azerty9003

Bonjour chercheur, Depuis hier après-midi, plus une seule agression Spyware Secure ou autre, je crois que mon PC est bien nettoyé cette fois Un grand merci. Merci aussi pour tes conseils. Je vais les suivre. Je pense que l'infection doit provenir d'une pièce jointe, j'ai un copain qui s'st mis à me faire suivre toutes sortes de blagues...

Merci, je n'ai pas eu de fenêtre intempestive depuis environ 1 heure que j'ai procédé à la dernière manip. Je croise les doigts. Question subsidiaire: Mon PC est protégé par - AVG Free edition - Spybot Seach and Destroy - j'ai ajouté, il y a quelques jours, Ad-Aware 2007 Tous ces programmes sont mis à jour quotidiennement et effectuant également un scan par jour. Que faire pour se protéger de ces malwares ?

Merci chercheur pour ta patience, Voici C:\egd.txt, cette fois il est daté d'aujourd'hui: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\ 00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\ 73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\ 00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\ 69,00,64,00,65,00,00,00 "RtHDVCpl"="RtHDVCpl.exe" "TPwrMain"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,\ 6c,00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,5c,\ 00,50,00,6f,00,77,00,65,00,72,00,20,00,53,00,61,00,76,00,65,00,72,00,5c,00,\ 54,00,50,00,77,00,72,00,4d,00,61,00,69,00,6e,00,2e,00,45,00,58,00,45,00,00,\ 00 "HSON"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\ 00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,5c,00,\ 54,00,42,00,53,00,5c,00,48,00,53,00,4f,00,4e,00,2e,00,65,00,78,00,65,00,00,\ 00 "SmoothView"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\ 00,6c,00,65,00,73,00,25,00,5c,00,54,00,6f,00,73,00,68,00,69,00,62,00,61,00,\ 5c,00,53,00,6d,00,6f,00,6f,00,74,00,68,00,56,00,69,00,65,00,77,00,5c,00,53,\ 00,6d,00,6f,00,6f,00,74,00,68,00,56,00,69,00,65,00,77,00,2e,00,65,00,78,00,\ 65,00,00,00 "00TCrdMain"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\ 00,6c,00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,\ 5c,00,46,00,6c,00,61,00,73,00,68,00,43,00,61,00,72,00,64,00,73,00,5c,00,54,\ 00,43,00,72,00,64,00,4d,00,61,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,00 "KeNotify"="C:\\Program Files\\TOSHIBA\\Utilities\\KeNotify.exe" "HWSetup"="C:\\Program Files\\TOSHIBA\\Utilities\\HWSetup.exe hwSetUP" "SVPWUTIL"="C:\\Program Files\\TOSHIBA\\Utilities\\SVPWUTIL.exe SVPwUTIL" "NDSTray.exe"="NDSTray.exe" "NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart" "NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Toshiba Registration"="C:\\Program Files\\Toshiba\\Registration\\ToshibaRegistration.exe" "Camera Assistant Software"="\"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "NWEReboot"="" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "MaxBlastMonitor.exe"="C:\\Program Files\\Maxtor\\MaxBlast\\MaxBlastMonitor.exe" "AcronisTimounterMonitor"="C:\\Program Files\\Maxtor\\MaxBlast\\TimounterMonitor.exe" "Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Maxtor\\Schedule2\\schedhlp.exe\""

Bonjour chercheur, J'ai effectué les manips conseillées. Tout semble s'être déroulé OK jusqu'au passage de HighJack This qui a provoqué les 2 messages d'erreur suivants: 1. For some reason, you system denied access to the Hosts file... 2. An unexpected eror has occured oat procedure modMain_CheckOtherItem() Error #75 - Erreur dans chemin d'acces De toutes façons, voici le rapport de HighJack This: Logfile of HijackThis v1.99.1 Scan saved at 11:12:49, on 06/07/2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\HijackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) et voici C:\Egd.txt mais c'est celui qui a été créé hier après-midi: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\ 00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\ 73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\ 00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\ 69,00,64,00,65,00,00,00 "RtHDVCpl"="RtHDVCpl.exe" "TPwrMain"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,\ 6c,00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,5c,\ 00,50,00,6f,00,77,00,65,00,72,00,20,00,53,00,61,00,76,00,65,00,72,00,5c,00,\ 54,00,50,00,77,00,72,00,4d,00,61,00,69,00,6e,00,2e,00,45,00,58,00,45,00,00,\ 00 "HSON"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\ 00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,5c,00,\ 54,00,42,00,53,00,5c,00,48,00,53,00,4f,00,4e,00,2e,00,65,00,78,00,65,00,00,\ 00 "SmoothView"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\ 00,6c,00,65,00,73,00,25,00,5c,00,54,00,6f,00,73,00,68,00,69,00,62,00,61,00,\ 5c,00,53,00,6d,00,6f,00,6f,00,74,00,68,00,56,00,69,00,65,00,77,00,5c,00,53,\ 00,6d,00,6f,00,6f,00,74,00,68,00,56,00,69,00,65,00,77,00,2e,00,65,00,78,00,\ 65,00,00,00 "00TCrdMain"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\ 00,6c,00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,\ 5c,00,46,00,6c,00,61,00,73,00,68,00,43,00,61,00,72,00,64,00,73,00,5c,00,54,\ 00,43,00,72,00,64,00,4d,00,61,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,00 "KeNotify"="C:\\Program Files\\TOSHIBA\\Utilities\\KeNotify.exe" "HWSetup"="C:\\Program Files\\TOSHIBA\\Utilities\\HWSetup.exe hwSetUP" "SVPWUTIL"="C:\\Program Files\\TOSHIBA\\Utilities\\SVPWUTIL.exe SVPwUTIL" "NDSTray.exe"="NDSTray.exe" "NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart" "NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Toshiba Registration"="C:\\Program Files\\Toshiba\\Registration\\ToshibaRegistration.exe" "Camera Assistant Software"="\"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "NWEReboot"="" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "MaxBlastMonitor.exe"="C:\\Program Files\\Maxtor\\MaxBlast\\MaxBlastMonitor.exe" "AcronisTimounterMonitor"="C:\\Program Files\\Maxtor\\MaxBlast\\TimounterMonitor.exe" "Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Maxtor\\Schedule2\\schedhlp.exe\"" "tfaedbbg"="c:\\windows\\system32\\tfaedbbg.exe tfaedbbg" La fenêtre bleue de SPYWARE SECURE vient encore de s'ouvrir à l'instant, la bête immonde est toujours là. Peux-tu m'aider ? Merci.

Bonjour chercheur, Tout d'abord, merci de bien vouloir m'aider. Voici le rapport C:\egd.txt Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\ 00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\ 73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\ 00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\ 69,00,64,00,65,00,00,00 "RtHDVCpl"="RtHDVCpl.exe" "TPwrMain"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,\ 6c,00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,5c,\ 00,50,00,6f,00,77,00,65,00,72,00,20,00,53,00,61,00,76,00,65,00,72,00,5c,00,\ 54,00,50,00,77,00,72,00,4d,00,61,00,69,00,6e,00,2e,00,45,00,58,00,45,00,00,\ 00 "HSON"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\ 00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,5c,00,\ 54,00,42,00,53,00,5c,00,48,00,53,00,4f,00,4e,00,2e,00,65,00,78,00,65,00,00,\ 00 "SmoothView"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\ 00,6c,00,65,00,73,00,25,00,5c,00,54,00,6f,00,73,00,68,00,69,00,62,00,61,00,\ 5c,00,53,00,6d,00,6f,00,6f,00,74,00,68,00,56,00,69,00,65,00,77,00,5c,00,53,\ 00,6d,00,6f,00,6f,00,74,00,68,00,56,00,69,00,65,00,77,00,2e,00,65,00,78,00,\ 65,00,00,00 "00TCrdMain"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\ 00,6c,00,65,00,73,00,25,00,5c,00,54,00,4f,00,53,00,48,00,49,00,42,00,41,00,\ 5c,00,46,00,6c,00,61,00,73,00,68,00,43,00,61,00,72,00,64,00,73,00,5c,00,54,\ 00,43,00,72,00,64,00,4d,00,61,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,00 "KeNotify"="C:\\Program Files\\TOSHIBA\\Utilities\\KeNotify.exe" "HWSetup"="C:\\Program Files\\TOSHIBA\\Utilities\\HWSetup.exe hwSetUP" "SVPWUTIL"="C:\\Program Files\\TOSHIBA\\Utilities\\SVPWUTIL.exe SVPwUTIL" "NDSTray.exe"="NDSTray.exe" "NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart" "NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Toshiba Registration"="C:\\Program Files\\Toshiba\\Registration\\ToshibaRegistration.exe" "Camera Assistant Software"="\"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "NWEReboot"="" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "MaxBlastMonitor.exe"="C:\\Program Files\\Maxtor\\MaxBlast\\MaxBlastMonitor.exe" "AcronisTimounterMonitor"="C:\\Program Files\\Maxtor\\MaxBlast\\TimounterMonitor.exe" "Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Maxtor\\Schedule2\\schedhlp.exe\"" "tfaedbbg"="c:\\windows\\system32\\tfaedbbg.exe tfaedbbg"

Bonjour, Mon portable Toshiba sous Vista est victime d'un infection par SPYWARE SECURE et peut-être par d'autres malwares. De temps en temps, une fenêtre s'ouvre dans mon navigateur (Firefox) me "conseillant" d'éliminer les spywares qui ralentissent ma machine. Parfois aussi une page non demandée s'ouvre (E-Bay par exemple). Après une recherche Google, j'ai consulté plusieurs fils sur ce forum sur l'élimination de Spyware Secure et tenté de me dépanner tout seul. Mais soit certains outils proposés ne fonctionnent pas sous Vista, soit j'ai mal appliqué la procédure et tous mes efforts se sont révélés inefficaces. Bref, j'ai besoin qu'un spécialiste me tienne la main car je me sens en terrain miné et je remercie par avance pour toute aide qui pourrait m'être apportée. Voici mon premier rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 10:48:12, on 05/07/2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe C:\Windows\System32\tfaedbbg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\HijackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [tfaedbbg] c:\windows\system32\tfaedbbg.exe tfaedbbg O4 - HKCU\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)