[Trojan/Virus] Pc contaminé...

Bonjour,

je me permet de poster ici suite au topic sur la desinfection des pcs.
En effet, le mien est depuis qques jours très coléreux, et je n'arrive pas a me debarasser des trojans qui le contamine

Voila les logs demandés,
si vous pouviez me dire quoi faire pour récupérer une situation normale, ce serait vraiment très gentil

Merci à vous
Anthony

ewido

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 09:55:36, 13/10/2006
+ Somme de contrôle: 6EE43E06

+ Résultats du scan:

[3252] C:\PROGRAM FILES\FICHIERS COMMUNS\{24BF833D-0A77-1036-0808-030311180021}\UPDATE.EXE -> Adware.Softomate : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@ad.adition[2].txt -> TrackingCookie.Adition : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@admarketplace[1].txt -> TrackingCookie.Admarketplace : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@e-2dj6wjlikndjmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@free.wegcash[1].txt -> TrackingCookie.Wegcash : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@ppms.popularix[1].txt -> TrackingCookie.Popularix : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Cookies\antho@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Local Settings\Temporary Internet Files\Content.IE5\8DEFGXIN\antzom[1].exe -> Trojan.Agent.vg : Nettoyer et sauvegarder
C:\Documents and Settings\antho\Local Settings\Temporary Internet Files\Content.IE5\KH63WPEN\winss32[1].exe -> Trojan.Agent.vg : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\{24BF833D-0A77-1036-0808-030311180021}\services.dll -> Adware.Softomate : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\{24BF833D-0A77-1036-0808-030311180021}\Update.exe -> Adware.Softomate : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\{34BF833D-0A77-1036-0808-030311180021}\MyToolBar.dll -> Adware.Softomate : Nettoyer et sauvegarder
C:\WINDOWS\system32\byxwxwu.dll -> Adware.Virtumonde : Nettoyer et sauvegarder


::Fin du rapport

bitdefender

BitDefender Online Scanner - Real Time Virus Report



Generated at: Fri, Oct 13, 2006 - 12:13:18


----------------------------------------------------------------------------

----





Scan Info



Scanned Files
384834

Infected Files
10








Virus Detected



Generic.XPL.CodeBase.4C9B09D7
1

Generic.XPL.ADODB.D36B91BC
1

DeepScan:Generic.Malware.SYddldg.6AD3E836
1

Trojan.Klone.H
1

MemScan:Trojan.Vundo.K
1

Trojan.Agent.TEX
1

Trojan.Downloader.BKK
4






HiJack
Logfile of HijackThis v1.99.1
Scan saved at 12:14:24, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\antho\MESDOC~1\FNTS~1\wuaclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\?DOBE\REGSVR32.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\Documents and Settings\antho\Bureau\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {476BCAC9-5E05-2CA2-2BC4-0595BBF68998} - C:\WINDOWS\system32\fsxaekw.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vpisgoc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\vpisgoc.dll,ncpxscd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Stor] "C:\DOCUME~1\antho\MESDOC~1\FNTS~1\wuaclt.exe" -vt yazb
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW. Prefix: http://
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC538428-3722-482F-86CD-76F174D85174}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe