[TRJ] WinXP Pro redémarre à la connexion

Bonjours, la semaine passer j’ai downloadé de quelque chose de suspect et j’ai oublier de faire un scan avant de l’ouvrir (Honte à moi).

J’ai :

Windows XP Pro SP2
P4 1.7
U.S Robotics v.92 PCI Faxmodem
Avast

Bon Avast a détecté des trojans voici le log de mes alertes :

2006-12-19	20:38:14	1166578694	SYSTEM	732	Sign of "Win32:Agent-CJJ [Trj]" has been found in "G:\DOCUME~1\LEBANN~1\LOCALS~1\Temp\Rar$EX01.687\crack.exe" file.  
2006-12-19	20:39:20	1166578760	Le Banneton	1348	Sign of "Win32:Agent-CJJ [Trj]" has been found in "G:\Documents and Settings\Le Banneton\Bureau\Radmin 2.2 .rar\crack.exe" file.  
2006-12-19	20:40:05	1166578805	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "G:\Documents and Settings\Le Banneton\Local Settings\Temporary Internet Files\Content.IE5\OI2CLUSG\fkfdcxj[1].htm" file.  
2006-12-19	20:40:24	1166578824	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\tuefv.exe" file.  
2006-12-19	20:40:41	1166578841	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "G:\Documents and Settings\Le Banneton\Local Settings\Temporary Internet Files\Content.IE5\90FJT5I3\uzupnm[1].htm" file.  
2006-12-19	20:40:53	1166578853	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\duunk.exe" file.  
2006-12-19	20:41:16	1166578876	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "G:\Documents and Settings\Le Banneton\Local Settings\Temporary Internet Files\Content.IE5\IT1JLXRD\xbxihg[1].htm" file.  
2006-12-19	20:41:25	1166578885	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\pxxxb.exe" file.  
2006-12-19	20:42:29	1166578949	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "G:\Documents and Settings\Le Banneton\Local Settings\Temporary Internet Files\Content.IE5\IT1JLXRD\nsctdaktzy[1].htm" file.  
2006-12-19	20:42:33	1166578953	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\nlfqj.exe" file.  
2006-12-19	20:42:51	1166578971	SYSTEM	732	Sign of "Win32:Agent-BSU [Trj]" has been found in "G:\Documents and Settings\Le Banneton\Local Settings\Temporary Internet Files\Content.IE5\IT1JLXRD\file[1].htm\[FSG]" file.  
2006-12-19	20:44:57	1166579097	SYSTEM	732	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\nlfqj.exe" file.  
2006-12-19	20:45:02	1166579102	SYSTEM	732	Sign of "Win32:Agent-BSU [Trj]" has been found in "G:\DOCUME~1\LEBANN~1\LOCALS~1\Temp\473343424.exe\[FSG]" file.  
2006-12-19	21:21:52	1166581312	SYSTEM	688	Sign of "Win32:Agent-BSU [Trj]" has been found in "http://firstwolf.org/rd/file.php?id=1C723D81AC77B9C&ver=jg1\[FSG]" file.  
2006-12-19	21:22:06	1166581326	SYSTEM	688	Sign of "Win32:Agent-BSU [Trj]" has been found in "G:\DOCUME~1\LEBANN~1\LOCALS~1\Temp\1990656944.exe\[FSG]" file.  
2006-12-19	21:22:58	1166581378	SYSTEM	688	Sign of "Win32:Agent-BSU [Trj]" has been found in "G:\Documents and Settings\Le Banneton\Local Settings\Temporary Internet Files\Content.IE5\90FJT5I3\file[1].htm\[FSG]" file.  
2006-12-20	16:18:12	1166649492	SYSTEM	708	Sign of "Win32:Agent-BSU [Trj]" has been found in "http://firstwolf.org/rd/file.php?id=1C723D81AC77B9C&ver=jg1\[FSG]" file.  
2006-12-20	16:18:30	1166649510	SYSTEM	708	Sign of "Win32:Agent-BSU [Trj]" has been found in "G:\DOCUME~1\LEBANN~1\LOCALS~1\Temp\1172419380.exe\[FSG]" file.  
2006-12-20	16:18:56	1166649536	SYSTEM	708	Sign of "Win32:Agent-BSU [Trj]" has been found in "G:\Documents and Settings\Le Banneton\Local Settings\Temporary Internet Files\Content.IE5\90FJT5I3\file[1].htm\[FSG]" file.

Une fois les fenêtres d’alertes fermées je continue en pensant que Avast les avait supprimés.

J’ai fermé mon PC pour la nuit et et le lendemain je me connecte (la connexionet se fait) l’ordinateur redémarre comme par magie (après quelques secondes) .

J’ai fait un coût hijackthis en mode normal et sans échec.

Voici les log

Normal :

Logfile of HijackThis v1.99.1
Scan saved at 21:37:27, on 2006-12-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Microsoft IntelliPoint\ipoint.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
G:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
G:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
G:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\RocketDock\RocketDock.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G:\WINDOWS\system32\zkPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - G:\WINDOWS\system32\zkPeCrypt.dll
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "G:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] G:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] G:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] G:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "G:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Recoveru systems] G:\DOCUME~1\LEBANN~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe

Sans Échec :

Logfile of HijackThis v1.99.1
Scan saved at 21:42:24, on 2006-12-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\Explorer.EXE
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G:\WINDOWS\system32\zkPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - G:\WINDOWS\system32\zkPeCrypt.dll
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "G:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] G:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] G:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] G:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "G:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Recoveru systems] G:\DOCUME~1\LEBANN~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - G:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe

Mais avant le scan de Hijackthis j’ai fait une analyse avec Avast, a2, Ad-adware, Spybot je détruis le tout. Ils n’y sont plus, mais j’ai encore le problème avec ma connexion.

J’ai essayé aussi avec un autre modem mais cette fois si j’ai un écran bleu.

Pouvez-vous m’aider ?!

Et le formatage n’est pas une solution envisageable pour moi.

Et Joyeuses fêtes à tous et à toutes.