Le Spy Sweeper m'indique où se trouve le trojan Winlogonhook :
c:system volume information_restore{05f8ccc3-44f6-4203-af26-2a1614f677fa}rp92a0122941.dll
Est-ce que je peux supprimer ce fichier ?
Sinon, avec hijack voici le log :
Logfile of HijackThis v1.99.1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlservr.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesWebrootSpy SweeperWRSSSDK.exe
C:WINDOWSsystem32ZONELABSvsmon.exe
C:Program FilesRealVNCVNC4WinVNC4.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesThe Cleanertca.exe
C:Program FilesThe Cleanertcm.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSsystem32rundll32.exe
C:Documents and SettingsnDesktopRepairRegistryPro.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHewlett-PackardToolboxStatusClientStatusClient.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
C:Program Filesa2a2guard.exe
C:Program FilesHewlett-PackardToolboxjrebinjavaw.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesHijackthis Version FrançaiseVERSION TRADUITE ORIGINALE.EXE
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mabulgarieonline.com/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /startintray
O4 - HKLM..Run: [tcactive] C:Program FilesThe Cleanertca.exe
O4 - HKLM..Run: [tcmonitor] C:Program FilesThe Cleanertcm.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [Zone Labs Client] C:Program FilesZone LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [Repair Registry Pro] C:Documents and SettingsnDesktopRepairRegistryPro.exe -s
O4 - HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [XoftSpy] C:Program FilesXoftSpyXoftSpy.exe -s
O4 - HKLM..Run: [StatusClient 2.6] C:Program FilesHewlett-PackardToolboxStatusClientStatusClient.exe /auto
O4 - HKLM..Run: [TomcatStartup 2.5] C:Program FilesHewlett-PackardToolboxhpbpsttp.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [a-squared] "C:Program Filesa2a2guard.exe"
O4 - HKCU..Run: [Update Service] C:PROGRA~1COMMON~1TEKNUM~1update.exe /startup
O4 - HKCU..Run: [miniMIZE] C:Program FilesMinimizeminiMIZEminiMIZE.exe
O4 - HKCU..Run: [Pando] C:Program FilesPando NetworksPandopando.exe /Automation
O4 - HKCU..Run: [X-Cleaner Deluxe] "C:PROGRA~1X-CLEA~1XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:Program FilesFlashGetjc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O17 - HKLMSystemCCSServicesTcpip..{E5B09515-A0FA-4304-A83D-DE386583D507}: NameServer = 202.5.191.130,202.5.191.160
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite 2005.SR2aRpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite 2005.SR2aRpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperWRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZONELABSvsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:Program FilesRealVNCVNC4WinVNC4.exe" -service (file missing)
Si quelqu'un peut me dire s'il y a une anomalie. Merci encore.