Se connecter / S'enregistrer
Votre question

PLANTAGE DU PC

Tags :
  • Microsoft
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Avril 2008 01:31:14

bonsoir,
quequ'un peut m'aider svp ,
je n'y comprends pas ...
MERCI
rapport hitjack :
:\WINDOWS.2\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.2\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vtpzdfkqlfmexxmkawi.com/HmPfuELsvaVLg_Lj6meD...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NC NUMERICABLE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1ADB6B7B-EF1C-2ECA-D322-62550CD5274B} - (no file)
O2 - BHO: (no name) - {3B11A3DF-875B-4E8C-A3FA-C95553580BE4} - C:\WINDOWS.2\system32\opnnomMC.dll
O2 - BHO: {876fa810-4ea9-f9c9-7f24-b0f54a7fad84} - {48daf7a4-5f0b-42f7-9c9f-9ae4018af678} - C:\WINDOWS.2\system32\hspqeptv.dll
O2 - BHO: (no name) - {5157FDDF-F432-4D23-890C-EF2527BB8133} - C:\WINDOWS.2\system32\hgGvwwvv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {678E2AB9-D607-4618-824B-8F50AAC27E37} - C:\WINDOWS.2\system32\efcYOihg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS.2\system32\ddcBUkkj.dll
O2 - BHO: (no name) - {73EF4D73-669A-41DF-AD41-E024CEE6B23D} - C:\WINDOWS.2\system32\opnlLFWQ.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {848EE2C7-573E-47D6-9BB5-3EA7FD0FB369} - C:\WINDOWS.2\system32\xxyvusRL.dll
O2 - BHO: (no name) - {8B920E17-ABB1-4726-BA56-6858C801009E} - C:\WINDOWS.2\system32\fccddbxv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {996CEC26-600B-4300-A254-5C70F2BBB135} - C:\WINDOWS.2\system32\cbXOIyAP.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D2F5248F-717B-4B24-9AAA-5C6CB80498F0} - C:\WINDOWS.2\system32\ljJCtuSj.dll
O2 - BHO: (no name) - {D686C300-6115-47B2-8EE3-F73327005EB9} - C:\WINDOWS.2\system32\xxywXNeB.dll
O2 - BHO: (no name) - {E7378732-05D7-4559-97B7-FA7BA37AA27B} - C:\WINDOWS.2\system32\vtUnlLCS.dll
O2 - BHO: (no name) - {E7EF39A3-F8F8-4871-89D1-F19B6DF5C4F6} - C:\WINDOWS.2\system32\khfCstSM.dll
O2 - BHO: (no name) - {E892A739-4B51-42CE-97B0-C703810E75B4} - C:\WINDOWS.2\system32\nnnoPHwu.dll
O2 - BHO: (no name) - {F15F00EE-D0F5-494E-8024-56D1349A6303} - C:\WINDOWS.2\system32\awtrPhIb.dll
O2 - BHO: (no name) - {F39F2ABD-F3AB-4872-8EE0-C21E37285628} - C:\WINDOWS.2\system32\cbXPhifd.dll
O2 - BHO: (no name) - {F5F49A2A-DC1A-4BB2-804B-AB0E5CDD7E88} - C:\WINDOWS.2\system32\tuvVPigD.dll
O2 - BHO: (no name) - {FBEC2ACA-365B-4BE5-B892-D9BE70A04AEE} - C:\WINDOWS.2\system32\mlJYolkK.dll
O2 - BHO: (no name) - {FCCEC074-D257-4777-9277-6326391D4578} - C:\WINDOWS.2\system32\awtsRlMc.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.2\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.2\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS.2\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BOOK BITS GRID FORD] C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Mapi Meta Book Bits\Free Mapi.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [c8bea1af] rundll32.exe "C:\WINDOWS.2\system32\nbyevfou.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryEasy.exe] C:\Program Files\Registry Easy\RegistryEasy.exe
O4 - HKLM\..\Run: [BMcb8d9233] Rundll32.exe "C:\WINDOWS.2\system32\rufvkalp.dll",s
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.2\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: dBpowerAMP.lnk = C:\Program Files\Illustrate\dBpowerAMP\Amp.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: eFax Menu Temps Réel 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS.2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\ASUSTek\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.2\system32\nwprovau.dll
O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst_fr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_FR...
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP....
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0246780191f61ddb0e22/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/download.opis...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BA14D944-0D8C-4F16-A950-6E53EEBB558F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: ddcBUkkj - C:\WINDOWS.2\SYSTEM32\ddcBUkkj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.2\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.2\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\NORMAN\Nvc\BIN\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS.2\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 16766 bytes

Autres pages sur : plantage

9 Avril 2008 09:45:09

bonjour

tu es multi-infecté...

Télécharge MalwareByte's Anti-Malware et installe le.

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide


  • Lance MalwareByte's Anti-Malware et sélectionne "Exécuter un examen complet". Patiente le temps du scan.
  • Une fois le scan terminé,clique sur "Afficher les résultats" et enregistre le rapport sur ton Bureau.
  • Clique enfin sur "Supprimer la sélection".

    Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
    Aide




    10 Avril 2008 02:41:38

    merci beaucoup je viens de terminer voilà ce qu'il me reponds :
    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 604

    Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
    Eléments examinés: 139020
    Temps écoulé: 50 minute(s), 36 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 73
    Valeur(s) du Registre infectée(s): 7
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 149

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS.2\system32\cypnowwa.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS.2\system32\mlJBSlJB.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS.2\system32\ddcBUkkj.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c377e-8b8d-4c4d-bc07-a867e5180ae7} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{192c377e-8b8d-4c4d-bc07-a867e5180ae7} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1edfed27-82f7-46c8-b129-46fb0d548f96} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1edfed27-82f7-46c8-b129-46fb0d548f96} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28228bd2-df00-4b28-9881-0bdf7500f8d7} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{28228bd2-df00-4b28-9881-0bdf7500f8d7} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b11a3df-875b-4e8c-a3fa-c95553580be4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3b11a3df-875b-4e8c-a3fa-c95553580be4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5157fddf-f432-4d23-890c-ef2527bb8133} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5157fddf-f432-4d23-890c-ef2527bb8133} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{678e2ab9-d607-4618-824b-8f50aac27e37} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{678e2ab9-d607-4618-824b-8f50aac27e37} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70a44c6b-5492-45a8-8b3a-2828427176bf} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{70a44c6b-5492-45a8-8b3a-2828427176bf} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73ef4d73-669a-41df-ad41-e024cee6b23d} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{73ef4d73-669a-41df-ad41-e024cee6b23d} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{848ee2c7-573e-47d6-9bb5-3ea7fd0fb369} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{848ee2c7-573e-47d6-9bb5-3ea7fd0fb369} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b920e17-abb1-4726-ba56-6858c801009e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8b920e17-abb1-4726-ba56-6858c801009e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{996cec26-600b-4300-a254-5c70f2bbb135} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{996cec26-600b-4300-a254-5c70f2bbb135} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2f5248f-717b-4b24-9aaa-5c6cb80498f0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d2f5248f-717b-4b24-9aaa-5c6cb80498f0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d686c300-6115-47b2-8ee3-f73327005eb9} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d686c300-6115-47b2-8ee3-f73327005eb9} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7378732-05d7-4559-97b7-fa7ba37aa27b} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e7378732-05d7-4559-97b7-fa7ba37aa27b} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7ef39a3-f8f8-4871-89d1-f19b6df5c4f6} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e7ef39a3-f8f8-4871-89d1-f19b6df5c4f6} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e892a739-4b51-42ce-97b0-c703810e75b4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e892a739-4b51-42ce-97b0-c703810e75b4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f15f00ee-d0f5-494e-8024-56d1349a6303} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f15f00ee-d0f5-494e-8024-56d1349a6303} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f39f2abd-f3ab-4872-8ee0-c21e37285628} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f39f2abd-f3ab-4872-8ee0-c21e37285628} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5f49a2a-dc1a-4bb2-804b-ab0e5cdd7e88} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f5f49a2a-dc1a-4bb2-804b-ab0e5cdd7e88} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbec2aca-365b-4be5-b892-d9be70a04aee} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fbec2aca-365b-4be5-b892-d9be70a04aee} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fccec074-d257-4777-9277-6326391d4578} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fccec074-d257-4777-9277-6326391d4578} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbukkj (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594af7e-573b-40df-8165-e47ab2eaefe8} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3947ac1d-db09-4353-bbcc-55b97f5035ef} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0e594d22-ace6-43a2-bcda-bb7c65d3fe8c} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31ddc1fd-cea3-4837-a6dc-87e67015adc9} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469c7080-8ec8-43a6-ad97-45848113743c} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{ba14d944-0d8c-4f16-a950-6e53eebb558f} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{4a3d609a-43b8-4406-b793-84f244246325} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\AppID\webinst.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcb8d9233 (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows.2\system32\mljbsljb.dll -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS.2\system32\aibapvso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\osvpabia.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\awpsrosw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\wsorspwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\awtrPhIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\bIhPrtwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\bIhPrtwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\awtsRlMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\cMlRstwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\cMlRstwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\cbuqcfkx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\xkfcqubc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\cbXOIyAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\PAyIOXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\PAyIOXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\cbXPhifd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\dfihPXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\dfihPXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\cypnowwa.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS.2\system32\awwonpyc.ini (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS.2\system32\deepwdwj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jwdwpeed.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\efcYOihg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ghiOYcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ghiOYcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\efdjsmgp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\pgmsjdfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ehfvkohb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\bhokvfhe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\eijkqfaq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\qafqkjie.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\fccddbxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\vxbddccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\vxbddccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\fryyhtsi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\isthyyrf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\gwvvowbw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\wbwovvwg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\hgGvwwvv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\vvwwvGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\vvwwvGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jeilslpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\eplsliej.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jkkJcAPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\hPAcJkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\hPAcJkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jugewrkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\wkrweguj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\khfCstSM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\MStsCfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\MStsCfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ktrlwutk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ktuwlrtk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\lefixdhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\khdxifel.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ljJCtuSj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jSutCJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jSutCJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ljJDVpND.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\DNpVDJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\DNpVDJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\lyyauhcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\rchuayyl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\mlJBSlJB.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS.2\system32\BJlSBJlm.ini (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS.2\system32\BJlSBJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\mlJYolkK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\KkloYJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\KkloYJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\nbyevfou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\uofveybn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\nnnljjHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\YHjjlnnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\YHjjlnnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\nnnoPHwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\uwHPonnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\uwHPonnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\nnnoPJYQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\QYJPonnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\QYJPonnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\nvvihffn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\nffhivvn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\opnlLFWQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\QWFLlnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\QWFLlnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\opnnomMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\CMmonnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\CMmonnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\pbqkyici.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\iciykqbp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\pemqctqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\pqtcqmep.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\qolhjttp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\pttjhloq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\qwstxdfw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\wfdxtswq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\qwuvptlj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jltpvuwq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\qxjxgrob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\borgxjxq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\tfjyvspy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ypsvyjft.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\tuvVPigD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\DgiPVvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\DgiPVvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\vhogwrnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\fnrwgohv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\vtUlKCsP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\PsCKlUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\PsCKlUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\vtUnlLCS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\SCLlnUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\SCLlnUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\wlgjdqrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\lrqdjglw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\wqwyjhmi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\imhjywqw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\wvUkKdax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\xadKkUvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\xadKkUvw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\xcnoimkc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ckmioncx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\xdiwmtqd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\dqtmwidx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\xxyvusRL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\LRsuvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\LRsuvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\xxywXNeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\BeNXwyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\BeNXwyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ddcBUkkj.dll (Trojan.Vundo) -> Delete on reboot.
    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP201\A0278622.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP201\A0284662.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\dtwcjund.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\lyrabvxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\orariwet.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\Save\ReadMe.txt (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jchdflrf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS.2\Downloaded Program Files\EGAUTH.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\Downloaded Program Files\nethv32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\eglivecam_1028.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\mseggrpid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\lbhmarwu_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\lbhmarwu_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
    Contenus similaires
    10 Avril 2008 03:20:36

    re bonsoir,
    je viens de redemarrer l'ordi en mode normal comme il me demandait ( apres le scan )et il a mis au moins dix minutes et pendant qqu'il demarrait un ecran bleu est apparu et je dois redemarrer en mode ss echec!!!
    je sais plus quoi faire...
    10 Avril 2008 13:06:36

    bonjour

    le pc ne démarre plus qu'en mode sans echec?
    c'est ça?

    le rapport Malwarebytes' Anti-Malware 1.11 n'est pas complet.
    tu peux me le poster en entier?

    ajoute un log hijackthis stp, en mode sans echec avec prise en charge réseau s'il le faut.
    10 Avril 2008 15:01:45

    Bonjour et merci encore de m'aider,
    c'est tout ce que j'avais ,le pc démarre mais au bout de 10 minutes j'ai un écran bleu...
    sinon depuis ce matin j'ai fait (pendant 2 heures )un scan kaspersky,ci joint le rapport:
    KASPERSKY ON-LINE SCANNER REPORT
    Thursday, April 10, 2008 2:47:23 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 10/04/2008
    Enregistrements dans la base antivirus Kaspersky : 624072


    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai

    Cible de l'analyse Poste de travail
    A:\
    C:\
    D:\
    E:\

    Statistiques de l'analyse
    Total d'objets analysés 106787
    Nombre de virus trouvés 3
    Nombre d'objets infectés 113 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 02:36:59

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Microsoft\Crypto\DSS\MachineKeys\ed0769703acd1b0032b689427c09ba2f_0b3d5989-24bb-4e27-8a76-d866af8399fb L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\Bureau\Defenza AntiSpyware 1\Defenza AntiSpyware 1.exe Infecté : Trojan-Downloader.Win32.Bagle.mn ignoré

    C:\Documents and Settings\Propriétaire\Cookies\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\MSHist012008041020080411\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\71TTXS15\hlp[1] Infecté : Packed.Win32.Monder.gen ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\AZSXFXKY\index[1] Infecté : Packed.Win32.Monder.gen ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ITWDHUWI\index[1] Infecté : Packed.Win32.Monder.gen ignoré

    C:\Documents and Settings\Propriétaire\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\Propriétaire\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Program Files\eMule\Incoming\Defenza AntiSpyware 1.zip/Defenza AntiSpyware 1.exe Infecté : Trojan-Downloader.Win32.Bagle.mn ignoré

    C:\Program Files\eMule\Incoming\Defenza AntiSpyware 1.zip ZIP: infecté - 1 ignoré

    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet Infecté : Trojan-Downloader.Win32.Bagle.mn ignoré

    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP201\A0278620.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP201\A0278621.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP201\A0284659.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP201\A0284660.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP201\A0299676.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP202\A0301686.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP202\A0309948.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0316966.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327061.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327063.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327069.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327075.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327079.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327081.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327083.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327087.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327089.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327093.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327097.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327101.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327103.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327109.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327113.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327121.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327127.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327129.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327131.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327133.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327135.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327137.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327139.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327143.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327149.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327151.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327155.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327157.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327163.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327164.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327165.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\change.log L'objet est verrouillé ignoré

    C:\WINDOWS.2\Debug\PASSWD.LOG L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\ansguqhu.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\avwxicxw.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\bhmpaqab.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\bplbtnpu.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\bynrkksw.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\cmweurqo.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\config\Antivirus.Evt L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\default L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\default.LOG L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\Internet.evt L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\SAM L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\SAM.LOG L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\SECURITY L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\software L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\software.LOG L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\system L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\config\system.LOG L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\cypnowwa.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\cyybtbnn.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\dcmkhacr.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ddcBUkkj.dll Infecté : Trojan.Win32.Agent.jga ignoré

    C:\WINDOWS.2\system32\drfmpimd.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\dtvliray.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ehkuwaba.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\elccnimo.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\fdenpxep.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\gemajfgu.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\hbcelmtr.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\hbhpyjfn.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\hebtukal.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\hnckkdha.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\hspqeptv.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\idvogolq.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ihvmnobp.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ilstnlgv.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\iqamxemo.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ivokfcvl.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\jisifxsc.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\jkiiggve.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\kibapenq.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\kluwqlaw.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\leolotxq.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\lwhffxsm.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\mcvrlcrd.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\mecdpaao.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\mmmbkdyr.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\mndorpur.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\mxmxswqk.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\nmsbvmxj.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\odgycibs.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\olpnesfc.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\opstidul.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ovxuxoja.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\owxvwrsc.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\oxslhopt.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\pmuwwrfs.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\poclraak.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\prrthqhm.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\psbxauds.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\qdlbxqof.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\rufvkalp.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\sfkafwjj.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\sgslaprg.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\slmmqmcw.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\sstqbhok.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\thgvimde.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\tjqabgkt.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ttackbpn.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\uitemjqr.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\umqrwaoe.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\uyawypte.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\vqawtnbe.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

    C:\WINDOWS.2\system32\wfegrnee.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\xbwmfkwc.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\xlsuxuwg.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\xswrawby.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ybyufxse.dll Infecté : Packed.Win32.Monder.gen ignoré

    C:\WINDOWS.2\system32\ykwcdonf.dll Infecté : Packed.Win32.Monder.gen ignoré

    Analyse terminée.
    merci et je vais de ce pas faire hijackthis en mode sans echec.
    10 Avril 2008 15:23:46

    re, c'est encore moi je poste donc le hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:19:39, on 10/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\SYSTEM32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS.2\system32\ctfmon.exe
    C:\WINDOWS.2\system32\rundll32.exe
    C:\WINDOWS.2\system32\rundll32.exe
    C:\WINDOWS.2\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ITWDHUWI\HiJackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vtpzdfkqlfmexxmkawi.com/HmPfuELsvaVLg_Lj6meD...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NC NUMERICABLE
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1ADB6B7B-EF1C-2ECA-D322-62550CD5274B} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS.2\SYSTEM32\ddcBUkkj.dll
    O2 - BHO: (no name) - {71C9ACAA-D1C1-4511-8CAD-954458460AAD} - C:\WINDOWS.2\system32\jkkLCvsp.dll
    O2 - BHO: {ca5c5c14-e48f-862b-b8c4-f3e1b85830c7} - {7c03858b-1e3f-4c8b-b268-f84e41c5c5ac} - C:\WINDOWS.2\system32\psmvrnmd.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D57520AF-94FD-4DC2-84DB-7EF0E5FA1E26} - C:\WINDOWS.2\system32\qoMeDTnL.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.2\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.2\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS.2\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
    O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BOOK BITS GRID FORD] C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Mapi Meta Book Bits\Free Mapi.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [c8bea1af] rundll32.exe "C:\WINDOWS.2\system32\kluwqlaw.dll",b
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [RegistryEasy.exe] C:\Program Files\Registry Easy\RegistryEasy.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BMcb8d9233] Rundll32.exe "C:\WINDOWS.2\system32\nokjjweb.dll",s
    O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.2\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: dBpowerAMP.lnk = C:\Program Files\Illustrate\dBpowerAMP\Amp.exe
    O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
    O4 - Global Startup: eFax Menu Temps Réel 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GTray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS.2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\ASUSTek\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows.2\system32\nwprovau.dll
    O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0246780191f61ddb0e22/netzip...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/download.opis...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: ddcBUkkj - C:\WINDOWS.2\SYSTEM32\ddcBUkkj.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.2\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.2\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\NORMAN\Nvc\BIN\nvcoas.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS.2\system32\pctspk.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 15094 bytes
    MERCI
    10 Avril 2008 16:13:16

    re,
    je viens de refaire un scan malwarebyte's :
    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 604

    Type de recherche: Examen rapide
    Eléments examinés: 63304
    Temps écoulé: 18 minute(s), 12 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 19
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 18

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS.2\system32\ssqNEwUK.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS.2\system32\ddcBUkkj.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1fc2a9db-0ea6-4f13-8a97-e50d78cad041} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{1fc2a9db-0ea6-4f13-8a97-e50d78cad041} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c9acaa-d1c1-4511-8cad-954458460aad} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{71c9acaa-d1c1-4511-8cad-954458460aad} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d57520af-94fd-4dc2-84db-7ef0e5fa1e26} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d57520af-94fd-4dc2-84db-7ef0e5fa1e26} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbukkj (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcb8d9233 (Trojan.Agent) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS.2\system32\cypnowwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\awwonpyc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\jkkLCvsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\psvCLkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\psvCLkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\kluwqlaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\walqwulk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\qoMeDTnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\LnTDeMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\LnTDeMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\qoMffCuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\UuCffMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\UuCffMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ssqNEwUK.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS.2\system32\KUwENqss.ini (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS.2\system32\KUwENqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.2\system32\ddcBUkkj.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS.2\system32\tvoeomuc.dll (Trojan.Agent) -> Delete on reboot.
    c'est tout ce qu'il m'affiche....
    merci
    10 Avril 2008 23:38:16

    bonsoir, tu es vraiment bien infecté...
    je te préviens, je vais faire tout mon possible pour te désinfecter, mais il est envisageable que ça se termine par un format.

    désinstalle avast, un seul antivirus suffit.


    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

    1

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vtpzdfkqlfmexxmkawi.com [...] js7mzI.htm
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS.2\SYSTEM32\ddcBUkkj.dll
    O2 - BHO: (no name) - {71C9ACAA-D1C1-4511-8CAD-954458460AAD} - C:\WINDOWS.2\system32\jkkLCvsp.dll
    O2 - BHO: {ca5c5c14-e48f-862b-b8c4-f3e1b85830c7} - {7c03858b-1e3f-4c8b-b268-f84e41c5c5ac} - C:\WINDOWS.2\system32\psmvrnmd.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {D57520AF-94FD-4DC2-84DB-7EF0E5FA1E26} - C:\WINDOWS.2\system32\qoMeDTnL.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
    O4 - HKLM\..\Run: [BOOK BITS GRID FORD] C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Mapi Meta Book Bits\Free Mapi.exe
    O4 - HKLM\..\Run: [c8bea1af] rundll32.exe "C:\WINDOWS.2\system32\kluwqlaw.dll",b
    O4 - HKLM\..\Run: [BMcb8d9233] Rundll32.exe "C:\WINDOWS.2\system32\nokjjweb.dll",s
    O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/ [...] 1.14.0.cab
    O20 - Winlogon Notify: ddcBUkkj - C:\WINDOWS.2\SYSTEM32\ddcBUkkj.dll



    Clique sur Fix checked (en bas à gauche)

    2

    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\Documents and Settings\Propriétaire\Bureau\Defenza AntiSpyware 1\Defenza AntiSpyware 1.exe
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\71TTXS15\hlp[1]
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\AZSXFXKY\index[1]
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ITWDHUWI\index[1]
    C:\Program Files\eMule\Incoming\Defenza AntiSpyware 1.zip
    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    C:\WINDOWS.2\system32\ansguqhu.dll
    C:\WINDOWS.2\system32\avwxicxw.dll
    C:\WINDOWS.2\system32\bhmpaqab.dll
    C:\WINDOWS.2\system32\bplbtnpu.dll
    C:\WINDOWS.2\system32\bynrkksw.dll
    C:\WINDOWS.2\system32\cmweurqo.dll
    C:\WINDOWS.2\system32\cypnowwa.dll
    C:\WINDOWS.2\system32\cyybtbnn.dll
    C:\WINDOWS.2\system32\dcmkhacr.dll
    C:\WINDOWS.2\system32\ddcBUkkj.dll
    C:\WINDOWS.2\system32\drfmpimd.dll
    C:\WINDOWS.2\system32\dtvliray.dll
    C:\WINDOWS.2\system32\ehkuwaba.dll
    C:\WINDOWS.2\system32\elccnimo.dll
    C:\WINDOWS.2\system32\fdenpxep.dll
    C:\WINDOWS.2\system32\gemajfgu.dll
    C:\WINDOWS.2\system32\hbcelmtr.dll
    C:\WINDOWS.2\system32\hbhpyjfn.dll
    C:\WINDOWS.2\system32\hebtukal.dll
    C:\WINDOWS.2\system32\hnckkdha.dll
    C:\WINDOWS.2\system32\hspqeptv.dll
    C:\WINDOWS.2\system32\idvogolq.dll
    C:\WINDOWS.2\system32\ihvmnobp.dll
    C:\WINDOWS.2\system32\ilstnlgv.dll
    C:\WINDOWS.2\system32\iqamxemo.dll
    C:\WINDOWS.2\system32\ivokfcvl.dll
    C:\WINDOWS.2\system32\jisifxsc.dll
    C:\WINDOWS.2\system32\jkiiggve.dll
    C:\WINDOWS.2\system32\kibapenq.dll
    C:\WINDOWS.2\system32\kluwqlaw.dll
    C:\WINDOWS.2\system32\leolotxq.dll
    C:\WINDOWS.2\system32\lwhffxsm.dll
    C:\WINDOWS.2\system32\mcvrlcrd.dll
    C:\WINDOWS.2\system32\mecdpaao.dll
    C:\WINDOWS.2\system32\mmmbkdyr.dll
    C:\WINDOWS.2\system32\mndorpur.dll
    C:\WINDOWS.2\system32\mxmxswqk.dll
    C:\WINDOWS.2\system32\nmsbvmxj.dll
    C:\WINDOWS.2\system32\odgycibs.dll
    C:\WINDOWS.2\system32\olpnesfc.dll
    C:\WINDOWS.2\system32\opstidul.dll
    C:\WINDOWS.2\system32\ovxuxoja.dll
    C:\WINDOWS.2\system32\owxvwrsc.dll
    C:\WINDOWS.2\system32\oxslhopt.dll
    C:\WINDOWS.2\system32\pmuwwrfs.dll
    C:\WINDOWS.2\system32\poclraak.dll
    C:\WINDOWS.2\system32\prrthqhm.dll
    C:\WINDOWS.2\system32\psbxauds.dll
    C:\WINDOWS.2\system32\qdlbxqof.dll
    C:\WINDOWS.2\system32\rufvkalp.dll
    C:\WINDOWS.2\system32\sfkafwjj.dll
    C:\WINDOWS.2\system32\sgslaprg.dll
    C:\WINDOWS.2\system32\slmmqmcw.dll
    C:\WINDOWS.2\system32\sstqbhok.dll
    C:\WINDOWS.2\system32\thgvimde.dll
    C:\WINDOWS.2\system32\tjqabgkt.dll
    C:\WINDOWS.2\system32\ttackbpn.dll
    C:\WINDOWS.2\system32\uitemjqr.dll
    C:\WINDOWS.2\system32\umqrwaoe.dll
    C:\WINDOWS.2\system32\uyawypte.dll
    C:\WINDOWS.2\system32\vqawtnbe.dll
    C:\WINDOWS.2\system32\wfegrnee.dll
    C:\WINDOWS.2\system32\xbwmfkwc.dll
    C:\WINDOWS.2\system32\xlsuxuwg.dll
    C:\WINDOWS.2\system32\xswrawby.dll
    C:\WINDOWS.2\system32\ybyufxse.dll
    C:\WINDOWS.2\system32\ykwcdonf.dll


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    3

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    4

    ajoute un nouveau rapport Hijackthis.
    11 Avril 2008 03:33:08

    bonjour,
    j'ai fait ce que tu m'as dis et je crois qu'il a pas terminé le combo,j'ai pas eu de rapport...
    aprés j'ai fait un hijackthis que voilà :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:28:14, on 11/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS.2\Explorer.EXE
    C:\WINDOWS.2\system32\ctfmon.exe
    C:\WINDOWS.2\system32\rundll32.exe
    C:\WINDOWS.2\system32\rundll32.exe
    C:\WINDOWS.2\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.2\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.2\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS.2\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
    O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [RegistryEasy.exe] C:\Program Files\Registry Easy\RegistryEasy.exe
    O4 - HKLM\..\Run: [c8bea1af] rundll32.exe "C:\WINDOWS.2\system32\henottfm.dll",b
    O4 - HKLM\..\Run: [BMcb8d9233] Rundll32.exe "C:\WINDOWS.2\system32\fwcantov.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.2\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: dBpowerAMP.lnk = C:\Program Files\Illustrate\dBpowerAMP\Amp.exe
    O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
    O4 - Global Startup: eFax Menu Temps Réel 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GTray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS.2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\ASUSTek\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows.2\system32\nwprovau.dll
    O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0246780191f61ddb0e22/netzip...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.2\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.2\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\NORMAN\Nvc\BIN\nvcoas.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS.2\system32\pctspk.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 12935 bytes
    merci
    en fait apres le combo il a redemarré en mode normal et il est pas allé jusqu'au bout aprés le hijackthis j'ai rien fixé...
    11 Avril 2008 13:27:38

    bonjour
    en gros tu as fait la moitié de ce que je te demandais.-_-

    recommence la procédure en entier et en commençant par le début.
    plus tu perds de temps, plus tu vas vers un formatage. (vu ton infection)
    11 Avril 2008 21:16:52

    bonsoir et merci,
    ca marche mieux c'est un peu lent mais bon ca marche,je suis desolé j'ai pas eu le rapport,sinon j'ai avast et kerio en meme temps c'est bon ou pas ?
    merci encore
    11 Avril 2008 21:24:48

    bonsoir

    tu ne sembles pas comprendre... :) 

    ton PC est en sursis! là, tu fais du bricolage en faisant la moitié des choses. l'infection va se recharger sur ton pc en quelques jours et il faudra tout reprendre. (au risque que le pc se bloque complètement)
    Fais tout ce que je te demande.
    11 Avril 2008 21:46:03

    ok alors je refais quoi exactement..
    11 Avril 2008 22:05:11

    re,bonsoir :

    voila je viens de faire un hijackthis sans fixed,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:03, on 2008-04-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.2\System32\smss.exe
    C:\WINDOWS.2\system32\winlogon.exe
    C:\WINDOWS.2\system32\services.exe
    C:\WINDOWS.2\system32\lsass.exe
    C:\WINDOWS.2\system32\Ati2evxx.exe
    C:\WINDOWS.2\system32\svchost.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.2\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS.2\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS.2\system32\Ati2evxx.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS.2\system32\pctspk.exe
    C:\WINDOWS.2\system32\ezSP_Px.exe
    C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
    C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS.2\system32\atiptaxx.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS.2\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\eFax Messenger Plus 3.2\J2GDllCmd.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS.2\system32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS.2\system32\rundll32.exe
    C:\WINDOWS.2\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS.2\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.2\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.2\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS.2\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
    O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [RegistryEasy.exe] C:\Program Files\Registry Easy\RegistryEasy.exe
    O4 - HKLM\..\Run: [BMcb8d9233] Rundll32.exe "C:\WINDOWS.2\system32\yulaiubl.dll",s
    O4 - HKLM\..\Run: [c8bea1af] rundll32.exe "C:\WINDOWS.2\system32\nwcfgfnt.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.2\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: dBpowerAMP.lnk = C:\Program Files\Illustrate\dBpowerAMP\Amp.exe
    O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
    O4 - Global Startup: eFax Menu Temps Réel 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 3.2.lnk = C:\Program Files\eFax Messenger Plus 3.2\J2GTray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS.2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\ASUSTek\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows.2\system32\nwprovau.dll
    O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0246780191f61ddb0e22/netzip...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.2\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.2\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\NORMAN\Nvc\BIN\nvcoas.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS.2\system32\pctspk.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 14852 bytes
    12 Avril 2008 13:13:01

    bonjour

    tu fais toute ma procédure, 1,2,3,4 du 10-04-2008 à 23:38:16
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS