[virus] infection trojan et ver Fermé

Question

Bonjour tout le monde.
Ya deux jours Norton anti-virus a détecté un Trojan dans system 32, et après utilisation de Super ad-blocker, ca m'a trouvé  des choses genre Trojan.mezzia/resident, Trojan freeprod, trojan.downloader vs toolbar mais aussi un Worm.rbot variant.

Et a chaque demarrage de mon pc mon anti virus me met un message comme quoi il a détecté un trojan qui n'est jamais le meme!

aidez moi svp mes connaissances en informatique sont limitées.
merci d'avance.

^^Marie^^ · Answer

Bonjour,

Commencez par la case départ


virus methode preliminaire de desinfection version fr

A++

supermezcal · Answer

alors j'ai suivi les trois etapes sauf que le scan en ligne, et bien ca scannait et à la fin ca bloquait et rien se passait. 

sinon j'ai les deux autres rapports : 

ewido  : 

C:\Program Files\vmntoolbar\Cache\vmntoolbar1.1.zip/vmntoolbar.dll -> Adware.BHO : No action taken.
C:\Program Files\vmntoolbar\vmntoolbar.dll -> Adware.BHO : No action taken.
C:\Program Files\vmntoolbar\uninstall.exe -> Adware.VMN : No action taken.
C:\Documents and Settings\SpongeBob\Cookies\spongebob@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\SpongeBob\Cookies\spongebob@axa.addcontrol[1].txt -> TrackingCookie.Addcontrol : No action taken.
C:\Documents and Settings\SpongeBob\Cookies\spongebob@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\SpongeBob\Cookies\spongebob@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.


::Report end

et pour HIghjackthis : 

Logfile of HijackThis v1.99.1
Scan saved at 20:03:41, on 09/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NavNTtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\{E89C368F-0958-1036-0819-030305130021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Documents and Settings\SpongeBob\Bureau\Bazaar\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNTtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Merci d'avance !!!!

supermezcal · Answer

aussi a chaque fois que je demarre mon pc, mon zonelabs demande la connexion internet pour Update.exe. J'ai lu que c'etait un virus ou qqch dans ce genre.

Roger54 · Answer

Salut Supermezcal,

Tu peux déjà refaire ton scan Ewido, celui-ci n'est pas bon. 

Remarque : afin que le nettoyage soit efficace, il est impératif de régler ewido sur "deleted" pour chaque fichier infecté trouvé !

supermezcal · Answer

apres le premier scan ewido qui n'etait pas reglé sur delete j'ai effacé directement apres les fichiers infectés avec ediwo.

La j'ai refais un scan ediwo qui donne rien : 

 Scan result:	



C:\Documents and Settings\SpongeBob\Cookies\spongebob@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\SpongeBob\Cookies\spongebob@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\SpongeBob\Cookies\spongebob@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\SpongeBob\Cookies\spongebob@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.


::Report end

Mais pourtant j'ai toujours mon anti virus qui detecte un trojan a chaque demarrage et update.exe qui veut se connecter a internet.

a vrai dire je comprends rien... 
merci pour conseils!

supermezcal · Answer

Bon  ediwo ne trouve rien, bitdefender ne trouve rien pourtant un trojan est detecté par realtime scan avec norton a chaque demarrage de mon pc.

Logfile of HijackThis v1.99.1
Scan saved at 11:35:45, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NavNTtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\{E89C368F-0958-1036-0819-030305130021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\SpongeBob\Bureau\Bazaar\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNTtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

merci pour votre aide.

^^Marie^^ · Answer

Slt,

Tu l'as acheté Norton ??

A++

supermezcal · Answer

euh non, je l'ai de mon beau pere qui bosse a IBM.
je l'utilise depuis plus de 2ans et j'ai jamais eu de pb.
je fais les mises a jour toutes les semaines.

^^Marie^^ · Answer

Slt,

A ta place je mettrai ""Avast"" car Norton n'est pas très fiable...
Mais bon, faut pas contrarier "BÔ papa"" lol


https://sebsauvage.net/

supermezcal · Answer

lol
ok je vais mettre Avast.
merci.

je vous tiens au courant de mes pb.

^^Marie^^ · Answer

N'oublie pas de désinstaller Norton

Pour avast tu as ici aussi
antivirus gratuit lequel choisir

supermezcal · Answer

Apparement ca va mieux. merci
Mais a chaque fois que j'ouvre Firefox ca m'ouvre plein de fenetres disant que mon pc cours un risque genre Winantivirus, systemdoctor...

C'est quoi au juste? je peux y faire quelquechose? 
Merci

Regis59 · Answer

Salut,

Télécharge Blacklight (de F-Secure) a l’une des 2 adresses : 
https://www.f-secure.com/en 
https://www.f-secure.com/en 

et sauvegarde le sur ton Bureau. 

Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). 

Copie et colle le contenu de ce rapport dans ta prochaine réponse 

a+

supermezcal · Answer

le scan blacklight n'a rien trouvé
blacklight report : 

10/10/06 17:01:17 [Info]: BlackLight Engine 1.0.47 initialized
10/10/06 17:01:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/10/06 17:01:18 [Note]: 7019 4
10/10/06 17:01:18 [Note]: 7005 0
10/10/06 17:01:52 [Note]: 7006 0
10/10/06 17:01:52 [Note]: 7011 3580
10/10/06 17:01:53 [Note]: 7026 0
10/10/06 17:01:53 [Note]: 7026 0
10/10/06 17:01:59 [Note]: FSRAW library version 1.7.1020
10/10/06 17:07:47 [Note]: 4013 6879
10/10/06 17:07:47 [Note]: 4020 29 65536
10/10/06 17:07:47 [Note]: 4018 29 65536
10/10/06 17:07:47 [Note]: 4013 6879
10/10/06 17:07:47 [Note]: 4020 29 65536
10/10/06 17:07:47 [Note]: 4018 29 65536
10/10/06 17:08:47 [Note]: 4013 6879
10/10/06 17:08:47 [Note]: 4020 29 65536
10/10/06 17:08:47 [Note]: 4018 29 65536
10/10/06 17:08:47 [Note]: 4013 6879
10/10/06 17:08:47 [Note]: 4020 29 65536
10/10/06 17:08:47 [Note]: 4018 29 65536
10/10/06 17:08:53 [Note]: 2000 1012
10/10/06 17:08:53 [Note]: 2000 1012
10/10/06 17:09:40 [Note]: 7007 0

Regis59 · Answer

salut

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs 
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+

supermezcal · Answer

voila ce que me donne le silentrunner : 

"Silent Runners.vbs", revision 48, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"{E89C368F-0958-1036-0819-030305130021}" = ""C:\Program Files\Fichiers communs\{E89C368F-0958-1036-0819-030305130021}\Update.exe" mc-110-12-0000272" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\MSMSGS.EXE" /background" [MS]
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"SuperCopier.exe" = "C:\Program Files\SuperCopier\SuperCopier.exe" ["SFX TEAM"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Dell Wireless Manager UI" = "C:\WINDOWS\System32\WLTRAY" ["Dell Inc"]
"POINTER" = "point32.exe" [MS]
"NeroCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
"BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"vptray" = "C:\Program Files\NavNT\vptray.exe" ["Symantec Corporation"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
                                        \StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{FF9C7C65-C1C7-4FD8-AA91-4D4A67F8E7FB}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\gebby.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
  -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
  -> {HKLM...CLSID} = "My Logitech Pictures"
                   \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "Mes dossiers de partage"
                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! gebby\DLLName = "C:\WINDOWS\system32\gebby.dll" [null data]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]
INFECTION WARNING! winhuc32\DLLName = "winhuc32.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\SpongeBob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "SpongeBob" & "All Users" startup folders:
-----------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Integrity Client" -> shortcut to: "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" ["Zone Labs Inc."]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"HPpromotions psc 2350 series" -> launches: "C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe /N "psc 2350 series" -r" ["hp"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Dell Wireless WLAN Tray Service, wltrysvc, "C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe" [null data]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt10\Driver = "hpzlnt10.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 110 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 14 seconds.
---------- (total run time: 178 seconds)

Regis59 · Answer

Salut

Ca te derange pas si on fait un petit test avant de supprimer l infection?
Clik droit sur le programme hijack this et choisis renommer.
Renomme le en xxx.exe et valide puis lance le et donne moi le rapport

a+

supermezcal · Answer

voila j'ai fais comme t'as dis.

Logfile of HijackThis v1.99.1
Scan saved at 00:13:46, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SpongeBob\Bureau\Bazaar\highjackthis\xxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: (no name) - {FF9C7C65-C1C7-4FD8-AA91-4D4A67F8E7FB} - C:\WINDOWS\system32\gebby.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebby - C:\WINDOWS\system32\gebby.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhuc32 - winhuc32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNTtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

a+

Regis59 · Answer

Salut;

Télécharge VundoFix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 

Double-clique VundoFix.exe afin de le lancer. 
Coche Run VundoFix as a task. 
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok 
Clique sur le bouton Scan for Vundo. 
Lorsque le scan est complété, clique sur le bouton Remove Vundo. 
Une invite te demandera si tu veux supprimer les fichiers, clique YES 
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK 
Démarre ton PC à nouveau. 
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

A+

supermezcal · Answer

voila voila
alors le rapport Vundo : 


VundoFix V6.2.1

Checking Java version...

Sun Java not detected
Scan started at 13:12:43 11/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\gebby.dll
C:\WINDOWS\system32\ybbeg.ini
C:\WINDOWS\system32\ybbeg.bak1
C:\WINDOWS\system32\ybbeg.bak2
C:\WINDOWS\system32\ybbeg.ini2
C:\WINDOWS\system32\ybbeg.tmp

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\gebby.dll
C:\WINDOWS\system32\gebby.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\ybbeg.ini
C:\WINDOWS\system32\ybbeg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ybbeg.bak1
C:\WINDOWS\system32\ybbeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ybbeg.bak2
C:\WINDOWS\system32\ybbeg.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ybbeg.ini2
C:\WINDOWS\system32\ybbeg.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ybbeg.tmp
C:\WINDOWS\system32\ybbeg.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\gebby.dll
C:\WINDOWS\system32\gebby.dll Has been deleted!

Performing Repairs to the registry.
Done!


Yavait un fichier qui n'a pas pu etre supprimer la premiere fois. Le pc a redemarré puis ca m'a ouvert la fenetre Vundo et j'ai cliqué sur Remove Vundo, ca a redemarré mon pc encore un fois.



et puis le rapport Highjackthis : 

Logfile of HijackThis v1.99.1
Scan saved at 13:27:57, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\SpongeBob\Bureau\highjackthis\xxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: (no name) - {A9BD3D21-6A56-47C3-874A-785A90D2E903} - C:\WINDOWS\system32\gebby.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhuc32 - winhuc32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNTtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Encore merci! 
a+

Regis59 · Answer

Bonjour, 

Méthode à suivre dans l'ordre... 
---------------------------------------------------------------------------- 
¤Télécharge ces logiciels si tu ne les as pas mais que tu n‘utilises pas tout de suite: 

1/

Spybot S&D 1.4 
https://www.safer-networking.org/ 

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06 
https://www.adaware.com/ 
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc 
- installe le patch français, tu pourras le trouver ici: 
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe 
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf 

3/ Ewido: 

http://perso.orange.fr/entraide-hijackthis/Ewido/ 
 
Installation puis mises à jour. 
---------------------------------------------------------------------------- 
¤Affiche tous les fichiers et dossiers : 
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage 

Coche « afficher les fichiers et dossiers cachés » 

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décoche « masquer les extensions dont le type est connu » 
Puis fais «Ok» pour valider les changements. 

Et appliquer !
---------------------------------------------------------------------------- 
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file) 

O2 - BHO: (no name) - {A9BD3D21-6A56-47C3-874A-785A90D2E903} - C:\WINDOWS\system32\gebby.dll (file missing) 

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file) 

O20 - Winlogon Notify: winhuc32 - winhuc32.dll (file missing) 

---------------------------------------------------------------------------- 
¤Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5).  
----------------------------------------------------------------------------
¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
--------------------------------------------------------------------------------------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste.... 

Tiens-moi au courant 
 
A+

supermezcal · Answer

bon alors le rapport ewido :

 Created at:	00:47:49 12/10/2006

 + Scan result:	



C:\Program Files\Fichiers communs\{E89C368F-0958-1036-0819-030305130021}\services.dll -> Adware.Softomate : Cleaned.
:mozilla.71:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.72:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.88:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.32:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.33:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.78:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.79:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.66:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.70:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.17:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.12:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.13:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.14:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.15:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.94:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.48:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.49:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.18:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\SpongeBob\Application Data\Mozilla\Firefox\Profiles\ox4juflt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


et apres le hijackthis : 

Logfile of HijackThis v1.99.1
Scan saved at 01:08:05, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\SpongeBob\Bureau\highjackthis\xxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNTtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

En tout cas j'ai l'impression de plus avoir de pb!!
Alors un grand merci a tous ceux qui ont pris le temps de m'aider!

Merci beaucoup c'est vraiment sympa.

^^Marie^^ · Answer

Slt,

Passe un coup de Ccleaner pour alléger Ewido

C -  Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..) 
Télécharge ici : 
https://www.ccleaner.com/ccleaner/download 
Tutorial ici: 
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php 

Garde ce logiciel sous le coude
Passe le detemps en temps

A++

[virus] infection trojan et ver

23 réponses

Discussions similaires