Se connecter / S'enregistrer
Votre question

problème spyware sécure

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Juin 2008 11:36:22

bonjour,

je suis en train de dépanner le PC (windows xp) de mon beau frère : je fais face à un spyware qui me semble est lié à spyware secure :

les symptomes sont les suivants :

fond d'écran modifié par un ecran bleu avec un lien pour telecharger un anti spyware,

message dans la barre des taches de temps en temps (signalé par un triangle jaune) d'une infection qui renvoi également surun site pouréléchager un antispyware,

apparition intempestive de pop ups (toujours la meme chose, probleme de securité , etc,...)

je vous poste ci dessous un premier rapport hijackthis fait ce matin:

MERCI D'AVANCE POUR VOTRE AIDE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:53, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\mjc\mjc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire\lsass.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 3)" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Compaq_Propriétaire\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
O22 - SharedTaskScheduler: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 12833 bytes

Autres pages sur : probleme spyware secure

22 Juin 2008 12:26:06

:hello:  Bonjour,

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    N.B.:
    - Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    - Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

    + nouveau rapport hijackthis.

    ;) 
    23 Juin 2008 13:17:18

    bonjour,
    tous d'abord, merci à Merillym d'avoir répondu aussi vite.

    ci joint le rapport SDFIX et un nouveau rapport hijackthis.

    Merci encore pour votre aide.

    RAPPORT SDFIX :

    SDFix: Version 1.196
    Run by Administrateur on 23/06/2008 at 13:08

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :

    Killing PID 764 'iftuyszv.exe'

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default Desktop Wallpaper

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\netrax18\netrax182328.exe - Deleted
    C:\WINDOWS\system32\vntiho05\vntiho051080.exe - Deleted
    C:\Program Files\mjc\mjc.exe - Deleted
    C:\WINDOWS\x.exe - Deleted
    C:\WINDOWS\y.exe - Deleted
    C:\WINDOWS\b152.exe - Deleted
    C:\WINDOWS\accesss.exe - Deleted
    C:\WINDOWS\astctl32.ocx - Deleted
    C:\WINDOWS\avpcc.dll - Deleted
    C:\WINDOWS\clrssn.exe - Deleted
    C:\WINDOWS\cpan.dll - Deleted
    C:\WINDOWS\ctfmon32.exe - Deleted
    C:\WINDOWS\ctrlpan.dll - Deleted
    C:\WINDOWS\default.htm - Deleted
    C:\WINDOWS\directx32.exe - Deleted
    C:\WINDOWS\dnsrelay.dll - Deleted
    C:\WINDOWS\editpad.exe - Deleted
    C:\WINDOWS\explore.exe - Deleted
    C:\WINDOWS\explorer32.exe - Deleted
    C:\WINDOWS\funniest.exe - Deleted
    C:\WINDOWS\funny.exe - Deleted
    C:\WINDOWS\gfmnaaa.dll - Deleted
    C:\WINDOWS\helpcvs.exe - Deleted
    C:\WINDOWS\iedll.exe - Deleted
    C:\WINDOWS\iexplorer.exe - Deleted
    C:\WINDOWS\inetinf.exe - Deleted
    C:\WINDOWS\internet.exe - Deleted
    C:\WINDOWS\loader.exe - Deleted
    C:\WINDOWS\msconfd.dll - Deleted
    C:\WINDOWS\msspi.dll - Deleted
    C:\WINDOWS\mssys.exe - Deleted
    C:\WINDOWS\msupdate.exe - Deleted
    C:\WINDOWS\mswsc10.dll - Deleted
    C:\WINDOWS\mswsc20.dll - Deleted
    C:\WINDOWS\mtwirl32.dll - Deleted
    C:\WINDOWS\notepad32.exe - Deleted
    C:\WINDOWS\olehelp.exe - Deleted
    C:\WINDOWS\qttasks.exe - Deleted
    C:\WINDOWS\quicken.exe - Deleted
    C:\WINDOWS\rundll16.exe - Deleted
    C:\WINDOWS\rundll32.vbe - Deleted
    C:\WINDOWS\searchword.dll - Deleted
    C:\WINDOWS\sistem.exe - Deleted
    C:\WINDOWS\svchost32.exe - Deleted
    C:\WINDOWS\svcinit.exe - Deleted
    C:\WINDOWS\systeem.exe - Deleted
    C:\WINDOWS\systemcritical.exe - Deleted
    C:\WINDOWS\system32\iftuyszv.exe - Deleted
    C:\WINDOWS\time.exe - Deleted
    C:\WINDOWS\users32.exe - Deleted
    C:\WINDOWS\waol.exe - Deleted
    C:\WINDOWS\win32e.exe - Deleted
    C:\WINDOWS\win64.exe - Deleted
    C:\WINDOWS\winajbm.dll - Deleted
    C:\WINDOWS\window.exe - Deleted
    C:\WINDOWS\winmgnt.exe - Deleted
    C:\WINDOWS\xplugin.dll - Deleted
    C:\WINDOWS\xxxvideo.hta - Deleted



    Folder C:\Program Files\mjc - Removed
    Folder C:\WINDOWS\system32\netrax18 - Removed
    Folder C:\WINDOWS\system32\vntiho05 - Removed
    Folder C:\WINDOWS\system32\vntiho18 - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-23 13:15:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:D isabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:D isabled:AOL"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:D isabled:AOL"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 9 Jun 2008 86,528 ..SH. --- "C:\Documents and Settings\Compaq_Propri‚taire\lsass.exe"
    Mon 9 Feb 2004 49,152 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
    Mon 9 Feb 2004 151,552 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
    Mon 9 Feb 2004 30,320 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
    Mon 9 Feb 2004 253,952 A..H. --- "C:\Program Files\AOL 9.0\waol.exe"
    Tue 22 Feb 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 6 Jul 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
    Tue 22 Feb 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
    Tue 3 Jun 2008 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti244.tmp"
    Sun 19 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sat 10 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1DD.tmp"
    Tue 22 Feb 2005 4,348 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Thu 9 Aug 2007 782 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Tue 22 Feb 2005 312 A.SH. --- "C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

    Finished!

    RAPPORT HIJACKTHIS :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:20:15, on 23/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 3)" /O5 "LPT1:" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
    O22 - SharedTaskScheduler: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 10647 bytes


    Contenus similaires
    23 Juin 2008 13:25:15

    re-bonjour,

    a priori, le problème du spyware qui modifiait le fond d'écran + popups de sécurité a disparu : merci beucoup.

    je ne sais pas par contre si son PC est maintenant complétement clean (j'en doute!!)

    en effet, lorsque je connecte à chaque fois ma clé USB sur son PC soit pour transférer les logiciels soit pour récupérer les rapports, un prog nommé "start" s'installe sur la clé et est détécté par mon PC comme malveillant (par avast) : je le supprime a chaque fois mais il revient (meme apres le dernier traitement ci dessus)

    Bon, le principal pour mon beau frere était de ne plus être systématiquement pollué par les pop ups mais j'ai son PC pour la semaine et donc, si c'est possible, je souhaiterais lui nettoyer le plus possible avec votre aide.

    encore merci
    23 Juin 2008 18:45:05

    Re,

    Effectivement, il reste pas mal de ménage à faire, mais vu qu'on a la semaine :super:

    ***

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\Program Files\altcmd\altcmd32.dll

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    ;) 
    24 Juin 2008 13:19:40

    re Merillym,

    encore merci à toi pourton aide.

    ci joint le rapport demandé :

    Fichier altcmd32.dll reçu le 2008.06.24 13:18:25 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.24.0 2008.06.24 -
    AntiVir 7.8.0.59 2008.06.24 TR/Dialer.bps
    Authentium 5.1.0.4 2008.06.24 -
    Avast 4.8.1195.0 2008.06.23 Win32:Trojan-gen {Other}
    AVG 7.5.0.516 2008.06.24 Dialer.SLQ
    BitDefender 7.2 2008.06.24 Trojan.Dialer.VXC
    CAT-QuickHeal 9.50 2008.06.23 Trojan.Dialer.bps
    ClamAV 0.93.1 2008.06.24 -
    DrWeb 4.44.0.09170 2008.06.24 Trojan.BhoSiggen.2
    eSafe 7.0.17.0 2008.06.24 -
    eTrust-Vet 31.6.5900 2008.06.24 -
    Ewido 4.0 2008.06.24 -
    F-Prot 4.4.4.56 2008.06.23 -
    F-Secure 7.60.13501.0 2008.06.20 Trojan.Win32.Dialer.bps
    Fortinet 3.14.0.0 2008.06.24 W32/Dialer.BPS!tr
    GData 2.0.7306.1023 2008.06.24 Trojan.Win32.Dialer.bps
    Ikarus T3.1.1.26.0 2008.06.24 Virus.Trojan.Win32.Dialer.bps
    Kaspersky 7.0.0.125 2008.06.24 Trojan.Win32.Dialer.bps
    McAfee 5323 2008.06.23 -
    Microsoft None 2008.06.24 -
    NOD32v2 3212 2008.06.24 -
    Norman 5.80.02 2008.06.23 W32/Dialer.CHYS
    Panda 9.0.0.4 2008.06.23 -
    Prevx1 V2 2008.06.24 Cloaked Malware
    Rising 20.50.10.00 2008.06.24 AdWare.Win32.Agent.bwy
    Sophos 4.30.0 2008.06.24 Troj/Dialer-FI
    Sunbelt 3.0.1153.1 2008.06.15 -
    Symantec 10 2008.06.24 -
    TheHacker 6.2.92.359 2008.06.24 Trojan/Dialer.bps
    TrendMicro 8.700.0.1004 2008.06.24 -
    VBA32 3.12.6.8 2008.06.23 Trojan.Win32.Dialer.bps
    VirusBuster 4.5.11.0 2008.06.23 -
    Webwasher-Gateway 6.6.2 2008.06.24 Trojan.Dialer.bps

    Information additionnelle
    File size: 147456 bytes
    MD5...: 9d59b296d8874d6cbef9c7d388916429
    SHA1..: 50e4ba5c56ea4d8a610444d3b5d76f7beb1ab9d1
    SHA256: e2bcfb2c79e139529344dceed9749ade13f68f711f17d989bfbe75d72d1bb11d
    SHA512: 839371c60cae212f6fdb4048bc6c0494b7552d6a0a901bcaa0e3ddbe2f623a6b<BR>d05088e164b45f9c7d0e786ee1492e7abc3fa0fc5ab7d2517a5a823687760bd3
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1000c40f<BR>timedatestamp.....: 0x484e8dd9 (Tue Jun 10 14:21:13 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x17305 0x18000 6.65 b3d95fbd188b7e5a14b792e584d74d36<BR>.rdata 0x19000 0x4ce3 0x5000 5.29 e403de7d752c6fe7c87f5963e6d41452<BR>.data 0x1e000 0x31e0 0x2000 2.95 ee48e5d7e4907d4078f3738a58e88a99<BR>.rsrc 0x22000 0xfac 0x1000 4.54 0dd307474a9c799d3b5df924e053e230<BR>.reloc 0x23000 0x214a 0x3000 3.86 0ac3872df900027f4ac7826cd04bf10c<BR><BR>( 8 imports ) <BR>> WININET.dll: InternetGetConnectedState, HttpOpenRequestA<BR>> urlmon.dll: URLDownloadToFileA<BR>> KERNEL32.dll: lstrlenA, lstrcpyA, GetTickCount, GetLocalTime, GetVersion, FreeLibrary, GetProcAddress, LoadLibraryA, GetModuleFileNameA, CopyFileA, MoveFileA, WriteFile, ReadFile, CloseHandle, GetFileSize, CreateFileA, DeleteFileA, Sleep, MoveFileExA, WideCharToMultiByte, _lclose, _lread, _lopen, lstrcatA, lstrlenW, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiA, CreateThread, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, IsDBCSLeadByte, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetModuleHandleA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, lstrcmpA, VirtualQuery, GetLastError, VirtualProtect, MultiByteToWideChar, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetCurrentProcessId, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, SetLastError, TlsFree, TlsSetValue, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, HeapAlloc, HeapFree, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetSystemTimeAsFileTime, RtlUnwind, VirtualAlloc, GetSystemInfo, HeapReAlloc, GetCurrentThreadId, GetCommandLineA, GetProcessHeap, VirtualFree, HeapDestroy, HeapCreate, ExitProcess, GetStdHandle, GetCPInfo, GetOEMCP, TlsGetValue, TlsAlloc, QueryPerformanceCounter<BR>> USER32.dll: wsprintfA, CharNextA, CharLowerA, UnregisterClassA<BR>> ADVAPI32.dll: RegOpenKeyExA, RegEnumKeyExA, RegQueryInfoKeyA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegOpenKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey<BR>> SHELL32.dll: SHGetSpecialFolderPathA<BR>> ole32.dll: StringFromGUID2, CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateInstance<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -<BR><BR>( 4 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<BR>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=4F10E943...

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.6.24.0 2008.06.24 -
    AntiVir 7.8.0.59 2008.06.24 TR/Dialer.bps
    Authentium 5.1.0.4 2008.06.24 -
    Avast 4.8.1195.0 2008.06.23 Win32:Trojan-gen {Other}
    AVG 7.5.0.516 2008.06.24 Dialer.SLQ
    BitDefender 7.2 2008.06.24 Trojan.Dialer.VXC
    CAT-QuickHeal 9.50 2008.06.23 Trojan.Dialer.bps
    ClamAV 0.93.1 2008.06.24 -
    DrWeb 4.44.0.09170 2008.06.24 Trojan.BhoSiggen.2
    eSafe 7.0.17.0 2008.06.24 -
    eTrust-Vet 31.6.5900 2008.06.24 -
    Ewido 4.0 2008.06.24 -
    F-Prot 4.4.4.56 2008.06.23 -
    F-Secure 7.60.13501.0 2008.06.20 Trojan.Win32.Dialer.bps
    Fortinet 3.14.0.0 2008.06.24 W32/Dialer.BPS!tr
    GData 2.0.7306.1023 2008.06.24 Trojan.Win32.Dialer.bps
    Ikarus T3.1.1.26.0 2008.06.24 Virus.Trojan.Win32.Dialer.bps
    Kaspersky 7.0.0.125 2008.06.24 Trojan.Win32.Dialer.bps
    McAfee 5323 2008.06.23 -
    Microsoft None 2008.06.24 -
    NOD32v2 3212 2008.06.24 -
    Norman 5.80.02 2008.06.23 W32/Dialer.CHYS
    Panda 9.0.0.4 2008.06.23 -
    Prevx1 V2 2008.06.24 Cloaked Malware
    Rising 20.50.10.00 2008.06.24 AdWare.Win32.Agent.bwy
    Sophos 4.30.0 2008.06.24 Troj/Dialer-FI
    Sunbelt 3.0.1153.1 2008.06.15 -
    Symantec 10 2008.06.24 -
    TheHacker 6.2.92.359 2008.06.24 Trojan/Dialer.bps
    TrendMicro 8.700.0.1004 2008.06.24 -
    VBA32 3.12.6.8 2008.06.23 Trojan.Win32.Dialer.bps
    VirusBuster 4.5.11.0 2008.06.23 -
    Webwasher-Gateway 6.6.2 2008.06.24 Trojan.Dialer.bps

    Information additionnelle
    File size: 147456 bytes
    MD5...: 9d59b296d8874d6cbef9c7d388916429
    SHA1..: 50e4ba5c56ea4d8a610444d3b5d76f7beb1ab9d1
    SHA256: e2bcfb2c79e139529344dceed9749ade13f68f711f17d989bfbe75d72d1bb11d
    SHA512: 839371c60cae212f6fdb4048bc6c0494b7552d6a0a901bcaa0e3ddbe2f623a6b<BR>d05088e164b45f9c7d0e786ee1492e7abc3fa0fc5ab7d2517a5a823687760bd3
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1000c40f<BR>timedatestamp.....: 0x484e8dd9 (Tue Jun 10 14:21:13 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x17305 0x18000 6.65 b3d95fbd188b7e5a14b792e584d74d36<BR>.rdata 0x19000 0x4ce3 0x5000 5.29 e403de7d752c6fe7c87f5963e6d41452<BR>.data 0x1e000 0x31e0 0x2000 2.95 ee48e5d7e4907d4078f3738a58e88a99<BR>.rsrc 0x22000 0xfac 0x1000 4.54 0dd307474a9c799d3b5df924e053e230<BR>.reloc 0x23000 0x214a 0x3000 3.86 0ac3872df900027f4ac7826cd04bf10c<BR><BR>( 8 imports ) <BR>> WININET.dll: InternetGetConnectedState, HttpOpenRequestA<BR>> urlmon.dll: URLDownloadToFileA<BR>> KERNEL32.dll: lstrlenA, lstrcpyA, GetTickCount, GetLocalTime, GetVersion, FreeLibrary, GetProcAddress, LoadLibraryA, GetModuleFileNameA, CopyFileA, MoveFileA, WriteFile, ReadFile, CloseHandle, GetFileSize, CreateFileA, DeleteFileA, Sleep, MoveFileExA, WideCharToMultiByte, _lclose, _lread, _lopen, lstrcatA, lstrlenW, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiA, CreateThread, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, IsDBCSLeadByte, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetModuleHandleA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, lstrcmpA, VirtualQuery, GetLastError, VirtualProtect, MultiByteToWideChar, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetCurrentProcessId, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, SetLastError, TlsFree, TlsSetValue, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, HeapAlloc, HeapFree, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetSystemTimeAsFileTime, RtlUnwind, VirtualAlloc, GetSystemInfo, HeapReAlloc, GetCurrentThreadId, GetCommandLineA, GetProcessHeap, VirtualFree, HeapDestroy, HeapCreate, ExitProcess, GetStdHandle, GetCPInfo, GetOEMCP, TlsGetValue, TlsAlloc, QueryPerformanceCounter<BR>> USER32.dll: wsprintfA, CharNextA, CharLowerA, UnregisterClassA<BR>> ADVAPI32.dll: RegOpenKeyExA, RegEnumKeyExA, RegQueryInfoKeyA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegOpenKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey<BR>> SHELL32.dll: SHGetSpecialFolderPathA<BR>> ole32.dll: StringFromGUID2, CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateInstance<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -<BR><BR>( 4 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<BR>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=4F10E943...

    24 Juin 2008 15:04:30

    Re,

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :

    O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
    O22 - SharedTaskScheduler: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe


    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.

    Redémarre le PC pour que les changements soient pris en compte.

    Redémarre en mode sans échecs

    Note :/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\


    ==> Désinstalle les programmes suivants ( si présents ) via ajout/suppression de programmes du panneau de configuration ( menu démarrer > panneau de configuration ) :

    BOONTY Shared

    ==> Supprime manuellement les fichiers/dossiers suivants en gras ( si présents ) :

    C:\Program Files\altcmd
    C:\Program Files\Fichiers communs\BOONTY Shared

    ==> Vide ta corbeille.

    ==> Redémarre en mode normal et poste un nouveau rapport hijackthis.

    ;) 
    24 Juin 2008 15:56:23

    re,

    le programme "BOONTY shared" n'était pas présent via ajout/suppression de programmes (il y avait par contre "BOONTY BOX 2.3" que je n'ai pas touché)

    Sinon, ok pour les dossiers.

    ci joint nouveau rapport hijackthis :

    merci encore pour ton aide :) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:01:30, on 24/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Documents and Settings\Compaq_Propriétaire\lsass.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\fotowin\RTETPISv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 3)" /O5 "LPT1:" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Compaq_Propriétaire\lsass.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 10328 bytes


    24 Juin 2008 17:48:26

    Re,

    On dirait qu'il y a eu réinfection :/ 

    ***

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :

    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Compaq_Propriétaire\lsass.exe


    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.

    Redémarre le PC pour que les changements soient pris en compte.

    Redémarre en mode sans échecs

    Note :/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\


    ==> Supprime manuellement les fichiers/dossiers suivants en gras ( si présents ) :

    C:\Documents and Settings\Compaq_Propriétaire\lsass.exe

    ==> Vide ta corbeille.

    ==> Redémarre en mode normal et poste un nouveau rapport hijackthis.

    ***

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu'il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficaces, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.

    ;) 
    25 Juin 2008 10:21:26

    re,

    merci pour l'info pour antivir, je vais faire de meme sur mon PC.

    rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:03:05, on 25/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 3)" /O5 "LPT1:" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 10094 bytes

    Rapport antivir :



    Avira AntiVir Personal
    Report file date: mercredi 25 juin 2008 10:23

    Scanning for 1165085 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: Compaq_Propriétaire
    Computer name: TEQUILA71

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 10:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 09:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 09:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 09:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:58
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 20:12:34
    ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 09:27:50
    Engineversion : 8.1.0.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:21
    AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 16:34:44
    AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 16:34:44
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 16:34:44
    AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 12:20:42
    AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 16:34:44
    AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 16:34:44
    AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 16:34:43
    AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 16:34:43
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 16:34:43
    AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 10:58:32
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 18:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 11:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 18:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 09:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 18:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 15:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 13:02:11

    Configuration settings for the scan:
    Jobname..........................: Active Processes
    Configuration file...............: c:\program files\avira\antivir personaledition classic\process.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: on
    Extended process scan............: on
    Scan registry....................: off
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 25 juin 2008 10:23

    The scan of running processes will be started
    Scan process 'avscan.exe' - '55' Module(s) have been scanned
    Scan process 'avcenter.exe' - '113' Module(s) have been scanned
    Scan process 'avgnt.exe' - '55' Module(s) have been scanned
    Scan process 'avguard.exe' - '44' Module(s) have been scanned
    Scan process 'sched.exe' - '27' Module(s) have been scanned
    Scan process 'iPodService.exe' - '28' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '56' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '60' Module(s) have been scanned
    Scan process 'QTTask.exe' - '29' Module(s) have been scanned
    Scan process 'HOMERunner.exe' - '35' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '43' Module(s) have been scanned
    Scan process 'realplay.exe' - '76' Module(s) have been scanned
    Scan process 'E_FATI9CE.EXE' - '30' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '29' Module(s) have been scanned
    Scan process 'rundll32.exe' - '39' Module(s) have been scanned
    Scan process 'Keyhook.exe' - '49' Module(s) have been scanned
    Scan process 'kbd.exe' - '54' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '29' Module(s) have been scanned
    Scan process 'jusched.exe' - '19' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '29' Module(s) have been scanned
    Scan process 'alg.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'RTETPISV.EXE' - '15' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '36' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '26' Module(s) have been scanned
    Scan process 'guard.exe' - '21' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '20' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '29' Module(s) have been scanned
    Scan process 'explorer.exe' - '114' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '55' Module(s) have been scanned
    Scan process 'svchost.exe' - '41' Module(s) have been scanned
    Scan process 'svchost.exe' - '27' Module(s) have been scanned
    Scan process 'svchost.exe' - '159' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'svchost.exe' - '50' Module(s) have been scanned
    Scan process 'lsass.exe' - '58' Module(s) have been scanned
    Scan process 'services.exe' - '27' Module(s) have been scanned
    Scan process 'winlogon.exe' - '65' Module(s) have been scanned
    Scan process 'csrss.exe' - '11' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned
    41 processes with 1791 modules were scanned


    End of the scan: mercredi 25 juin 2008 10:23
    Used time: 00:16 min

    The scan has been done completely.

    0 Scanning directories
    1791 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    1791 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes



    25 Juin 2008 13:38:01

    Citation :
    Scan memory......................: off
    Process scan.....................: on
    Extended process scan............: on
    Scan registry....................: off
    Search for rootkits..............: off


    Il fallait mettre "0n" partout, recommence :D 
    26 Juin 2008 11:34:07

    re,

    désolé, j'ai du loupé la manip :
    ci joint deux rapports antivir (le premier est on sur tout suaf sur rootkits ?
    le second on sur rootkits).

    merci encore



    Avira AntiVir Personal
    Report file date: jeudi 26 juin 2008 10:45

    Scanning for 1165085 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: Compaq_Propriétaire
    Computer name: TEQUILA71

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 10:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 09:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 09:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 09:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:58
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 20:12:34
    ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 09:27:50
    Engineversion : 8.1.0.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:21
    AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 16:34:44
    AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 16:34:44
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 16:34:44
    AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 12:20:42
    AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 16:34:44
    AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 16:34:44
    AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 16:34:43
    AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 16:34:43
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 16:34:43
    AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 10:58:32
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 18:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 11:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 18:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 09:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 18:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 15:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 13:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 26 juin 2008 10:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RTETPISV.EXE' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'QTTask.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'realplay.exe' - '1' Module(s) have been scanned
    Scan process 'E_FATI9CE.EXE' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    44 processes with 44 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '34' files ).


    Starting the file scan:

    Begin scan in 'C:\' <PRESARIO>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\444.470.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [NOTE] The file was deleted!
    C:\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/iftuyszv.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\OBE1\imapIP95.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [NOTE] The file was deleted!
    Begin scan in 'D:\' <PRESARIO_RP>


    End of the scan: jeudi 26 juin 2008 11:28
    Used time: 42:45 min

    The scan has been done completely.

    7562 Scanning directories
    533509 Files were scanned
    4 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    5 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    533505 Files not concerned
    13827 Archives were scanned
    2 Warnings
    5 Notes






    Avira AntiVir Personal
    Report file date: jeudi 26 juin 2008 11:31

    Scanning for 1165085 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: Compaq_Propriétaire
    Computer name: TEQUILA71

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 10:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 09:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 09:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 09:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:58
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 20:12:34
    ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 09:27:50
    Engineversion : 8.1.0.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:21
    AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 16:34:44
    AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 16:34:44
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 16:34:44
    AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 12:20:42
    AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 16:34:44
    AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 16:34:44
    AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 16:34:43
    AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 16:34:43
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 16:34:43
    AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 10:58:32
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 18:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 11:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 18:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 09:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 18:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 15:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 13:02:11

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: jeudi 26 juin 2008 11:31

    Starting search for hidden objects.
    '326547' objects were checked, '0' hidden objects were found.


    End of the scan: jeudi 26 juin 2008 11:34
    Used time: 03:13 min

    The scan has been done completely.

    0 Scanning directories
    0 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    0 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes
    326547 Objects were scanned with rootkit scan
    0 Hidden objects were found

    26 Juin 2008 19:43:03

    :hello:  Bonjour,

    Poste un nouveau rapport HijackThis qu'on fasse le point.

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    30 Juin 2008 16:02:47

    bonjour,

    merci beaucoup pour l'aide : le pc n'a plus de problème.
    je poste quand meme un dernier rapport HijackThis mais je pense que je peut rendre le PC maintenant.

    Par contre, étant en convalescence en ce moment suite a une opération (entorse cheville) , un ami a su que je dépannais un PC et m'a amené son PC portable (vista) qui a quelques soucis de virus. Dois-je créer un nouveau sujet ou pouvons nous continuer sur celui-ci ?

    merci d'avance et encore merci pour tout.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:58:00, on 30/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\fotowin\RTETPISv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 3)" /O5 "LPT1:" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 9950 bytes
    30 Juin 2008 18:00:30

    Citation :
    Dois-je créer un nouveau sujet ou pouvons nous continuer sur celui-ci ?


    On finit ton PC et on pourra s'occuper du deuxième après ici :) 

    ***

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, Avg (ou MBAM) et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Ton(tes) infection(s) : Egdaccess/Magic.control/Navipromo.
  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    30 Juin 2008 18:58:41

    ok, je vois demain pour continuer sur le PC de mon beau frere : il faut que je le connecte alors a internet pour le mettre a jour comme tu le demandes. (je l'ai encore une semaine normalement : je donnerais a mon beau frere les liens vers les regles de securités que tu as mis ci dessus).
    je posterais aussi sur les sites que tu as cité.

    Par contre, pour le portable de mon ami, je ne l'ai que 2 jours donc je vais creer un autre sujet.

    Pour finir, je te donnerai peut etre un rapport HijackThis de mon PC à moi quand on aura terminer juste au cas ou.

    juste pour info et au sujet de la multi-protection, que pense tu de antivir + kerio ?

    merci une fois de plus pour tout.
    30 Juin 2008 19:22:33

    Re,

    Oki :super:

    Citation :
    juste pour info et au sujet de la multi-protection, que pense tu de antivir + kerio ?


    Nickel.

    ;) 
    30 Juin 2008 22:44:39

    re,

    ci joint rapport TCleaner.txt

    merci et bonne soirée

    -->- Recherche:

    C:\SDFIX: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\SdFix.exe: trouvé !
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.exe: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\SdFix.exe: supprimé !
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.exe: supprimé !
    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\SDFIX: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
    C:\Program Files\Navilog1: supprimé !
    2 Juillet 2008 09:27:51

    Re,

    De rien ce fut un plaisir !

    Rapporte ton infection sur malware complain si ce n'est pas fait, c'est important ;) 

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Bonne continuation :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS