probleme d'infection ??? Résolu/Fermé

Question

Bonjour,
bonjour sur mon pc j'ai avg antispyware, avast antivirus,ad-wareSE personal, c cleaner et a chaque fois que je vais sur internet je reçois un message de sécurité windows me disant que je suis infecté comment sa ce fait. pouvez-vous m'aider svp je vous en remerci d'avance.

clownface · Answer

Bonjour,

commences par faire l'option 1 de navilog : explications --> http://www.commentcamarche.net/faq/sujet 2490 popups ouverture de fen tres internet publicitaires pop up
postes le rapport.

ginoflar · Answer

j'ai un rapport hisjackis jsé pa koi sa peut t'aidé?

clownface · Answer

ça pourra aider après.
pour le moment j'aimerai voir le rapport de navilog

ginoflar · Answer

je n'y arrive pas a ouvrir le fichier a la premier étape de navilog

clownface · Answer

as-tu bien suivi ces étapes ?

# Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
# Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
# Faire un clic droit sur navilog1.zip et choisir "tout extraire"
# Double-cliquez sur navilog1.bat
# Arriver au menu principal, choisir l'option 1 et valider.
# Patientez jusqu'au message : Analyse Termine le ...
# Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt) 

pourquoi n'arrives-tu pas à l'ouvrir ? as-tu un message ?

ginoflar · Answer

Search Navipromo version 3.3.4 commencé le 03/11/2007 à 14:02:28,21

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 


*** Recherche Programmes installés ***


InternetGameBox 


*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox trouvé !


*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Sabrina\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\wxovaxlav.dat
C:\WINDOWS\system32\wxovaxlav.exe
C:\WINDOWS\system32\wxovaxlav_nav.dat
C:\WINDOWS\system32\wxovaxlav_navps.dat

Processus caché(s) :

C:\WINDOWS\system32\wxovaxlav.exe


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1 *



*** Recherche fichiers *** 


C:\DOCUME~1\SABRINA\BUREAU\InternetGameBox.lnk trouvé !
C:\WINDOWS\system32
vs2.inf trouvé !
C:\WINDOWS\prefetch\INTERNETGAMEBOX.EXE-1EE9EDEF.pf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\abadd.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\gfhkj.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\hjllm.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\kjjlm.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\pqtss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\wvvwa.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\abadd.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\gfhkj.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\wvvwa.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche Heuristique :

C:\WINDOWS\system32\wxovaxlav.dat trouvé !

C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1\cajipfdsia.dat trouvé !
C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1\cajipfdsia_nav.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse terminée le 03/11/2007 à 14:03:31,70 ***

ginoflar · Answer

voila sa doit etre sa merci

clownface · Answer

ok 

 continues par ceci :
   
          o Double-cliquer sur navilog1.bat
          o Arriver au menu principal, choisir l'option 2 et valider.
          o Indiquer le mode de nettoyage "automatique"
          o Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
          o Patienter jusqu'au message : Nettoyage Termine le ...
          o Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
          o Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt)

NB : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches.
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter,
Taper explorer et valider.

copie/colles le rapport

ginoflar · Answer

Clean Navipromo version 3.3.4 commencé le 03/11/2007 à 14:50:30,04

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180

Mode suppression automatique 


*** Creation backups fichiers trouvés par Catchme *** 

Copie vers "C:\Program Files
avilog1\Backupnavi"

Copie C:\WINDOWS\system32\wxovaxlav.dat réalisé avec succès ! 
Copie C:\WINDOWS\system32\wxovaxlav.exe réalisé avec succès ! 
Copie C:\WINDOWS\system32\wxovaxlav_nav.dat réalisé avec succès ! 
Copie C:\WINDOWS\system32\wxovaxlav_navps.dat réalisé avec succès ! 

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\wxovaxlav.dat supprimé ! 
C:\WINDOWS\system32\wxovaxlav.exe supprimé ! 
C:\WINDOWS\system32\wxovaxlav_nav.dat supprimé ! 
C:\WINDOWS\system32\wxovaxlav_navps.dat supprimé ! 
 
** 2ème passage avec résultats Catchme ** 

C:\WINDOWS\prefetch\wxovaxlav*.pf trouvé ! 
Copie C:\WINDOWS\prefetch\wxovaxlav*.pf réalisé avec succès !
C:\WINDOWS\prefetch\wxovaxlav*.pf supprimé !

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1 *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox ...suppression... 
C:\Program Files\InternetGameBox supprimé ! 


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Sabrina\Application Data ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\DOCUME~1\SABRINA\BUREAU\InternetGameBox.lnk supprimé !
C:\WINDOWS\system32
vs2.inf supprimé !
C:\WINDOWS\INTERNETGAMEBOX.EXE-1EE9EDEF.pf supprimé !    

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Sabrina\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\abadd.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\gfhkj.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\hjllm.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\kjjlm.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\pqtss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\wvvwa.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\abadd.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\gfhkj.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\wvvwa.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche, création sauvegardes et suppression Heuristique :

C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1\cajipfdsia.dat trouvé !
Copie C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1\cajipfdsia.dat réalisé avec succès !
C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1\cajipfdsia.dat supprimé !

C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1\cajipfdsia_nav.dat trouvé !
Copie C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1\cajipfdsia_nav.dat réalisé avec succès !
C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1\cajipfdsia_nav.dat supprimé !


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 03/11/2007 à 14:56:10,48 ***

ginoflar · Answer

voila sa doit etre sa

ginoflar · Answer

par contre la base de donné de virus (avast) n' pa pu ce metre a jour comment sa ce fé?

clownface · Answer

pour avast certainement qu'il y a eu une erreur pendant la mise à jour..

on va devoir continuer avec ces manip : http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde
commences par vundofix et postes le rapport

ginoflar · Answer

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 15:30:12 03/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\jkhfg.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Has been deleted!

Performing Repairs to the registry.
Done!

ginoflar · Answer

sa veu dire ke cé bien sa non?

ginoflar · Answer

c'est 4 truc c'étais des virus?

ginoflar · Answer

la suite va etre longue? sa va menpeché de me servir de lordi ou pas?

clownface · Answer

c'est 4 truc était un trojan...
la suite va dépendre de ton pc,
non ça t'empeche pas de te servir de ton pc, mais tant qu'il est infecté il est vulnérable.

il faut continuer avec http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#2eme methode virtumundobegone
certains fichiers trouvés par navilog n'ont pas été traité encore...

postes le rapport
+ un hijackthis quand ça sera terminé

ginoflar · Answer

[11/03/2007, 17:12:12] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\Sabrina\MESDOC~1\SWANNY~1\virtumundobegone.exe" )
[11/03/2007, 17:12:18] - Detected System Information:
[11/03/2007, 17:12:18] -  Windows Version: 5.1.2600, Service Pack 2
[11/03/2007, 17:12:18] -  Current Username: Sabrina (Admin)
[11/03/2007, 17:12:18] -  Windows is in NORMAL mode.
[11/03/2007, 17:12:18] - Searching for Browser Helper Objects:
[11/03/2007, 17:12:18] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/03/2007, 17:12:18] -  BHO 2: {04A0814E-8CE0-43FE-9190-D524A546F9B1} ()
[11/03/2007, 17:12:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/03/2007, 17:12:18] -  Checking for HKLM\...\Winlogon\Notify\jkhfg
[11/03/2007, 17:12:18] -  Key not found: HKLM\...\Winlogon\Notify\jkhfg, continuing.
[11/03/2007, 17:12:18] -  BHO 3: {100EB1FD-D03E-47FD-81F3-EE91287F9465} (ShoppingReport)
[11/03/2007, 17:12:18] -  BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[11/03/2007, 17:12:18] -  BHO 5: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[11/03/2007, 17:12:18] -  BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/03/2007, 17:12:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/03/2007, 17:12:18] -  No filename found. Continuing.
[11/03/2007, 17:12:18] -  BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/03/2007, 17:12:18] -  BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/03/2007, 17:12:18] -  BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/03/2007, 17:12:18] -  BHO 10: {b5146c40-189a-4311-bda9-fbae3e023187} (Multi Media Toolbar)
[11/03/2007, 17:12:18] -  BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/03/2007, 17:12:18] -  BHO 12: {ef30a05f-6eb6-4818-815b-29208c3508d7} ()
[11/03/2007, 17:12:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/03/2007, 17:12:18] -  Checking for HKLM\...\Winlogon\Notify\acsouone
[11/03/2007, 17:12:18] -  Key not found: HKLM\...\Winlogon\Notify\acsouone, continuing.
[11/03/2007, 17:12:18] - Finished Searching Browser Helper Objects
[11/03/2007, 17:12:18] - Finishing up...
[11/03/2007, 17:12:18] - Nothing found! Exiting...

ginoflar · Answer

jsé pas si c'est sa!

ginoflar · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:24, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04A0814E-8CE0-43FE-9190-D524A546F9B1} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {7d8053c8-0292-b518-8184-6be6f50a03fe} - {ef30a05f-6eb6-4818-815b-29208c3508d7} - C:\WINDOWS\system32\acsouone.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\CAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a88591544c60416e9f51add34dda2834
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a88591544c60416e9f51add34dda2834
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0037250.dat
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

ginoflar · Answer

sa cé le rapport hisjakis jsé pas koi mé tu doit déja le savoir

ginoflar · Answer

avast c'est bien comme anti virus,
et un pare feu c'est utile?
dsl te demandé des truc ki te semble facile mé moi j'y conné pas grand chose

clownface · Answer

il y a encore du vundo dans l'air...

télécharge  fixvundo : https://www.broadcom.com/support/security-center  et fais un scan.

ginoflar · Answer

un message dérreur apparait pendan le scan

clownface · Answer

reponse à ton message 22 :

question antivirus : https://www.malekal.com/avira-free-security-antivirus-gratuit/
question parefeu : http://www.commentcamarche.net/faq/sujet 3486 s curit le parefeu de windows xp

bonne lecture

clownface · Answer

ok alors 

avec Vundofix, (le premier que tu as utilisé)

fais un clic droit dans la fenêtre.
tu vas voir 'Add more files s'afficher sur fond gris"
là tu copie les chemins


C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\pqtss.bak1 
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\abadd.bak2 
C:\WINDOWS\system32\wvvwa.bak2

puis remove Vundo

ginoflar · Answer

ok bien une fois fini les truc ke tu me fé faire on voi pour un pare feu si jte dérange pas bien sur et sinon jfé comment avec mon message d'erreur?

clownface · Answer

ensuite tu postes un nouveau  hijackthis

ginoflar · Answer

le scan est reparti! jte le poste apret(copier\coller) lol

ginoflar · Answer

sa ma mit trojan.vundo has not been found on your computer

ginoflar · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:24, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04A0814E-8CE0-43FE-9190-D524A546F9B1} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {7d8053c8-0292-b518-8184-6be6f50a03fe} - {ef30a05f-6eb6-4818-815b-29208c3508d7} - C:\WINDOWS\system32\acsouone.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\CAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a88591544c60416e9f51add34dda2834
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a88591544c60416e9f51add34dda2834
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0037250.dat
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

clownface · Answer

relance hijackthis

coches ces lignes :
O2 - BHO: (no name) - {04A0814E-8CE0-43FE-9190-D524A546F9B1} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

et cliques sur fix checked

ensuite va dans C:\program files et supprime le dossier ShoppingReport

+ faire ce que je t'ai dit au message 26

ginoflar · Answer

sa y est c'est fait par contre le pc a planter trois fois avant de redevenir bien

clownface · Answer

repostes un hijackthis voir ou on en est

ginoflar · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:05, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {7d8053c8-0292-b518-8184-6be6f50a03fe} - {ef30a05f-6eb6-4818-815b-29208c3508d7} - C:\WINDOWS\system32\acsouone.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\CAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a88591544c60416e9f51add34dda2834
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a88591544c60416e9f51add34dda2834
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0037250.dat
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

clownface · Answer

ok.. 
combofix : http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#3eme methode combofix
postes le rapport

ginoflar · Answer

c'est long a démarer c'est normal

ginoflar · Answer

il est bocoup plus long a ce lancer celui la c'est logique ou j'ai mal fait une manip?

ginoflar · Answer

il me dise de le démarer mode sans échec mais on le fait comment sa?

clownface · Answer

tuto pour le mode sans echec : https://www.malekal.com/demarrer-windows-mode-sans-echec/

ginoflar · Answer

ComboFix 07-11-01.1 - Sabrina 2007-11-03 20:16:50.1 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.816 [GMT 1:00] Running from: C:\Documents and Settings\Sabrina\Mes documents\Swanny JORRE\combofix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Sabrina\Application Data\ShoppingReport C:\Documents and Settings\Sabrina\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\Sabrina\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Sabrina\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\Sabrina\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\Sabrina\Application Data\ShoppingReport\cs eport\aggr_storage.xml C:\Documents and Settings\Sabrina\Application Data\ShoppingReport\cs eport\send_storage.xml C:\Documents and Settings\Sabrina\Application Data\ShoppingReport\cs es1\WhiteList.dbs C:\Documents and Settings\Sabrina\Bureau\Free PC Wallpapers.lnk C:\Documents and Settings\Sabrina\Local Settings\Application Data\cajipfdsia_navps.dat C:\Documents and Settings\Sabrina\Menu Démarrer\Programmes\InternetGameBox C:\Documents and Settings\Sabrina\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk C:\Documents and Settings\Sabrina\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk C:\Documents and Settings\Sabrina\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk C:\Documents and Settings\Sabrina\Menu Démarrer\Programmes\InternetGameBox\Website.lnk C:\Documents and Settings\Sonic\Application Data\ShoppingReport C:\WINDOWS\cookies.ini C:\WINDOWS\system32\__c0012BEB.dat C:\WINDOWS\system32\__c0022652.dat C:\WINDOWS\system32\__c0037250.dat C:\WINDOWS\system32\__c0050B1B.dat C:\WINDOWS\system32\__c0060855.dat C:\WINDOWS\system32\__c007B6E4.dat C:\WINDOWS\system32\__c00806C.dat C:\WINDOWS\system32\__c0083508.dat C:\WINDOWS\system32\__c008AFA1.dat C:\WINDOWS\system32\__c00A3704.dat C:\WINDOWS\system32\__c00A5FF9.dat C:\WINDOWS\system32\__c00B5ACA.dat C:\WINDOWS\system32\__c00B72F3.dat C:\WINDOWS\system32\__c00C1F79.dat C:\WINDOWS\system32\__c00CA5C0.dat C:\WINDOWS\system32\__c00CFE97.dat C:\WINDOWS\system32\__c00D500A.dat C:\WINDOWS\system32\__c00F99C.dat C:\WINDOWS\system32\__c00FD9B6.dat C:\WINDOWS\system32\abadd.ini C:\WINDOWS\system32\acsouone.dll C:\WINDOWS\system32\amlupbiw.dll C:\WINDOWS\system32\arditsmd.dll C:\WINDOWS\system32\ashsnvhs.dll C:\WINDOWS\system32\avpcwhqf.dll C:\WINDOWS\system32\awvvw.dll C:\WINDOWS\system32\brtfaewj.dll C:\WINDOWS\system32\ceayxuho.dll C:\WINDOWS\system32\cnvatvar.dll C:\WINDOWS\system32\cxqymepv.dll C:\WINDOWS\system32\ddaba.dll C:\WINDOWS\system32\dqentmdj.dll C:\WINDOWS\system32\dtuhauvv.dll C:\WINDOWS\system32\ejgerarr.dll C:\WINDOWS\system32\enridgsg.dll C:\WINDOWS\system32\fpijcfuv.dll C:\WINDOWS\system32\ifahcqvs.dll C:\WINDOWS\system32\jjmolcmf.dll C:\WINDOWS\system32\jylriwei.dll C:\WINDOWS\system32\kbvkslav.dll C:\WINDOWS\system32\kinyixks.dll C:\WINDOWS\system32\kjjlm.ini C:\WINDOWS\system32\mljjk.dll C:\WINDOWS\system32 jlfqgpi.dll C:\WINDOWS\system32\ojrawvuu.dll C:\WINDOWS\system32\ppndtmki.dll C:\WINDOWS\system32\pqtss.ini C:\WINDOWS\system32 qbvxhvf.dll C:\WINDOWS\system32\sgrcfrew.dll C:\WINDOWS\system32\sstqp.dll C:\WINDOWS\system32 ajvhuhp.dll C:\WINDOWS\system32 ptmhtjy.dll C:\WINDOWS\system32 rjldrjy.dll C:\WINDOWS\system32\ugueyxhl.dll C:\WINDOWS\system32\umrcaivh.dll C:\WINDOWS\system32\veokltba.dll C:\WINDOWS\system32\vfupnljn.dll C:\WINDOWS\system32\wvvwa.bak2 C:\WINDOWS\system32\wvvwa.ini C:\WINDOWS\system32\ygunwqgo.dll C:\WINDOWS\system32\yqujkgbh.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . ------- m ((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))))))) . 2007-11-03 20:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-03 15:30 d-------- C:\VundoFix Backups 2007-11-03 13:58 d-------- C:\Program Files\Navilog1 2007-11-03 13:19 d-------- C:\Program Files\Trend Micro 2007-11-02 14:05 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-11-01 17:38 d-------- C:\Program Files\Sunbelt Software 2007-10-31 23:43 d-------- C:\Documents and Settings\Sabrina\Application Data\Grisoft 2007-10-31 23:43 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-31 23:43 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-31 23:19 d-------- C:\Documents and Settings\Sabrina\Application Data\Sabrina 2007-10-31 23:19 d-------- C:\Documents and Settings\Sabrina\Application Data eport 2007-10-31 16:02 d-------- C:\Documents and Settings\Sabrina\.housecall6.6 2007-10-31 12:26 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-31 12:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-31 10:45 d-------- C:\Program Files\Lavasoft 2007-10-28 16:10 d-------- C:\Program Files\inKline Global 2007-10-28 10:14 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-28 10:14 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-28 10:14 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-28 10:14 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-28 10:14 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-28 10:14 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-28 10:14 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-26 19:21 d-------- C:\Program Files\Windows Live Safety Center 2007-10-23 21:37 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd 2007-10-10 09:51 584,192 -----c--- C:\WINDOWS\system32\dllcache pcrt4.dll 2007-10-04 17:25 d-------- C:\WINDOWS\system32\PC Booster 5 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-03 19:10 --------- d-----w C:\Program Files\Wanadoo 2007-11-03 19:10 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\OpenOffice.org2 2007-11-02 13:44 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Lavasoft 2007-10-30 21:36 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\LimeWire 2007-10-30 18:01 --------- d-----w C:\Program Files\eMule 2007-10-28 15:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-26 18:08 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\Canon 2007-10-23 21:12 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd 2007-10-23 20:37 --------- d-----w C:\Program Files\Logitech 2007-09-30 12:09 --------- d-----w C:\Program Files\Incomplete 2007-09-30 12:06 --------- d-----w C:\Program Files\film 2007-09-30 12:05 --------- d-----w C:\Program Files\LimeWire 2007-09-29 08:48 --------- d-----w C:\Program Files\Securitoo 2007-09-28 20:15 --------- d-----w C:\Program Files\click-pool 2007-09-28 20:12 --------- d-----w C:\Program Files\videopoker 2007-09-28 20:12 --------- d-----w C:\Program Files\Train3D 2007-09-28 20:07 --------- d-----w C:\Program Files\Micro Application 2007-09-28 20:05 --------- d-----w C:\Program Files\JoWooD 2007-09-28 20:04 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\AquaNox 2007-09-28 16:45 --------- d-----w C:\Program Files\MultiMedia Toolbar 2007-09-28 16:44 --------- d-----w C:\Program Files\Multi_Media 2007-09-26 17:58 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-09-24 15:27 --------- d-----w C:\Documents and Settings\Sonic\Application Data\OpenOffice.org2 2007-09-21 15:47 --------- d-----w C:\Program Files\Google 2007-09-21 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-09-21 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2007-09-19 15:37 --------- d-----w C:\Program Files\Fakeanoid 2007-09-19 15:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-09-19 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3 2007-09-17 19:13 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-09-17 15:23 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\eMule 2007-09-17 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-09-17 13:12 --------- d-----w C:\Program Files\Yahoo! 2007-09-17 13:12 --------- d-----w C:\Program Files\CCleaner 2007-09-15 16:53 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-09-15 16:53 --------- d-----w C:\Program Files\Windows Live Favorites 2007-09-15 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-09-15 16:50 --------- d-----w C:\Program Files\MSN Messenger 2007-09-15 14:32 --------- d-----w C:\Program Files\Alwil Software 2007-09-15 13:59 --------- d-----w C:\Program Files\MSXML 4.0 2007-09-15 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-09-15 13:32 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\MSNInstaller 2007-09-12 17:56 --------- d-----w C:\Program Files\Canon 2007-09-12 17:53 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared 2007-09-12 17:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-09-12 17:53 --------- d-----w C:\Documents and Settings\Sabrina\Application Data\ScanSoft 2007-09-12 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft 2007-09-12 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2007-09-12 17:52 --------- d-----w C:\Program Files\ScanSoft 2007-09-12 17:50 --------- d-----w C:\Program Files\ArcSoft 2007-09-12 17:47 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2007-09-12 17:46 --------- d--h--w C:\Program Files\CanonBJ 2007-09-12 17:41 --------- d-----w C:\Program Files\hp deskjet 3320 series 2007-09-12 17:40 --------- d-----w C:\Program Files\ScannerU 2007-09-08 15:06 --------- d-----w C:\Program Files\Inventel 2007-09-03 13:47 --------- d-----w C:\Documents and Settings\Sonic\Application Data oshiba 2006-12-13 18:32 0 -c--a-w C:\Documents and Settings\Sabrina\Application Data\wklnhst.dat 2006-10-24 19:09 256 ----a-w C:\Documents and Settings\Sonic\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 00:32] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 23:49 C:\WINDOWS\RTHDCPL.exe] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29 C:\WINDOWS\agrsmmsg.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet hotkey.exe" [2006-01-05 14:02] "TPSMain"="TPSMain.exe" [2005-08-03 16:09 C:\WINDOWS\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [2005-09-15 14:19 C:\WINDOWS\system32\TDispVol.exe] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41] "CFSServ.exe"="CFSServ.exe" [] "ABBYY Community Agent"="C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\CAgent.exe" [2001-02-02 22:21] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe" [2005-04-11 16:08] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 17:52] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55] C:\Documents and Settings\Sonic\Menu Démarrer\Programmes\Démarrage\ Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14] OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 12:36:42] C:\Documents and Settings\Sabrina\Menu Démarrer\Programmes\Démarrage\ Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14] OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 12:36:42] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Hyperappel de l'Encyclopédie Universelle Larousse.lnk - C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe [2006-10-29 15:59:15] PI Monitor.lnk - C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2007-04-23 15:34:42] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-12-13 20:12:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\mlljh] C:\WINDOWS\system32\mlljh.dll 2007-09-17 19:32 283232 C:\WINDOWS\system32\mlljh.dll S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS osrfec.sys . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-03 18:36:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-03 20:30:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-11-03 20:35:29 - machine was rebooted . --- E O F ---

ginoflar · Answer

voila c'etai long et sinon windows bloque messanger je l'ai maintenu mais sa fait quoi sa?

clownface · Answer

si tu relances vundofix il ne trouve plus rien ?
a priori il reste celui ci : C:\WINDOWS\system32\mlljh.dll, donc s'il ne le trouve pas -->

fais un clic droit dans la fenêtre.
tu vas voir 'Add more files s'afficher sur fond gris"
là tu copie le chemin

C:\WINDOWS\system32\mlljh.dll

puis remove Vundo 

refais ensuite un hijackthis

ginoflar · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:20, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\CAgent.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media	bMul1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\CAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a88591544c60416e9f51add34dda2834
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a88591544c60416e9f51add34dda2834
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

ginoflar · Answer

sinon le pare feu windows me bloque 
-windows live call
-messanger
c'est quoi et j'ai maintenu le bloquage par sécurité
put tu me dire ce que c'est?

clownface · Answer

ton hijackthis semble ok, 
refais l'option 1 de navilog pour s'assurer qu'il ne trouve plus rien.
+ le rapport d'un scan antivirus en ligne : https://www.bitdefender.com/toolbox/

les parefeux demandent toujours s'ils doivent bloquer des programmes. si tu sais pas tu maintiens le blocage, ensuite si tu vois que ça t'empeche d'utiliser correctement le logiciel, tu peux aller dans le paramétrage de ton parefeu et lui dire de débloquer.

ginoflar · Answer

Search Navipromo version 3.3.4 commencé le 03/11/2007 à 21:21:46,93

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Sabrina\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\SABRINA\LOCALS~1\APPLIC~1 *



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse terminée le 03/11/2007 à 21:22:21,90 ***

clownface · Answer

voilà qui est beaucoup mieux :)

ginoflar · Answer

BitDefender Online Scanner
  
  
 
Scan report generated at: Sat, Nov 03, 2007 - 22:39:45
 
 
  
  
 
Scan path: C:\;D:\;
  
  
 
 
  
  
 
Statistics
 
Time
 01:12:38
 
Files
 401790
 
Folders
 5889
 
Boot Sectors
 3
 
Archives
 7486
 
Packed Files
 18683
 
  
  
 
Results
 
Identified Viruses 
 7
 
Infected Files 
 87
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 165
 
  
  
 
Engines Info
 
Virus Definitions
 860169
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024176.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024176.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024177.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024177.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024178.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024178.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024179.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024179.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024180.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024180.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024181.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024181.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024182.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024182.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024183.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024183.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024184.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024184.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024185.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024185.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024186.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024186.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024187.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024187.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024188.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024188.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024189.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024189.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024190.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024190.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024191.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024191.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024192.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024192.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024193.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024193.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024194.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024194.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024195.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024195.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024196.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024196.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024197.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024197.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024198.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024198.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024199.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024199.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024200.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024200.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024201.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024201.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024202.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024202.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024203.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024203.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024204.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024204.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024205.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024205.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024206.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024206.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024207.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024207.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024208.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024208.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024209.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024209.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024210.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024210.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024211.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024211.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024212.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024212.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024213.dll.bac_a08172=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\A0024213.dll.bac_a08172=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ailaefjd.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ailaefjd.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\bajcnxfm.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\bajcnxfm.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\bayrxlsn.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\bayrxlsn.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\clgrlehr.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\clgrlehr.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\djvxxxrs.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\djvxxxrs.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\eiterdai.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\eiterdai.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ewbmcsdb.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ewbmcsdb.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\eyiienea.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\eyiienea.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ffdvmkcy.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ffdvmkcy.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\htxtgyps.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\htxtgyps.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ikfiyesr.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ikfiyesr.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\itovfnty.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\itovfnty.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\jdoqheum.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\jdoqheum.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\jmyfdeho.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\jmyfdeho.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\jnkcuqbs.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\jnkcuqbs.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\jqfxwyik.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\jqfxwyik.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\khibrbce.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\khibrbce.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\kqhbkrhi.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\kqhbkrhi.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\kykwsgmn.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\kykwsgmn.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\lcckqkme.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\lcckqkme.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\lcvlbrxe.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\lcvlbrxe.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\lvgurunh.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\lvgurunh.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\mbbccfhr.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\mbbccfhr.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\msmkkghf.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\msmkkghf.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine
um[1].bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine
um[1].bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\oykrwsny.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\oykrwsny.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\pbsktcmp.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\pbsktcmp.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\pdkjrpit.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\pdkjrpit.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\pvfluige.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\pvfluige.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\qlbfulet.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\qlbfulet.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\qlyvcqlx.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\qlyvcqlx.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantinegtscuig.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantinegtscuig.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\stfqxhnm.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\stfqxhnm.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine	svprhlj.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine	svprhlj.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ujjunsta.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ujjunsta.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ukepveyb.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ukepveyb.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\vmhrqyih.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\vmhrqyih.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\xucydgps.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\xucydgps.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\yiuhcpgm.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\yiuhcpgm.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ywibiekq.dll.bac_a07688=>(Quarantine-4)
 Infected with: Trojan.Vundo.DOD
 
C:\Documents and Settings\Sabrina\.housecall6.6\Quarantine\ywibiekq.dll.bac_a07688=>(Quarantine-4)
 Deleted
 
C:\Program Files\Navilog1\Backupnavi\wxovaxlav.exe
 Detected with: Adware.Navipromo.BYZ
 
C:\Program Files\Navilog1\Backupnavi\wxovaxlav.exe
 Disinfection failed
 
C:\Program Files\Navilog1\Backupnavi\wxovaxlav.exe
 Deleted
 
C:\qoobox\Quarantine\C\WINDOWS\system32\awvvw.dll.vir
 Infected with: DeepScan:Generic.Virtumod.C59CC9A2
 
C:\qoobox\Quarantine\C\WINDOWS\system32\awvvw.dll.vir
 Disinfection failed
 
C:\qoobox\Quarantine\C\WINDOWS\system32\awvvw.dll.vir
 Deleted
 
C:\qoobox\Quarantine\C\WINDOWS\system32\ddaba.dll.vir
 Infected with: DeepScan:Generic.Virtumod.E21A7144
 
C:\qoobox\Quarantine\C\WINDOWS\system32\ddaba.dll.vir
 Disinfection failed
 
C:\qoobox\Quarantine\C\WINDOWS\system32\ddaba.dll.vir
 Deleted
 
C:\qoobox\Quarantine\C\WINDOWS\system32\mljjk.dll.vir
 Infected with: DeepScan:Generic.Virtumod.E2AF24CA
 
C:\qoobox\Quarantine\C\WINDOWS\system32\mljjk.dll.vir
 Disinfection failed
 
C:\qoobox\Quarantine\C\WINDOWS\system32\mljjk.dll.vir
 Deleted
 
C:\qoobox\Quarantine\C\WINDOWS\system32\sstqp.dll.vir
 Infected with: DeepScan:Generic.Virtumod.199508B9
 
C:\qoobox\Quarantine\C\WINDOWS\system32\sstqp.dll.vir
 Disinfection failed
 
C:\qoobox\Quarantine\C\WINDOWS\system32\sstqp.dll.vir
 Deleted
 
C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP1\A0000033.dll
 Infected with: DeepScan:Generic.Virtumod.DE489CEC
 
C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP1\A0000033.dll
 Disinfection failed
 
C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP1\A0000033.dll
 Deleted
 
C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP1\A0000044.exe
 Detected with: Adware.Navipromo.BYZ
 
C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP1\A0000044.exe
 Disinfection failed
 
C:\System Volume Information\_restore{D475D116-DF88-45C4-8BF3-9AB6FC089BD7}\RP1\A0000044.exe
 Deleted
 
C:\VundoFix Backups\jkhfg.dll.bad
 Infected with: DeepScan:Generic.Virtumod.E21A7144
 
C:\VundoFix Backups\jkhfg.dll.bad
 Disinfection failed
 
C:\VundoFix Backups\jkhfg.dll.bad
 Deleted
 
C:\VundoFix Backups\mlljh.dll .bad
 Infected with: DeepScan:Generic.Virtumod.DE489CEC
 
C:\VundoFix Backups\mlljh.dll .bad
 Disinfection failed
 
C:\VundoFix Backups\mlljh.dll .bad
 Deleted

ginoflar · Answer

voila le rapport du scan super long mais éfficace je te remerci vraiment pour aujourdhui de mavoir aider c'est super sympa de ta part merci bocoup

ginoflar · Answer

sinon pour un pare feu on poura voir sa demain?

clownface · Answer

ok 

désinstalles : 

navilog,
vundofix,
fixvundo,
virtumundobegone,
combofix,

supprimes leurs dossiers s'il en reste
et refais un scan bitdefender

ginoflar · Answer

encore? j'ai déja supprimé les truc

clownface · Answer

avant ou après le scan ?
a priori il a été chercher dans leurs sauvegarde les fichiers infectés...
j'aimerai un rapport  infected files = 0

ginoflar · Answer

ok jten refait un jé du en oublié pas de probleme

ginoflar · Answer

je re apres

ginoflar · Answer

non non j'y tien

ginoflar · Answer

BitDefender Online Scanner
  
  
 
Scan report generated at: Sun, Nov 04, 2007 - 01:12:57
 
 
  
  
 
Scan path: C:\;D:\;
  
  
 
 
  
  
 
Statistics
 
Time
 02:03:15
 
Files
 401717
 
Folders
 5890
 
Boot Sectors
 3
 
Archives
 7485
 
Packed Files
 18611
 
  
  
 
Results
 
Identified Viruses 
 0
 
Infected Files 
 0
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 0
 
  
  
 
Engines Info
 
Virus Definitions
 860170
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
No virus found.

ginoflar · Answer

cé pas beau sa? merci pour tous cé sympa de ta part et pour le pare-feu on vera demain je peut metre résolus ou pas?

ginoflar · Answer

bon je reviendrai demin bon nuit a toi et encore merci!!!!!!!!

Lyonnais92 · Answer

Bonjour à tous les deux,

beau boulot.

ginoflar · Answer

salut, bien dormi? nikel bon tu mdira si té dispo pour un ti pare-feu a moin kil nous reste des truc a faire et merci au lyonnais92 c'est sympa!!

clownface · Answer

Hello,

merci lyonnais92.

waouh c'est beau ton rapport bitdefender...
avg antispyware dit que tout va bien aussi ??

il faut encore que tu mettes  à jour java : https://www.java.com/fr/download/uninstalltool.jsp
parce que : http://www.secuser.com/vulnerabilite/2007/071004_java.htm <-- pour info

pour le parefeu que veux-tu savoir  ?

ginoflar · Answer

Bonjour, 
antispyware nikel aussi 
java c'est quoi?
et pour le pare feu jvoudrai en metre un et le configurer comme il faut 
un en français sa serais cool
j'ai vu que tu avait zalarm 
et un autre antivirus ke avast parceque j'ai pu lire que c'étais une passoire! 
stp 
jten remerci!

ginoflar · Answer

sa y est java est mit a jour

clownface · Answer

java permet d'avoir accès a certaines images et animations sur le web, souvent nécessaire. actuellement tu as une version qui présente des failles de sécurité.

question antivirus : https://www.malekal.com/avira-free-security-antivirus-gratuit/
question parefeu : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/zonealarm-tutorial-sujet_169658_1.htm

maintenant  tu as les liens de téléchargemnet et explications de configuration, y a plus qu'à...

bon courage
A+

ginoflar · Answer

j'ai lut tout sa 
antivir a l'air bien mais en anglais
et par contre vu ke zone alarm possède un antivirus sa peut posé des probleme avec avast?

ginoflar · Answer

merci pour ton aide clown face tu a été très pro pour m'aider merci a+ et bon courage.

clownface · Answer

prend le la : http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm, il n'y a que le parefeu.

Probleme d'infection ???

69 réponses

Discussions similaires