06
AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 15:13:05
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 15:13:03
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 20 avril 2008 17:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'mravsc32.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\dllcache\mravsc32.exe'
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'mravsc32.exe' has been terminated
C:\WINDOWS\system32\dllcache\mravsc32.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!

32 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\hwqrwhbb.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!

The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_NICOLAS-YH79R6H.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> WINDOWS/System32/mto.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
--> WINDOWS/System32/yygc.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/gqezey.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/jvpjbgoz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/scctkkh.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/tfsjotr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/bpfgar.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/moywed.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/vscauso.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/yzed.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/qretpke.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/mljjgded.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> WINDOWS/System32/hwqrwhbb.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> WINDOWS/System32/rqRiJyvu.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> WINDOWS/System32/qoMffCvS.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> WINDOWS/System32/npaoxjra.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\ddos[1].htm
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[WARNING] The file was ignored!
C:\Documents and Settings\Nico\Local Settings\Temp\_bm1fcmlkY2NudF9oYV9tYV9rdzFfbWE1ZnJz_c29mdA_bm1fX2YyYTQ5MzEwMGJlZTExZGQ5ZGM0ZmZmZmZmY2ZmZmZmX2I0OWI2Y2NmOGY1YjQ1ZjY4MTJmNDMwODJjMmFhN2Yx_.EXE
[DETECTION] Is the Trojan horse TR/Peed.A.280
[NOTE] The file was deleted!
C:\Documents and Settings\Nico\Local Settings\Temp\_ZGlyZWN0bHlvbl9tYTVmcnM_a2V5aW4_a2V5aW4_.exe
[DETECTION] Is the Trojan horse TR/Peed.A.280
[WARNING] The file was ignored!
C:\Program Files\SpyErazer\QuarantineFolder\{362579CF-D429-4992-9E23-03DC3EC767D1}
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP16\A0005634.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP16\A0005635.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001169.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001170.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001171.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001174.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001176.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001177.scr
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001178.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001179.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001180.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001181.exe
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001182.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001183.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001184.exe
[DETECTION] Is the Trojan horse TR/Killav.28714
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001189.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\abzwsiz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\anlyvs.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\awofuyuc.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\bcslh.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bocitfj.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bpfgar.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bpnx.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bxmaq.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bxolgqna.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\cakzznkw.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\cqcrwdmx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\dlwyyz.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\dpkemvm.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\dqkb.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\dszton.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\dvjeaezu.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\dxeewn.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\dzfe.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\eqoypoh.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\gaxxx.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\ghmkiwj.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\gjjezxqx.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\gqezey.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\hnjb.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\htunbg.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\iqxcx.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\jiuuws.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\jvpjbgoz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\jxcnb.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\kdlsnqv.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\kopwzp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\lfxk.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\llnzhw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\lyxpsqae.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mevp.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\mljjgded.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\momp.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\moywed.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mto.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mugf.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\mugi.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\nkehmhxn.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\nlfywc.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\npaoxjra.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\nutue.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\ohwvnyxn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ootfetsr.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\oyjqn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\powtls.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\puiuxy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\pwdp.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\qefau.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qoMffCvS.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qpag.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qretpke.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\qunmjmrz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\rnaifgzv.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\rqRiJyvu.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\rsyn.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\saurucf.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\scctkkh.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\srqzydse.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\stkt.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\swns.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\tbagy.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\tfsjotr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\tiwxwe.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\tnbesl.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\uddjlabm.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\unosbb.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\upwwn.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\vohltyb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\vscauso.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\wkigrp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\xctnr.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\xpiglyei.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\yicy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\yygc.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\yzed.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\zhts.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\zoju.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\etc\hosts
[DETECTION] Is the Trojan horse TR/Qhost.AA
[NOTE] The file was deleted!
C:\WINDOWS\Temp\DIL4.tmp
[DETECTION] Is the Trojan horse TR/Favadd.BF
[NOTE] The file was deleted!


End of the scan: dimanche 20 avril 2008 18:00
Used time: 35:38 min

The scan has been done completely.

2202 Scanning directories
96337 Files were scanned
122 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
103 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
96215 Files not concerned
950 Archives were scanned
5 Warnings
103 Notes

ok il a fait le menage

refais un scan hijackthis et poste moi le rapport stp

ok,here we go:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:04, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Nico\Local Settings\Temporary Internet Files\Content.IE5\3YKR72IJ\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

ok il te reste des infections

fais ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

rapport combofix:
ComboFix 08-04-18.3 - Nico 2008-04-20 18:38:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.533 [GMT 2:00]
Endroit: C:\Documents and Settings\Nico\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dedgjjlm.ini
C:\WINDOWS\system32\dedgjjlm.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 17:08 . 2008-04-20 17:08 <REP> d-------- C:\Program Files\Avira
2008-04-20 17:08 . 2008-04-20 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-20 16:54 . 2008-04-20 18:38 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-20 16:47 . 2008-04-20 16:47 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-20 16:41 . 2008-04-20 16:44 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-20 16:19 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-20 16:19 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-20 16:19 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-20 16:19 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-20 16:19 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-20 16:19 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-20 16:19 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-20 16:19 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-20 16:19 . 2006-10-27 15:09 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-20 16:19 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 16:07 . 2008-04-20 16:07 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
2008-04-20 15:51 . 2008-04-20 16:09 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-20 15:44 . 2004-08-19 16:09 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-04-20 15:44 . 2004-08-19 16:10 32,768 --a------ C:\WINDOWS\system32\snmp.exe
2008-04-20 15:44 . 2004-08-19 16:10 32,768 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe
2008-04-20 15:42 . 2008-04-20 15:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-20 15:42 . 2004-08-19 16:09 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-04-20 15:26 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u02423_.tmp
2008-04-20 15:17 . 2008-04-20 15:48 <REP> d-------- C:\WINDOWS\EHome
2008-04-20 15:08 . 2008-04-20 15:08 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-04-20 12:04 . 2008-04-20 12:04 <REP> d-------- C:\Documents and Settings\Nico\Application Data\Malwarebytes
2008-04-20 12:03 . 2008-04-20 13:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 12:03 . 2008-04-20 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 12:03 . 2008-04-20 12:03 74,752 --a------ C:\scxxsjah.exe
2008-04-20 10:28 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-20 09:49 . 2008-04-20 13:11 1,541,089 ---hs---- C:\WINDOWS\system32\bbhwrqwh.ini
2008-04-20 09:46 . 2008-04-20 09:46 118 --a------ C:\WINDOWS\system32\ymgokcbp.bat
2008-04-20 09:06 . 2008-04-20 09:47 1,540,677 ---hs---- C:\WINDOWS\system32\hcqbtvso.ini
2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2008-04-20 08:51 . 2004-08-03 23:04 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime
2008-04-20 08:51 . 2003-04-24 14:00 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime
2008-04-20 08:51 . 2004-08-03 23:04 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2008-04-20 08:51 . 2003-04-24 14:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-04-20 08:51 . 2003-04-24 14:00 31,360 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-04-20 08:49 . 2003-04-24 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-20 08:48 . 2003-04-24 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-20 08:47 . 2003-04-24 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-20 08:42 . 2008-04-20 08:42 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-20 08:41 . 2004-08-19 16:09 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2008-04-20 08:41 . 2003-04-24 14:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-04-20 08:41 . 2003-04-24 14:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-04-20 08:41 . 2003-04-24 14:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-04-20 08:25 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET22.tmp
2008-04-19 18:41 . 2008-04-19 18:41 <REP> d-------- C:\Program Files\Google
2008-04-19 14:53 . 2008-04-19 16:26 4 --a------ C:\WINDOWS\scanreg.ini
2008-04-19 14:49 . 2005-02-01 14:49 12 --a------ C:\WINDOWS\system32\wsxttime.sys
2008-04-19 14:37 . 2008-04-20 16:57 <REP> d-------- C:\Program Files\Systerac XP Tools 3
2008-04-19 14:36 . 2008-04-19 14:36 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-04-19 14:23 . 2008-04-20 16:55 <REP> d-------- C:\Program Files\SpyErazer
2008-04-19 14:23 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-04-19 14:23 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-04-19 14:23 . 2008-04-19 14:23 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-04-19 14:23 . 2008-04-19 14:23 3,120 --a------ C:\WINDOWS\118294.78
2008-04-19 14:23 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-04-19 11:30 . 2008-04-20 16:46 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-19 11:30 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-19 11:27 . 2008-04-19 11:27 <REP> d-------- C:\WINDOWS\system32\bits
2008-04-19 11:26 . 2004-08-19 16:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-19 11:26 . 2004-08-19 16:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-19 11:26 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-04-19 11:26 . 2004-08-19 16:09 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-04-19 11:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-19 11:20 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-19 11:18 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-19 11:18 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-19 11:18 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-19 11:18 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-19 11:18 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-19 11:18 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-19 11:18 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-19 11:18 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-19 10:59 . 2008-04-20 12:05 2 --a------ C:\1756552116
2008-04-19 09:19 . 2007-01-25 16:37 4,027,456 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-19 09:18 . 2008-04-19 09:18 <REP> d-------- C:\Program Files\Realtek AC97
2008-04-19 09:18 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-19 09:18 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-19 09:17 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-19 09:01 . 2008-04-19 09:01 <REP> d---s---- C:\Documents and Settings\Nico\UserData
2008-04-19 07:22 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-19 07:19 . 2008-04-20 11:38 109,756 --a------ C:\WINDOWS\BM6b81e887.xml
2008-04-19 06:43 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET1B.tmp
2008-04-19 06:43 . 2003-04-24 14:00 13,923 -ra------ C:\WINDOWS\SET27.tmp
2008-04-18 00:44 . 2008-04-18 00:44 116 --a------ C:\WINDOWS\system32\nbsven.bat
2008-04-17 18:07 . 2008-04-19 19:26 425,459 --a------ C:\Documents and Settings\Nico\scan.dat
2008-04-17 18:06 . 2008-04-17 18:06 114 --a------ C:\WINDOWS\system32\hjkh.bat
2008-04-17 18:03 . 2008-04-17 18:03 123 --a------ C:\WINDOWS\system32\ikye.bat
2008-04-17 17:59 . 2008-04-17 17:59 0 -ra------ C:\WINDOWS\system32\TFTP672
2008-04-17 17:50 . 2008-04-17 17:50 <REP> d-------- C:\Documents and Settings\Nico\Application Data\libresystem
2008-04-17 17:45 . 2008-04-17 17:45 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
2008-04-17 17:44 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-17 17:23 . 2008-04-17 17:23 121 --a------ C:\WINDOWS\system32\unnpqyed.bat
2008-04-16 21:38 . 2003-04-24 14:00 28,160 --a--c--- C:\WINDOWS\system32\dllcache\msoobe.exe
2008-04-16 21:33 . 2004-08-19 15:52 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2008-04-16 21:22 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET19.tmp
2008-04-16 21:22 . 2003-04-24 14:00 13,923 -ra------ C:\WINDOWS\SET25.tmp
2008-04-16 19:30 . 2008-04-16 19:30 <REP> d-------- C:\Documents and Settings\Daphn‚
2008-04-16 19:19 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-16 19:19 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-04-16 19:19 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-04-16 19:18 . 2008-04-16 19:18 <REP> d-------- C:\Program Files\Alwil Software
2008-04-16 18:58 . 2008-04-16 18:58 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-16 18:54 . 2008-04-16 18:54 0 -ra------ C:\WINDOWS\system32\TFTP5412
2008-04-16 18:40 . 2008-04-16 18:40 13,736 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-16 18:39 . 2008-04-16 18:39 0 -ra------ C:\WINDOWS\system32\TFTP3304
2008-04-16 18:24 . 2008-04-16 18:24 <REP> d-------- C:\Program Files\Rockstar Games
2008-04-08 19:32 . 2008-04-08 19:32 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-04-08 19:28 . 2008-04-08 19:28 0 --a------ C:\WINDOWS\frontpg.ini
2008-04-08 19:27 . 2008-04-08 19:27 <REP> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-04-08 19:25 . 2008-04-08 19:26 <REP> d-------- C:\WINDOWS\system32\msmq
2008-04-07 05:12 . 2008-04-19 19:20 <REP> d-------- C:\Documents and Settings\Nico\Application Data\MSN6
2008-04-07 05:12 . 2008-04-07 05:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-07 05:05 . 2008-04-07 05:05 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-07 05:05 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 05:54 --------- d-----w C:\Program Files\Services en ligne
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1bd9becd-055a-4dba-9041-1c0a24c4026d}]
C:\WINDOWS\System32\npaoxjra.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-19 18:41 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"Microsoft Anivirus Monitor Process"="antiv.exe" []
"Microsft Security Monitor Process"="mssmpp.exe" []
"cookw"="C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" [ ]
"SBI"="C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\SOUNDMAN.EXE]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Anivirus Monitor Process"="antiv.exe" []
"Microsft Security Monitor Process"="mssmpp.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-19 16:09]
S2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe" []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 18:43:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 18:46:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 16:46:49

Pre-Run: 32,560,791,552 octets libres
Post-Run: 32,595,222,528 octets libres

219

refais un scan hijackthis et poste le rapport stp

--Le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:11, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nico\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

supprime ces lignes:

O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)

O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start

O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe

pour les supprimer tu les coches ensuite tu clic sur fix checked

apres fais ça :

Démarrer > executer > ' services.msc ' ,

- Clic droit sur le service cité - Distributed Allocated Memory Unit
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : http://www.zebulon.fr/dossiers/31-services.html

2) Supprime le dossier :

Va dans "C:\WINDOWS\system32\trouve et supprime le dossier dllcache

ok refais un scan hijackthis et poste le nouveau rapport stp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:33, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nico\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

ton rapport est propre mis a part cette ligne:

O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)

pour l enlever

il faut faire ceci :

Démarrer > executer > ' services.msc ' ,

- Clic droit sur le service cité - Distributed Allocated Memory Unit
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : http://www.zebulon.fr/dossiers/31-services.html

2) Supprime le dossier :

Va dans cherche et supprime ce fichier :
C:\WINDOWS\system32\dllcache\mravsc32.exe

je ne trouve pas le fichier C:\WINDOWS\system32\dllcache\mravsc32.exe,malgré une recherche poussée...

ok si tu le trouve supprme le

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )