Patitou

Bonjour Loup Blanc Merci pour ta réponse rapide. Me voilà rassurée puisqu'il n'y a pas d'infection juste des corrections.

Bonjour Malgré la mise en sécurité de mon pc depuis peu par un éminent membre de Zébulon, (nouveau firewall Comodofirewallpro 2.4, nouvel antivirus Antivir, Antispyware Webroot spy Sweeper, antimalwares Malwarebyte's Antimalware et mises à jour diverses et variées des programmes pour éviter les failles de sécurité...) j'ai encore eu la désagréable surprise de me retrouver avec 2 éléments de registre infectés. J'ai effectué le scan via MBAM. Si quelqu'un a la gentillesse ...encore (car c'est la 2ème fois en peu de temps) de m'aider à supprimer ces cochonneries. PS : Ce n'est peut-être pas très grave mais toute infection n'est jamais innocente non plus. Un énorme merci par anticipation! Je poste le rapport de MBAM : Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1147 Windows 5.1.2600 Service Pack 3 14/09/2008 15:05:07 mbam-log-2008-09-14 (15-05-07).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 131570 Temps écoulé: 59 minute(s), 56 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Hello Le Sioux Bon et bien je pense en avoir fini avec mes questions. Un grand merci pour tout le temps que tu as bien voulu me consacrer et pour la clarté de tes explications. Je n'y serai pas arrivée sans ton aide. A plus

Coucou Le Sioux Tu as répondu par anticipation à mes questions. Juste pour être au clair : Je dois réinstaller certains logiciels (par exemple open office puisqu'il est préférable de désinstaller la précédente version avant d'installer la plus récente) : un scan du seul fichier exe via "Antivir" suffit-il à s'assurer que ce téléchargement est sain? - On devient un peu plus parano (ce n'est pas plus mal) quand on a fréquenté un forum d'éradications de virus et de failles de sécurité! D'autre part, j'ai comme anti spyware "Spy Sweeper", qu'en penses-tu? Merci encore (

Bonsoir Le Sioux De mon côté tout est OK... enfin bien plus qu'avant ton intervention! Mon PC a l'air de se porter comme un charme! J'aurais quelques questions si tu veux bien car je voudrais "minimiser" (car le risque zéro n'existe pas) le risque d'infection et tes conseils sont clairs et avisés. je te laisse cependant aller au bout de la "sécurisation" de mon PC. Je suis enchantée de cet échange plein d'intérêt et d'apprentissage en ce qui me concerne. A tout bientôt.

Coucouc Le Sioux Ca y est, j'ai fait tout ce que tu m'as demandé! Ne t'inquiète pas pour Utorrent, je l'ai supprimé sans état d'âme quand bien même payant. En ce qui concerne Antivir, je suis allée voir le tutorial de paramétrages mais je n'ai pas semble-il la même interface...j'espère que j'emploie le bon vocabulaire (corrige-moi le cas échéant... il n'est jamais trop tard pour apprendre!) Je n'ai pas les appelés "action on malware" et "heuristic" par exemple... Cela vient peut-être d'une version différente? Alors j'ai paramétré avec ce qui me semblait être identique sur les deux versions... Bon quoi qu'il en soit j'ai effectué le scan Antivir en mode sans échec dont voici le rapport (il y a encore des trucs qui clochent, je crois...) Encore mille mercis A suivre... Avira AntiVir Personal Report file date: samedi 30 août 2008 11:41 Scanning for 1582788 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: patricia guillemard Computer name: ACER-7989E0343A Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 08:31:30 ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 08:31:53 ANTIVIR3.VDF : 7.0.6.92 195584 Bytes 29/08/2008 08:31:55 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 30/08/2008 08:32:14 AESCN.DLL : 8.1.0.23 119156 Bytes 30/08/2008 08:32:13 AERDL.DLL : 8.1.0.20 418165 Bytes 30/08/2008 08:32:12 AEPACK.DLL : 8.1.2.1 364917 Bytes 30/08/2008 08:32:09 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 30/08/2008 08:32:07 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 30/08/2008 08:32:06 AEHELP.DLL : 8.1.0.15 115063 Bytes 30/08/2008 08:32:01 AEGEN.DLL : 8.1.0.36 315764 Bytes 30/08/2008 08:32:00 AEEMU.DLL : 8.1.0.7 430452 Bytes 30/08/2008 08:31:59 AECORE.DLL : 8.1.1.8 172406 Bytes 30/08/2008 08:31:57 AEBB.DLL : 8.1.0.1 53617 Bytes 30/08/2008 08:31:56 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 8.0.0.2 98344 Bytes 30/08/2008 08:31:55 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 30 août 2008 11:41 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] In the drive 'E:\' no data medium is inserted! Boot sector 'F:\' [iNFO] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [iNFO] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [iNFO] In the drive 'H:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '30' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP480\A0106306.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.105 C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP480\A0106306.exe [0] Archive type: RAR SFX (self extracting) --> SmitfraudFix\restart.exe [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program [NOTE] The file was moved to '48ea2235.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP480\A0106318.exe [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program [NOTE] The file was moved to '48ea223a.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0106786.scr [DETECTION] Contains detection pattern of the joke program JOKE/BlueScreen.B [NOTE] The file was moved to '48ea2253.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0106801.scr [DETECTION] Contains detection pattern of the joke program JOKE/BlueScreen.B [NOTE] The file was moved to '48ea2256.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0107851.exe [DETECTION] Is the Trojan horse TR/Fraud.AV2008.J [NOTE] The file was moved to '48ea225b.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0107853.scr [DETECTION] Contains detection pattern of the joke program JOKE/BlueScreen.B [NOTE] The file was moved to '48ea225e.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0107854.exe [DETECTION] Is the Trojan horse TR/Fakealert.Ace.7 [NOTE] The file was moved to '48ea2261.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP486\A0107864.exe [DETECTION] Contains detection pattern of the application APPL/BoontyGames [NOTE] The file was moved to '48ea2267.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP487\A0108101.vbs [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002 [NOTE] The file was moved to '48ea2271.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP487\A0108102.vbs [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002 [NOTE] The file was moved to '48ea2274.qua'! C:\unzipped\Bubble shooter Deluxe + Serial\BubbleSD\bshooter.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Armadillo). Please verify the origin of the file [NOTE] The file was moved to '492122c6.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\_OTMoveIt\MovedFiles\08292008_105541\Documents and Settings\patricia guillemard\Local Settings\Temp\.tt197.tmp [DETECTION] Is the Trojan horse TR/Drop.Frau.AV08.A [NOTE] The file was moved to '492d278e.qua'! Begin scan in 'D:\' <ACERDATA> Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: samedi 30 août 2008 12:55 Used time: 1:14:28 min The scan has been done completely. 7559 Scanning directories 517760 Files were scanned 13 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 12 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 517747 Files not concerned 9007 Archives were scanned 6 Warnings 12 Notes

Coucouc Le Sioux Ca y est, j'ai fait tout ce que tu m'as demandé! Ne t'inquiète pas pour Utorrent, je l'ai supprimé sans état d'âme quand bien même payant. En ce qui concerne Antivir, je suis allée voir le tutorial de paramétrages mais je n'ai pas semble-il la même interface...j'espère que j'emploie le bon vocabulaire (corrige-moi le cas échéant... il n'est jamais trop tard pour apprendre!) Je n'ai pas les appelés "action on malware" et "heuristic" par exemple... Cela vient peut-être d'une version différente? Alors j'ai paramétré avec ce qui me semblait être identique sur les deux versions... Bon quoi qu'il en soit j'ai effectué le scan Antivir en mode sans échec dont voici le rapport (il y a encore des trucs qui clochent, je crois...) Encore mille mercis A suivre... Avira AntiVir Personal Report file date: samedi 30 août 2008 11:41 Scanning for 1582788 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: patricia guillemard Computer name: ACER-7989E0343A Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 08:31:30 ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 08:31:53 ANTIVIR3.VDF : 7.0.6.92 195584 Bytes 29/08/2008 08:31:55 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 30/08/2008 08:32:14 AESCN.DLL : 8.1.0.23 119156 Bytes 30/08/2008 08:32:13 AERDL.DLL : 8.1.0.20 418165 Bytes 30/08/2008 08:32:12 AEPACK.DLL : 8.1.2.1 364917 Bytes 30/08/2008 08:32:09 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 30/08/2008 08:32:07 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 30/08/2008 08:32:06 AEHELP.DLL : 8.1.0.15 115063 Bytes 30/08/2008 08:32:01 AEGEN.DLL : 8.1.0.36 315764 Bytes 30/08/2008 08:32:00 AEEMU.DLL : 8.1.0.7 430452 Bytes 30/08/2008 08:31:59 AECORE.DLL : 8.1.1.8 172406 Bytes 30/08/2008 08:31:57 AEBB.DLL : 8.1.0.1 53617 Bytes 30/08/2008 08:31:56 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 8.0.0.2 98344 Bytes 30/08/2008 08:31:55 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 30 août 2008 11:41 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] In the drive 'E:\' no data medium is inserted! Boot sector 'F:\' [iNFO] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [iNFO] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [iNFO] In the drive 'H:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '30' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP480\A0106306.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.105 C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP480\A0106306.exe [0] Archive type: RAR SFX (self extracting) --> SmitfraudFix\restart.exe [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program [NOTE] The file was moved to '48ea2235.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP480\A0106318.exe [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program [NOTE] The file was moved to '48ea223a.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0106786.scr [DETECTION] Contains detection pattern of the joke program JOKE/BlueScreen.B [NOTE] The file was moved to '48ea2253.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0106801.scr [DETECTION] Contains detection pattern of the joke program JOKE/BlueScreen.B [NOTE] The file was moved to '48ea2256.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0107851.exe [DETECTION] Is the Trojan horse TR/Fraud.AV2008.J [NOTE] The file was moved to '48ea225b.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0107853.scr [DETECTION] Contains detection pattern of the joke program JOKE/BlueScreen.B [NOTE] The file was moved to '48ea225e.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP485\A0107854.exe [DETECTION] Is the Trojan horse TR/Fakealert.Ace.7 [NOTE] The file was moved to '48ea2261.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP486\A0107864.exe [DETECTION] Contains detection pattern of the application APPL/BoontyGames [NOTE] The file was moved to '48ea2267.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP487\A0108101.vbs [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002 [NOTE] The file was moved to '48ea2271.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP487\A0108102.vbs [DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002 [NOTE] The file was moved to '48ea2274.qua'! C:\unzipped\Bubble shooter Deluxe + Serial\BubbleSD\bshooter.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Armadillo). Please verify the origin of the file [NOTE] The file was moved to '492122c6.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\_OTMoveIt\MovedFiles\08292008_105541\Documents and Settings\patricia guillemard\Local Settings\Temp\.tt197.tmp [DETECTION] Is the Trojan horse TR/Drop.Frau.AV08.A [NOTE] The file was moved to '492d278e.qua'! Begin scan in 'D:\' <ACERDATA> Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: samedi 30 août 2008 12:55 Used time: 1:14:28 min The scan has been done completely. 7559 Scanning directories 517760 Files were scanned 13 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 12 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 517747 Files not concerned 9007 Archives were scanned 6 Warnings 12 Notes

Ccoucou Le Sioux Je fais suivre le message qui précède car je ne suis pas sûre d'avoir posté le bon.Oups! désolée. Coucou Le Sioux J'ai désinstallé Utorrent comme tu l'as demandé. Je pense que je me suis faite avoir car j'étais passée par le site payant "Utorrent"et j'avais acheté l'accès au logiciel. Cela voudrait-il dire que en même temps que le fichier, je recevais l'infection? Si c'est le cas quelle bande de C... que l'équipe Utorrent! enerve.gif Par ailleurs, je suis d'accord pour changer d'antivirus et je suivrai tes conseils; j'avais bien remarqué qu'Avast ne remplissait pas convenablement sa fonction d'antivirus. Je crois que je vais encore avoir besoin de toi un petit moment... A suivre... PS : Mon PC ne m'a pas demandé de rebooter...à aucun moment. Est-ce normal? Et pour répondre à ta dernière question, je constate que mon PC fait "moins de bruit" icon_wink.gif c'est à dire beaucoup moins d'accès disque sans raison et il me semble plus rapide à exécuter ce que je lui demande... mais cela reste subjectif pour l'instant. Je t'envoie le rapport de OTMoveIt : File/Folder C:\Documents and Settings\patricia guillemard\Mes documents\Downloads\Windows XP Ultimate-Edition 7 SP3 By Mad Dog not found. C:\Program Files\uTorrent moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_145641

Coucou Le Sioux J'ai désinstallé Utorrent comme tu l'as demandé. Je pense que je me suis faite avoir car j'étais passée par le site payant "Utorrent"et j'avais acheté l'accès au logiciel. Cela voudrait-il dire que en même temps que le fichier, je recevais l'infection? Si c'est le cas quelle bande de C... que l'équipe Utorrent! Par ailleurs, je suis d'accord pour changer d'antivirus et je suivrai tes conseils; j'avais bien remarqué qu'Avast ne remplissait pas convenablement sa fonction d'antivirus. Je crois que je vais encore avoir besoin de toi un petit moment... A suivre... PS : Mon PC ne m'a pas demandé de rebooter...à aucun moment. Est-ce normal? Et pour répondre à ta dernière question, je constate que mon PC fait "moins de bruit" c'est à dire beaucoup moins d'accès disque sans raison et il me semble plus rapide à exécuter ce que je lui demande... mais cela reste subjectif pour l'instant. Je t'envoie le rapport de OTMoveIt : File/Folder C:\Documents and Settings\patricia guillemard\Mes documents\Downloads\Windows XP Ultimate-Edition 7 SP3 By Mad Dog not found. C:\Program Files\uTorrent moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_145641

Coucou c'est encore moi avec la suite de tes recommandations. Tout s'est très bien passé : RAS Cidessous le rapportSDFix et Hijackthis PS : Tu m'as demandé d'enregistrer la discussion en cours mais je dois t'avouer que je l'imprime depuis le début car je lis mieux les instructions papier qu'écran... Je sais c'est la honte! mais je vivrais avec! Voici le rapport SDFix : SDFix: Version 1.220 Run by patricia guillemard on 29/08/2008 at 11:48 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt18D.tmp - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt285.tmp - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt287.tmp - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt36.tmp - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt37.tmp - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt52.tmp - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt87.tmp - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt89.tmp - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted C:\WINDOWS\system32\autorun.ini - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 11:54:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:bc,9e,6e,3f,b3,02,c2,7d,4a,00,08,d8,56,10,ac,f0,02,0e,8e,4f,6b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,be,b0,6a,1b,77,a6,f8,21,2a,9d,a1,3f,3e,26,6b,55,30,.. "khjeh"=hex:0f,f9,c2,79,c5,a9,90,15,57,c7,20,6a,06,a3,2d,61,9c,77,ce,1f,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:55,4f,e2,df,6a,45,15,cc,ef,80,a7,9f,3d,d4,31,5f,8a,20,64,8d,9e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:bc,9e,6e,3f,b3,02,c2,7d,4a,00,08,d8,56,10,ac,f0,02,0e,8e,4f,6b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,be,b0,6a,1b,77,a6,f8,21,2a,9d,a1,3f,3e,26,6b,55,30,.. "khjeh"=hex:0f,f9,c2,79,c5,a9,90,15,57,c7,20,6a,06,a3,2d,61,9c,77,ce,1f,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:55,4f,e2,df,6a,45,15,cc,ef,80,a7,9f,3d,d4,31,5f,8a,20,64,8d,9e,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "K:\\Shareaza\\Shareaza.exe"="K:\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe:*:Enabled:Spy Sweeper" "C:\\Program Files\\Fichiers communs\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"="C:\\Program Files\\Fichiers communs\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe:*:Enabled:LiveUpdate" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe" Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe" Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe" Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe" Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe" Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe" Fri 11 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll" Fri 11 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll" Fri 11 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll" Fri 11 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll" Fri 11 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe" Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe" Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe" Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe" Mon 24 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp" Wed 27 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT31.tmp" Wed 19 Dec 2007 4,680,704 ...H. --- "C:\Documents and Settings\patricia guillemard\Application Data\Microsoft\Word\~WRL1841.tmp" Finished! ...et le HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:19, on 29/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\uTorrent\utorrent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\patricia guillemard\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164045805325 O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8370 bytes A plus tard Merci tout plein, je te suis redevable.

Hello Le Sioux Voila la suite de mon histoire...enfin si je puis dire! J'ai lancé OTMoveIt et effectué ce que tu m'as demandé. Au moment de la commande "Movelt " j'ai mon antivirus (Avast) qui s'est brutalement rendu compte que je "jouais" avec des virus et autres infections et qui m'a envoyé 4 ou 5 messages d'alerte (mieux vaut tard que jamais). Ne sachant que faire pour ne pas compromettre ton travail, j'ai opté pour la mise en quarantaine...j'espère que je n'ai pas fait de bêtises. Rapport MoveIt : C:\Documents and Settings\patricia guillemard\Local Settings\Temp\.tt197.tmp moved successfully. File/Folder C:\Documents and Settings\patricia guillemard\Mes documents\Downloads\Windows XP Ultimate-Edition 7 SP3 By Mad Dog\ULTIMATE EDITION V7.iso not found. C:\Program Files\uTorrent\uTorrent-1.6.1-install.exe moved successfully. C:\WINDOWS\system32\32.tmp moved successfully. C:\WINDOWS\system32\33.tmp moved successfully. C:\WINDOWS\system32\34.tmp moved successfully. C:\WINDOWS\system32\35.tmp moved successfully. C:\WINDOWS\system32\36.tmp moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_105541

Coucou Le Sioux Bon ben t'en as pas fini avec moi... après un scan de plus de 4 heures...le verdict est tombé. Je te joins le rapport Kaspersky et j'attends que tu me guides pour la suite. Merci pour le temps que tu m'accordes. Rapport Kaspersky : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, August 28, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, August 28, 2008 13:29:07 Records in database: 1156209 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 83558 Threat name: 5 Infected objects: 10 Suspicious objects: 0 Duration of the scan: 04:32:30 File name / Threat name / Threats count C:\Documents and Settings\patricia guillemard\Local Settings\Temp\.tt197.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.qr 1 C:\Documents and Settings\patricia guillemard\Mes documents\Downloads\Windows XP Ultimate-Edition 7 SP3 By Mad Dog\ULTIMATE EDITION V7.iso Infected: not-a-virus:RiskTool.Win32.HideWindows 1 C:\Program Files\uTorrent\uTorrent-1.6.1-install.exe Infected: Trojan-Downloader.Win32.Banload.ujv 1 C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP480\A0106306.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP480\A0106317.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\WINDOWS\system32\32.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.qj 1 C:\WINDOWS\system32\33.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.qj 1 C:\WINDOWS\system32\34.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.qj 1 C:\WINDOWS\system32\35.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.qj 1 C:\WINDOWS\system32\36.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.qj 1 The selected area was scanned.

Bonjour Le Sioux Bon bien j'ai suivi scrupuleusement ce que tu m'as demandé de faire. J'ai supprimé les fichiers et applications Boonty games. J'ai coché toutes les lignes attendues dans Hijackthis : RAS aucune manquante. (rapport ci-dessous) Fix checked OK En revanche pour OTMoveIt de Old_Timer, il semblerait que le rapport (ci-joint) mentionne qu'il ne trouve pas ("not found") les fichiers concernés?... A toi de me dire... Il me reste les mises à jour de la console Java et Open Office : ce que je vais faire sans tarder. Encore merci pour ton aide : je suis toujours admirative devant la vraie maîtrise de l'outil informatique compte tenu de mes maigres capacités en ce domaine. A suivre... Rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:57, on 28/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\neodivx2006\NeoDivX.exe C:\Documents and Settings\patricia guillemard\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164045805325 O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 7969 bytes Rapport OTMoveIt de Old_Timer : File/Folder C:\Program Files\rhcvpqj0eac5 not found. File/Folder C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5 not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08282008_121734

Merci de ton aide Le Sioux J'ai supprimé la quarantaine de malwarebytes comme tu me l'as demandé. Je te joins le rapport : Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1062 Windows 5.1.2600 Service Pack 2 01:07:39 28/08/2008 mbam-log-08-28-2008 (01-07-39).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 120728 Temps écoulé: 1 hour(s), 37 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 7 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 12 Fichier(s) infecté(s): 19 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcvpqj0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhcvpqj0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcvpqj0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcrpqj0eac5 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhcvpqj0eac5 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\rhcvpqj0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\rhcvpqj0eac5\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\rhcvpqj0eac5\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvpqj0eac5\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvpqj0eac5\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvpqj0eac5\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvpqj0eac5\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvpqj0eac5\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvpqj0eac5\rhcvpqj0eac5.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvpqj0eac5\rhcvpqj0eac5.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvpqj0eac5\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\blphcrpqj0eac5.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphcrpqj0eac5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcrpqj0eac5.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\patricia guillemard\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. Et voici aussi le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:13:46, on 28/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\uTorrent\utorrent.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Eurobarre\eb.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\patricia guillemard\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164045805325 O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 9642 bytes