Bonjour, j'ai un souci de malware ezula etc qui s'amplifie de jour en jour (ouvertures de pop up IE intempestives, un processus iexplore s'est rajouté, mon antivirus trouve des malwares mais même en les virant ils reviennent, de faux raccourcis vers windows updates se mettent sur mon bureau...) J'ai testé Vundofix, Sdfix, Spybot et adaware, au final ça revient toujours.
 
Voici mon dernier report Sdfix. Par pitié aidez moi car je ne peux plus travailler normalement...
 
 
SDFix: Version 1.119
 
Run by Administrateur on 21/12/2007 at 19:48
 
Microsoft Windows XP [version 5.1.2600]
 
Running From: C:\SDFix
 
Safe Mode:
Checking Services:  
 
 
Restoring Windows Registry Values
Restoring Windows Default Hosts File
 
Rebooting...
 
 
Normal Mode:
Checking Files:  
 
No Trojan Files Found
 
 
 
 
 
Removing Temp Files...
 
ADS Check:
 
C:\WINDOWS
No streams found.  
 
C:\WINDOWS\system32
No streams found.  
 
C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
 
 
 
                                 Final Check:
 
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 20:17:48
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden services & system hive ...
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:8c,38,1d,9c,d3,30,64,00,82,b1,02,4b,52,98,dd,a2,d3,9a,20,60,49,..
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,84,4d,c8,d8,4a,ad,49,df,64,44,a0,32,38,ce,7c,1a,0a,..
"hdf12"=hex:8b,26,dd,21,a8,d3,0d,44,e3,6a,9a,26,89,2c,4e,b6,bc,25,c7,9c,23,..
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:f5,37,be,00,4d,d5,93,47,59,80,59,e2,71,3c,b6,c5,24,95,2e,0c,9e,..
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:79,07,dd,05,14,05,fd,ad,6a,cb,1f,55,f2,39,b9,4d,99,1d,9e,2c,87,..
"p0"="C:\Program Files\DAEMON Tools\"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,c4,62,ff,29,f0,67,b3,80,ca,d8,6b,ac,f6,7c,38,0e,..
"khjeh"=hex:85,08,f6,8d,81,df,68,3c,ae,40,2a,55,e4,c5,7e,5a,07,9e,bc,28,e1,..
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:94,86,26,7d,83,fd,d4,bc,27,73,51,28,35,48,f9,8e,b0,e8,94,23,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:8c,38,1d,9c,d3,30,64,00,82,b1,02,4b,52,98,dd,a2,d3,9a,20,60,49,..
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,84,4d,c8,d8,4a,ad,49,df,64,44,a0,32,38,ce,7c,1a,0a,..
"hdf12"=hex:8b,26,dd,21,a8,d3,0d,44,e3,6a,9a,26,89,2c,4e,b6,bc,25,c7,9c,23,..
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:f5,37,be,00,4d,d5,93,47,59,80,59,e2,71,3c,b6,c5,24,95,2e,0c,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:79,07,dd,05,14,05,fd,ad,6a,cb,1f,55,f2,39,b9,4d,99,1d,9e,2c,87,..
"p0"="C:\Program Files\DAEMON Tools\"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,c4,62,ff,29,f0,67,b3,80,ca,d8,6b,ac,f6,7c,38,0e,..
"khjeh"=hex:85,08,f6,8d,81,df,68,3c,ae,40,2a,55,e4,c5,7e,5a,07,9e,bc,28,e1,..
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:94,86,26,7d,83,fd,d4,bc,27,73,51,28,35,48,f9,8e,b0,e8,94,23,54,..
 
scanning hidden registry entries ...
 
scanning hidden files ...
 
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
 
 
Remaining Services:
------------------
 
 
 
Authorized Application Key Export:
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\ajfblrpm.exe"="C:\\WINDOWS\\system32\\ajf"
"C:\\Program Files\\Call of Duty 4\\iw3mp.exe"="C:\\Program Files\\Call of Duty 4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
 
Remaining Files:
---------------
 
 
Files with Hidden Attributes:
 
Thu 19 Aug 2004        60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 21 Dec 2007        36,698 ..SH. --- "C:\WINDOWS\system32\gnjvjjhx.dllbox"
Fri 30 Nov 2007        63,223 ..SH. --- "C:\WINDOWS\system32\nqtwa.bak1"
Fri 21 Dec 2007       256,687 ..SH. --- "C:\WINDOWS\system32\nqtwa.bak2"
Wed 19 Dec 2007         5,405 ...HR --- "C:\Documents and Settings\ramenian\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 21 May 2006        24,064 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0005.tmp"
Sun 21 May 2006        28,672 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0076.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0113.tmp"
Sun 21 May 2006        28,160 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0119.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0179.tmp"
Sun 21 May 2006        25,088 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0299.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL0437.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1086.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1173.tmp"
Sun 21 May 2006        25,088 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1272.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1304.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1331.tmp"
Sun 21 May 2006        29,184 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1459.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1633.tmp"
Sun 21 May 2006        24,576 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1698.tmp"
Sun 21 May 2006        24,064 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL1960.tmp"
Sun 21 May 2006        28,672 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2085.tmp"
Sun 21 May 2006        29,184 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2524.tmp"
Sun 21 May 2006        29,696 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2580.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2649.tmp"
Sun 21 May 2006        26,624 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2856.tmp"
Sun 21 May 2006        26,112 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL2987.tmp"
Sun 21 May 2006        29,184 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3111.tmp"
Sun 21 May 2006        27,136 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3590.tmp"
Sun 21 May 2006        27,136 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3767.tmp"
Sun 21 May 2006        25,088 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3824.tmp"
Sun 21 May 2006        29,696 A..H. --- "C:\Documents and Settings\ramenian\Mes documents\Projets\Web Analytique\~WRL3864.tmp"
 
Finished!  
 
 
Que dois-je faire ?  
 
Merci !

Salut,
 
regarde ici: http://www.malekal.com/Adware.Magi [...] ocId213723