Se connecter / S'enregistrer
Votre question

Windows Security alert

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Août 2007 19:25:17

Bonjour tout le monde
J'ai un problème avec mon PC car depuis quelque temps, un paneau triangulaire jaune est apparu a coté de l'horloge en bas a droite de l'écran, et dès que je passe dessus il me met le message " your computer is infected " alors qu'avast ne trouve aucun virus, et j'utilise ad-aware et spybot assez régulièrement..
En plus de cela toute les 2-3 j'ai u message qui m'informe que j'ai un spyware..et pour couronner le tout, je ne suis meme plus l'admin de mon ordinateur lol...

Merci de vos reponses

Autres pages sur : windows security alert

a b 8 Sécurité
16 Août 2007 19:30:47

Bonjour,

Télécharge Hijackthis (de Trend Micro).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :

  • Edition / Sélectionner tout
  • Edition / Copier
  • Clique-Droit / Coller dans ta réponse
    16 Août 2007 19:32:04

    Salut Gaara94, AngelDark :hello: 

    Trop lent.. ;) 
    Contenus similaires
    16 Août 2007 22:57:28

    Salut, merci Angeldark pour ta réponse immédiate et desolé de la lenteur de la réponse :s...donc voici le contenu :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:56:05, on 16/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\printer.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Lexmark P910 Series\ezprint.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\lxbycoms.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: system.exe
    O4 - Global Startup: autorun.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

    --
    End of file - 6824 bytes
    16 Août 2007 23:26:21

    petit up s'il vous plait ^^
    17 Août 2007 13:07:03

    Plus personne ? :( 
    a b 8 Sécurité
    17 Août 2007 13:42:40

    De la patience ?

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
    17 Août 2007 14:07:31

    voila voila :

    17/08/2007 a 14:06:54,34

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\printer.exe FOUND
    C:\WINDOWS\system32\WinAvXX.exe FOUND
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
    C:\WINDOWS\Temp\win????.tmp.exe FOUND

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\DaemonTools_WhenUSave_Installer\" FOUND
    "C:\Program Files\WebMediaPlayer\" FOUND
    *** Fin du rapport !
    a b 8 Sécurité
    17 Août 2007 14:08:48

    Re,

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
    17 Août 2007 14:25:03

    Voici enfin le rapport :



    Search Navipromo version 2.0.8 commencé le 17/08/2007 à 14:14:40,39

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 15.08.2007 a 15h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***




    *** Recherche dossiers dans C:\WINDOWS ***




    *** Recherche dossiers dans C:\Program Files ***


    C:\Program Files\WebMediaPlayer trouvé !


    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




    *** Recherche dossiers dans C:\Documents and Settings\Compaq_Propri‚taire\Application Data ***



    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    http://www.f-secure.com/blacklight/blacklight_help.html


    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of October, 2007.
    Version information: 2.2.1064.

    [+] Started on 08/17/07 at 14:14:41.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items .......................................................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 08/17/07 at 14:23:00 (return code = 0).


    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !


    *** Recherche cles registre ***


    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



    Recherche Clé Magic Control



    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:


    2)Recherche Heuristique :
    *
    **
    ***
    ****
    *****
    ******
    *******
    ********


    3)Recherche Certificats :


    *** Recherche avec GenericNaviSearch Beta ***
    !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A verifier impérativement avant toute suppression manuelle !!!

    Fichiers trouvés :

    Aucun Fichier trouvé !

    Fichiers suspects :

    Aucun Fichier suspect trouvé !


    *** Analyse Terminé le 17/08/2007 à 14:23:17,18 ***
    a b 8 Sécurité
    17 Août 2007 14:27:27

    R,

    Redémarre en mode sans échec

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement.

    Poste le rapport clean : C:\rapport_clean.txt
    17 Août 2007 14:45:34

    Re, voici le rapport :

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 17/08/2007 a 14:33:06,45

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\printer.exe
    Impossible de supprimer C:\WINDOWS\system32\printer.exe
    tentative de suppression de C:\WINDOWS\system32\WinAvXX.exe
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
    tentative de suppression de C:\WINDOWS\Temp\win????.tmp.exe

    *** Suppression des fichiers dans C:\Program Files
    tentative de suppression de "C:\Program Files\DaemonTools_WhenUSave_Installer\"
    tentative de suppression de "C:\Program Files\WebMediaPlayer\"

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    a b 8 Sécurité
    17 Août 2007 14:48:48

    Reposte un rapport Hijackthis.
    17 Août 2007 14:52:45

    Voila :) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:52:33, on 17/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\printer.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Lexmark P910 Series\lxbymon.exe
    C:\Program Files\Lexmark P910 Series\ezprint.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lxbycoms.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\no$gba-w\NO$GBA.EXE
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: system.exe
    O4 - Global Startup: autorun.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

    --
    End of file - 6955 bytes
    17 Août 2007 15:20:25

    Ah c'est alors pour ca que mon pc ne veut plus de moi en tant qu'administrateur ? lol ^^

    Merci de ton aide Angeldark tu fais un super boulot ici c'est cool :D 
    a b 8 Sécurité
    17 Août 2007 15:37:24

    Pas compris :) 
    17 Août 2007 16:00:13

    Ben j'ai bien desinstallé avast4 avec le petit logiciel que tu m'as indiqué et ensuite j'ai installé antivir, j'ai redémarré et....toujours le meme panneau, le meme message toute les 2-3 minute et l'accès refusé aux commandes administrateur...
    a b 8 Sécurité
    17 Août 2007 16:06:50

    Fais un scan avec Antivirir puis poste le rapport :) 
    17 Août 2007 18:47:15

    Voici ENFIN le rapport du scan (le scan a éte bien long désolé :/  )




    AntiVir PersonalEdition Classic
    Report file date: vendredi 17 août 2007 16:14

    Scanning for 1026615 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Compaq_Propriétaire
    Computer name: NOM-D3A4C94E6FD

    Version information:
    BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
    AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
    AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
    LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
    LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
    ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 13:49:41
    ANTIVIR2.VDF : 6.39.0.226 1223680 Bytes 10/08/2007 13:49:41
    ANTIVIR3.VDF : 6.39.1.14 244736 Bytes 17/08/2007 13:49:41
    AVEWIN32.DLL : 7.4.1.62 2724352 Bytes 17/08/2007 13:49:42
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 17/08/2007 13:49:43
    AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
    AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
    AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
    RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 17 août 2007 16:14

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'lxbycoms.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'ezprint.exe' - '1' Module(s) have been scanned
    Scan process 'lxbymon.exE' - '1' Module(s) have been scanned
    Scan process 'ALCMTR.EXE' - '1' Module(s) have been scanned
    Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'printer.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\system32\printer.exe'
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'printer.exe' has been terminated
    C:\WINDOWS\system32\printer.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11
    [INFO] The file was deleted!

    43 processes with 42 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'F:\'
    [NOTE] In the drive 'F:\' no data medium is inserted!
    Boot sector 'G:\'
    [NOTE] In the drive 'G:\' no data medium is inserted!
    Boot sector 'H:\'
    [NOTE] In the drive 'H:\' no data medium is inserted!
    Boot sector 'I:\'
    [NOTE] In the drive 'I:\' no data medium is inserted!
    Boot sector 'J:\'
    [NOTE] In the drive 'J:\' no data medium is inserted!

    Starting to scan the registry.
    C:\WINDOWS\system32\WinAvXX.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11
    [INFO] The file was deleted!
    C:\WINDOWS\system32\WinAvXX.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11
    C:\WINDOWS\system32\WinAvXX.exe
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11
    [INFO] The file was deleted!
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11
    C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\system.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11
    [INFO] The file was deleted!
    C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\system.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11

    The registry was scanned ( '33' files ).


    Starting the file scan:

    Begin scan in 'C:\' <PRESARIO>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\system.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11
    [INFO] The file was deleted!
    C:\Documents and Settings\C-Lynn\Mes documents\Ma musique\Ma musique\downloads\01E1829A\_.asf
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\C-Lynn\Mes documents\Ma musique\Ma musique\downloads\01E809ED\_.asf
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\C-Lynn\Mes documents\Ma musique\Ma musique\downloads\01EB9759\_.asf
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\C-Lynn\Mes documents\Ma musique\Ma musique\downloads\01EF3744\_.asf
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Ma musique\downloads\01E1829A\_.asf
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Ma musique\downloads\01E809ED\_.asf
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Ma musique\downloads\01EB9759\_.asf
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Ma musique\downloads\01EF3744\_.asf
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\3.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\clean_111143.dll
    [DETECTION] Is the Trojan horse TR/PSW.Sinowal.NAZ
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\clean_fe8ff.dll
    [DETECTION] Is the Trojan horse TR/PSW.Sinowal.NAZ
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\gosB.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\jar_cache50845.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\jar_cache50846.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\jar_cache50847.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\jar_cache50849.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\jar_cache50850.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\us0105.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\win11.tmp.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temp\EMULEc7f\MadeTo Print v1.0.007 serial keygen.zip
    [0] Archive type: ZIP
    --> MadeTo Print v1.0.007.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temporary Internet Files\Content.IE5\94ON58KV\srvvqg[1].exe
    [DETECTION] Is the Trojan horse TR/Agent.arp.1
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Local Settings\Temporary Internet Files\Content.IE5\WQPILPVJ\RKSCv1[1].exe
    [DETECTION] Is the Trojan horse TR/Drop.Relevant.A
    [INFO] The file was deleted!
    C:\Documents and Settings\hugo\Menu Démarrer\Programmes\Démarrage\system.exe
    [DETECTION] Is the Trojan horse TR/Renos.14848.11
    [INFO] The file was deleted!
    C:\Program Files\CEDP Stealer 6.0 for Messenger\CEDP.Stealer.exe
    [DETECTION] Is the Trojan horse TR/Spy.BJCG.E.1
    [INFO] The file was deleted!
    C:\Program Files\Copie de Triggersoft\Rose Online Evolution\TRose.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [INFO] The file was moved to '4734ba92.qua'!
    C:\Program Files\eMule\Incoming\Adobe Photoshop CS2 KeyGen Serial Crack.zip
    [0] Archive type: ZIP
    --> Adobe Photoshop CS Activator.exe
    [DETECTION] Is the Trojan horse TR/Agent.48156
    [INFO] The file was deleted!
    C:\Program Files\eMule\Incoming\Keygen (Serial Activation) For Adobe Creative Suite 2-Photoshop Cs2 v9-Illustrator Cs2 v12-Indesign Cs2V 4-Golive Cs2 V.rar
    [0] Archive type: RAR
    --> Adobe Photoshop Cs2 Keygen Serial Crack(1).zip
    [1] Archive type: ZIP
    --> Adobe Photoshop CS Activator.exe
    [DETECTION] Is the Trojan horse TR/Agent.48156
    [INFO] The file was deleted!
    C:\Program Files\Mozilla Firefox\install.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was deleted!
    C:\Program Files\Mozilla Firefox\serial.exe~
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was deleted!
    C:\Program Files\Navilog1\navilog1.bat
    [DETECTION] Contains suspicious code HEUR/Exploit.HTML
    [INFO] The file was moved to '473bc3d0.qua'!
    C:\WINDOWS\mgrs.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.P.2
    [INFO] The file was deleted!
    C:\WINDOWS\mgrs.exe~
    [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.P.2
    [INFO] The file was deleted!
    C:\WINDOWS\Temp\startdrv.exe
    [DETECTION] Contains signature of the worm WORM/Wigon.AB
    [INFO] The file was deleted!
    Begin scan in 'D:\' <PRESARIO_RP>
    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'I:\'
    Search path I:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'J:\'
    Search path J:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\' <Lexmark P910 Ser>


    End of the scan: vendredi 17 août 2007 18:46
    Used time: 2:31:43 min

    The scan has been done completely.

    16348 Scanning directories
    715577 Files were scanned
    39 viruses and/or unwanted programs were found
    2 classified as suspicious:
    36 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    715536 Files not concerned
    16742 Archives were scanned
    3 Warnings
    10 Notes
    0 Hidden objects were found


    a b 8 Sécurité
    17 Août 2007 19:07:38

    Reposte un rapport Hijackthis.
    17 Août 2007 19:44:16

    Voila le nouveau rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:43:39, on 17/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Lexmark P910 Series\ezprint.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lxbycoms.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wisptis.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

    --
    End of file - 6554 bytes
    a b 8 Sécurité
    17 Août 2007 20:00:47

    Re,

    Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe


    Supprime :
    C:\WINDOWS\system32\printer.exe
    C:\WINDOWS\system32\WinAvXX.exe
    17 Août 2007 20:15:09

    J'ai pas compris la methode pour fixer les lignes en italiques....que je ne vois pas d'aileur xD
    a b 8 Sécurité
    17 Août 2007 20:17:01

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    <- les deux lignes

    Tu as vu le tuto ?
    17 Août 2007 20:20:19

    Ah voila c'est fait :D 
    a b 8 Sécurité
    17 Août 2007 20:20:46

    Reposte un rapport Hijackthis.
    17 Août 2007 20:26:36

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:26:28, on 17/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Lexmark P910 Series\ezprint.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lxbycoms.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wisptis.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

    --
    End of file - 6421 bytes


    :D :D :D :D :D 
    a b 8 Sécurité
    17 Août 2007 21:22:27

    C'est mieux ?
    17 Août 2007 21:29:30

    Oui aucun message, plus le paneau, et j'ai ete ré elu administrateur de mon PC :D 

    Merci a toi ^^
    a b 8 Sécurité
    17 Août 2007 21:29:55

    Bon surf alors ;) 
    18 Août 2007 17:07:12

    J'aurais parlé trop vite ?
    Ca devait pas etre le jour des election car je ne suis toujours pas administrateur de mon PC... Y-Y
    a b 8 Sécurité
    18 Août 2007 20:17:32

    Reposte un rapport Hijackthis.
    19 Août 2007 13:56:46

    Voila :) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:56:38, on 19/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Lexmark P910 Series\ezprint.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lxbycoms.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

    --
    End of file - 6388 bytes
    a b 8 Sécurité
    20 Août 2007 14:16:52

    C'est apparemment propre.

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Fais les mises à jour mais ne lance pas de scan pour le moment.
    AIDE : Tuto sur AVG Anti-Spyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS :
    - Choisis l'onglet "Analyse"
    - Puis l'onglet "Paramètres"
    - Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    - Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    [#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Redémarre normalement.
    Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
    14 Septembre 2007 10:37:18

    salut c'est la première fois que je viens sur ce forum et je me permets de t'ecrire car j'ai moi aussi un soucis avec ce spyware...j'ai rien installé de ce qu'il ma demandé, avast l'a arreté avant mais il est quand meme là!!! alors j'ai téléchargé Hijackthis, puis clean puis navipromo...et voici les rapports...

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    3 Octobre 2007 14:43:27

    Salut tout le monde j'ai le meme problème voile le rapport
    -------------------------------------------------------------------------

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    10 Décembre 2007 12:01:56

    Salut wildchildal, écoute j'ai le mêm problème depuis 2 jours


    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    1 Juillet 2008 08:05:26

    Logfile of HijackThis v1.99.1
    Scan saved at 09:49:34, on 01/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\csrss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\WINDOWS\Explorer.exe
    I:\Program Files\Web Technologies\iebtm.exe
    I:\Program Files\Web Technologies\wcs.exe
    I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    I:\WINDOWS\system32\hkcmd.exe
    I:\WINDOWS\system32\igfxpers.exe
    I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\SuperCopier2\SuperCopier2.exe
    I:\Program Files\DNA\btdna.exe
    I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    I:\Program Files\Web Technologies\iebtmm.exe
    I:\WINDOWS\System32\FTRTSVC.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    I:\WINDOWS\System32\alg.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    I:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    I:\Program Files\Web Technologies\wcm.exe
    I:\Program Files\Mozilla Firefox\firefox.exe
    I:\Documents and Settings\le renard\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - I:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - I:\Program Files\Web Technologies\iebt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Internet Service - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - I:\Program Files\Web Technologies\iebr.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [igfxtray] I:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] I:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] I:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] I:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ante cast ooze tray] I:\Documents and Settings\All Users\Application Data\Bin Wait Ante Cast\Trust Cake.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] I:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "I:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [mosiwq] i:\documents and settings\le renard\local settings\application data\mosiwq.exe mosiwq
    O4 - HKCU\..\Run: [style list] I:\DOCUME~1\LERENA~1\APPLIC~1\AMENTO~1\type4.exe
    O4 - Startup: IMVU.lnk = I:\Program Files\IMVU\IMVUClient.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - I:\Documents and Settings\le renard\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84336A92-1CBC-4102-940C-6AF97264852A}: NameServer = 85.255.115.20,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A14187-E6A6-4D6E-959B-018DCC2BC9A8}: NameServer = 85.255.115.20,85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.233
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - I:\WINDOWS\SYSTEM32\igfxdev.dll
    O21 - SSODL: bgntlvo - {FFDE66AE-0645-4069-A364-F64E032C28AD} - I:\WINDOWS\bgntlvo.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS