Voila mon probleme j'ai eu un trojan ou malware enfin truc qui embete bien,
j'ai scanner mon pc avec mon antispyware il a mis en quarantaine pas mal de truc
Mais un probleme subsiste Zone alarm mon firewall m'indique se message
"Windows explorer has violated outbound e-mail rules" en gros il essaye d'envoyer  
des messages a des adresse e-mail que je connais pas en boucle se qui fait
que j'ai toujours une feneter security alerte ouverte.
Voilà le rapport hijackthis  
Logfile of HijackThis v1.99.1
Scan saved at 15:02:30, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Downloads\hijackthis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.fr
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5F432651-CAC6-E13A-E82E-ECABBB30B09F} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yaz [...] refid=1162
O17 - HKLM\System\CCS\Services\Tcpip\..\{841618DD-1AD6-423F-B62E-187D29CF93E7}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: acac - C:\WINDOWS\system32\acac.dll
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: wineyx32 - C:\WINDOWS\SYSTEM32\wineyx32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_27.dll
O21 - SSODL: SBrVMgFk - {F0E47CD9-5A4E-D673-6C8E-1C02C208413E} - C:\WINDOWS\system32\lwam.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Thread Master (ThreadMaster) - http://threadmaster.tripod.com  -  threadmaster@europe.com - C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
 
A noter que c'est explorer.exe et taskdir.exe qui tente d'envoyer ses messages...
Voilà si quelqu'un peu m'eclairer........
Merci.
 
 
 

Bonjour,
 
ton log est effectivement bien infecté...
 
J'aimerai une verification sur un fichier:
 
1/affiche tout les fichiers:
 

 
2/rend toi ici:
 
C:\WINDOWS\system32\acac.dll  
 
 
3/rend toi ensuite sur ce site http://virusscan.jotti.org/ et fait analyser acac.dll et
post le resultat.
 
@+