Cheval de troie détecté par avast mais

Bonsoir,
Merci de me répondre, je n'arrive pas à le supprimer depuis avast

Bonjour,
Merci de me répondre, voici le rapport hijac:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:33, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows

Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Fichiers communs\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers

communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio

Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator

6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS

Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager]

"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe (User 'User')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'User')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [Gluelite]

C:\DOCUME~1\User\APPLIC~1\MAGSAN~1\THUNKEXIT.exe (User 'User')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [ares] "C:\Program

Files\Ares\Ares.exe" -h (User 'User')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [AdobeUpdater]

"C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" (User

'User')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers

communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload

Tool) -

https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.

RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers

communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program

Files\Controle Parental\bin\optproxy.exe
O23 - Service: ProtexisLicensing - Unknown owner -

C:\WINDOWS\system32\PSIService.exe
O23 - Service: DelFax PRO (wfxsvc) - Symantec Corporation -

C:\WINDOWS\system32\WFXSVC.EXE

Bonsoir,
Voici le rapport findykill. Merci.



----------------- FindyKill V4.705 ------------------

* User : Corn‚lia Nobili - USER-4361BC0D6F
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 20:14:59 le 27/11/2008
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows

Live\WLLoginProxy.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Corn‚lia Nobili\Application

Data


»»»» Presence des fichiers dans C:\DOCUME~1\CORNLI~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Corn‚lia Nobili\Local

Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
OM_Monitor=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
Yahoo! Pager="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\BtcMaestr

o=
ModelName=2003RF
Version=2.0.1-75AP MUL
Language=1 (0x1)
KeyboardID=0 (0x0)
MouseID=0 (0x0)
KeyboardSID=0 (0x0)
MouseSID=0 (0x0)
RMenuSel=0 (0x0)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\BtcMaestr

o\Config=
DisplayLabel=1 (0x1)
TaskbarIcon=1 (0x1)
Autoplay=1 (0x1)
L067=Paint
L066=Bouton central de la souris
L065=
L064=
L063=Ejecter/Fermer 2
L062=
L061=
L060=
L059=
L058=
L057=
L056=
L055=
L054=
L053=
L052=
L051=
L050=
L049=
L048=
L047=
L046=
L045=
L044=Calendrier
L043=Power Point
L042=Excel
L041=Word
L040=Défiler vers le bas
L039=Défiler vers le haut
L038=Configurer
L037=Piles du clavier et de la souris faibles
L036=Piles de la souris faibles
L035=Piles du clavier faibles
L034=
L033=Réveiller
L032=Veille
L031=Arrêt
L030=Touche MF
L029=
L028=
L027=
L026=
L025=Actualiser www
L024=
L023=Bloc-notes
L022=Explorer
L021=Lecteur de Média
L020=Mes Documents
L019=Calculatrice
L018=Aide KeyMaestro
L017=Aide du système d’exploitation
L016=Favoris www
L015=Rechercher www
L014=Suivante www
L013=Précédente www
L012=Arrêt www
L011=www
L010=Email
L009=Ejecter/Fermer
L008=Piste précédente
L007=Piste suivante
L006=Arrêt
L005=Lecture /Pause
L004=Volume Bas
L003=Volume Haut
L002=Arrêt son
L001=Aucun
F067=0C:paint
F066=0B;mouse middle button
F065=0A;europe dollar(OF)
F064=0-;reply all(OF)
F063=09;eject 2
F062=08:help(OF)
F061=07;redo(OF)
F060=06;undo(OF)
F059=05;task pane(OF)
F058=04;send(OF)
F057=03;f'ward(OF)
F056=02;reply(OF)
F055=01;bullets(OF)
F054=00;spell(OF)
F053=z;bold(OF)
F052=y;replace(OF)
F051=x;save(OF)
F050=w;open(OF)
F049=v;new(OF)
F048=u;copy(OF)
F047=t;cut(OF)
F046=s;mark(OF)
F045=r;paste(OF)
F044=q;calendar(OF)
F043=p;power point(OF)
F042=o;excel(OF)
F041=n;word(OF)
F040=m;scroll down
F039=l;scroll up
F038=k;Configure
F037=j;keyboard and mouse battery low
F036=i;mouse battery low
F035=h;keyboard battery low
F034=g;keyboard and mouse battery OK
F033=f:wake up
F032=e:sleep
F031=d;power off
F030=c;mf
F029=b;app. close
F028=a;app. switch
F027=Z;log off
F026=Y;my computer
F025=X;refresh(AC)
F024=W;print(OF)
F023=V;notepad
F022=U;explorer
F021=T;mediaplayer
F020=S;my documents
F019=R;calculator
F018=Q;help(manual)
F017=P;help(OS)
F016=O;favorite(AC)
F015=N;search(AC)
F014=M;forward(AC)
F013=L;back(AC)
F012=K;stop(AC)
F011=J;www(AC)
F010=I;email(AL)
F009=H;eject
F008=G;previous track
F007=F;next track
F006=E;stop
F005=D;play
F004=C;volume down
F003=B;volume up
F002=A;mute
F001=-;none

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
SiSUSBRG=C:\WINDOWS\SiSUSBrg.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"

-osboot
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RoxioEngineUtility="C:\Program Files\Fichiers communs\Roxio

Shared\System\EngUtil.exe"
RoxioDragToDisc="C:\Program Files\Roxio\Easy CD Creator

6\DragToDisc\DrgToDsc.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optional

Components=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optional

Components\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optional

Components\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optional

Components\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------

Bonsoir,
voici le rapport usbfix



-------------- UsbFix V2.413.1 ---------------

* User : Corn‚lia Nobili - USER-4361BC0D6F
* Outils mis a jours le 24/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 22:56:23 le 27/11/2008
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Fichiers communs\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\DOCUME~1\CORNLI~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe
+- Listing des fichiers présents :

[22/10/2006 13:31][--a------] C:\AUTOEXEC.BAT
[22/10/2006 13:31][--a------] C:\delete.bat
[05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
[20/08/2008 18:50][---hs----] C:\boot.ini
[27/11/2008 20:16][--a------] C:\FindyKill.txt
[27/11/2008 20:16][--a------] C:\lopR.txt
[27/11/2008 20:16][--a------] C:\UsbFix.txt
[22/10/2006 13:31][--a------] C:\CONFIG.SYS
[22/10/2006 13:31][--a------] C:\hiberfil.sys
[22/10/2006 13:31][--a------] C:\IO.SYS
[22/10/2006 13:31][--a------] C:\MSDOS.SYS
[22/10/2006 13:31][--a------] C:\pagefile.sys

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
OM_Monitor=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
Yahoo! Pager="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\BtcMaestr

o=
ModelName=2003RF
Version=2.0.1-75AP MUL
Language=1 (0x1)
KeyboardID=0 (0x0)
MouseID=0 (0x0)
KeyboardSID=0 (0x0)
MouseSID=0 (0x0)
RMenuSel=0 (0x0)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\BtcMaestr

o\Config=
DisplayLabel=1 (0x1)
TaskbarIcon=1 (0x1)
Autoplay=1 (0x1)
L067=Paint
L066=Bouton central de la souris
L065=
L064=
L063=Ejecter/Fermer 2
L062=
L061=
L060=
L059=
L058=
L057=
L056=
L055=
L054=
L053=
L052=
L051=
L050=
L049=
L048=
L047=
L046=
L045=
L044=Calendrier
L043=Power Point
L042=Excel
L041=Word
L040=Défiler vers le bas
L039=Défiler vers le haut
L038=Configurer
L037=Piles du clavier et de la souris faibles
L036=Piles de la souris faibles
L035=Piles du clavier faibles
L034=
L033=Réveiller
L032=Veille
L031=Arrêt
L030=Touche MF
L029=
L028=
L027=
L026=
L025=Actualiser www
L024=
L023=Bloc-notes
L022=Explorer
L021=Lecteur de Média
L020=Mes Documents
L019=Calculatrice
L018=Aide KeyMaestro
L017=Aide du système d’exploitation
L016=Favoris www
L015=Rechercher www
L014=Suivante www
L013=Précédente www
L012=Arrêt www
L011=www
L010=Email
L009=Ejecter/Fermer
L008=Piste précédente
L007=Piste suivante
L006=Arrêt
L005=Lecture /Pause
L004=Volume Bas
L003=Volume Haut
L002=Arrêt son
L001=Aucun
F067=0C:paint
F066=0B;mouse middle button
F065=0A;europe dollar(OF)
F064=0-;reply all(OF)
F063=09;eject 2
F062=08:help(OF)
F061=07;redo(OF)
F060=06;undo(OF)
F059=05;task pane(OF)
F058=04;send(OF)
F057=03;f'ward(OF)
F056=02;reply(OF)
F055=01;bullets(OF)
F054=00;spell(OF)
F053=z;bold(OF)
F052=y;replace(OF)
F051=x;save(OF)
F050=w;open(OF)
F049=v;new(OF)
F048=u;copy(OF)
F047=t;cut(OF)
F046=s;mark(OF)
F045=r;paste(OF)
F044=q;calendar(OF)
F043=p;power point(OF)
F042=o;excel(OF)
F041=n;word(OF)
F040=m;scroll down
F039=l;scroll up
F038=k;Configure
F037=j;keyboard and mouse battery low
F036=i;mouse battery low
F035=h;keyboard battery low
F034=g;keyboard and mouse battery OK
F033=f:wake up
F032=e:sleep
F031=d;power off
F030=c;mf
F029=b;app. close
F028=a;app. switch
F027=Z;log off
F026=Y;my computer
F025=X;refresh(AC)
F024=W;print(OF)
F023=V;notepad
F022=U;explorer
F021=T;mediaplayer
F020=S;my documents
F019=R;calculator
F018=Q;help(manual)
F017=P;help(OS)
F016=O;favorite(AC)
F015=N;search(AC)
F014=M;forward(AC)
F013=L;back(AC)
F012=K;stop(AC)
F011=J;www(AC)
F010=I;email(AL)
F009=H;eject
F008=G;previous track
F007=F;next track
F006=E;stop
F005=D;play
F004=C;volume down
F003=B;volume up
F002=A;mute
F001=-;none

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
SiSUSBRG=C:\WINDOWS\SiSUSBrg.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"

-osboot
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RoxioEngineUtility="C:\Program Files\Fichiers communs\Roxio

Shared\System\EngUtil.exe"
RoxioDragToDisc="C:\Program Files\Roxio\Easy CD Creator

6\DragToDisc\DrgToDsc.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optional

Components=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optional

Components\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optional

Components\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optional

Components\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! -

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Mo

untPoints2\{e4678c72-bb82-11dc-b5a1-000b6ab28846}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------


--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste

/!\

[22/10/2006 13:31][--a------] C:\AUTOEXEC.BAT
[22/10/2006 13:31][--a------] C:\delete.bat
[05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
[20/08/2008 18:50][---hs----] C:\boot.ini

--------------- ! Fin du rapport ! ----------------

Bonsoir,
clic droit sur quoi?

Quand je clic dessus, il ne se passe rien

voici le rapport

Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== FILES ==========
c:\delete.bat moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local

Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local

Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be

deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local

Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary

Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted

on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_510.dat scheduled to be deleted

on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11282008_002133

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local

Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers

Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local

Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary

Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_510.dat scheduled to be moved

on reboot.

pas du tout

désolé, je dois partir tu peux m'indiquer la marche à suivre, on continuera la désinfection demain. Merci.

Bonjour,
voici le rapport hijac avant que la personne qui est à l'origine de l'infection reprenne l'ordi. Merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:10, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows

Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Fichiers communs\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers

communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio

Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator

6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS

Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager]

"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe (User 'User')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'User')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [Gluelite]

C:\DOCUME~1\User\APPLIC~1\MAGSAN~1\THUNKEXIT.exe (User 'User')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [ares] "C:\Program

Files\Ares\Ares.exe" -h (User 'User')
O4 - HKUS\S-1-5-21-1801674531-299502267-682003330-1004\..\Run: [AdobeUpdater]

"C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" (User

'User')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers

communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload

Tool) -

https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.

RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers

communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program

Files\Controle Parental\bin\optproxy.exe
O23 - Service: ProtexisLicensing - Unknown owner -

C:\WINDOWS\system32\PSIService.exe
O23 - Service: DelFax PRO (wfxsvc) - Symantec Corporation -

C:\WINDOWS\system32\WFXSVC.EXE