Problème antivirus 2009 help!!

[Résolu/Fermé]
Signaler
Messages postés
12
Date d'inscription
jeudi 24 juillet 2008
Statut
Membre
Dernière intervention
25 avril 2009
-
 seb -
Bonjour,

je vois que je ne suis pas la seul a avoir des problèmes avec ce virus!!
j'ai donc téléchargé malwarebytes et j'ai fais l'analyse (qui a durée 3h) suite a ca j'ai fais supprimer tous ce qu'il avait trouvé mais ca m'a dit qu'il y avait des fichiers qu'il pouvait pas supprimer!!
que dois je faire pour etre sur que je n'ai plus du tous de virus!!

de plus j'ai un autre problème, dans le centre de sécurité windows j'ai ma mise a jour automatique qui ne reste pas même si je clique dessus elle reste 5 minutes a peine, ca me met un message désolé....
est ce un autre virus??

J'ai AVG en antivirus
Ccleaner, ad aware que je passe souvent
et spybot

voila le rapport de malwarebytes

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 986
Windows 5.1.2600 Service Pack 2

19:13:23 24/07/2008
mbam-log-7-24-2008 (19-13-23).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 218751
Temps écoulé: 3 hour(s), 32 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 95

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBrPHWp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJCtqnl.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36ba183f-3253-4877-ae29-02894a17cc1b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36ba183f-3253-4877-ae29-02894a17cc1b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94caca1d-f133-45ed-ad27-551482417eb1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{94caca1d-f133-45ed-ad27-551482417eb1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3aa6678d-1ce0-499e-b9f6-8444dee39d88} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3aa6678d-1ce0-499e-b9f6-8444dee39d88} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjctqnl (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6e2a755-9706-4490-8e4d-8b4f82ee60ee} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\performance optimizer (trial version) (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a0b993f7 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3aa6678d-1ce0-499e-b9f6-8444dee39d88} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrphwp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrphwp -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free) (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\com_s (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\cur_s (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Restore (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks.Bak (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\spludu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBrPHWp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pWHPrBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pWHPrBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afseklxq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qxlkesfa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\waxttdia.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aidttxaw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCtqnl.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0N2Z81JD\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0N2Z81JD\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Motorola Phone Tools\MPT_TEST_Info.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\ua_manager.exe (Rogue.PerformanceOptimizer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{855E1445-C257-4E62-98F7-CCA06E6C4C35}\RP807\A0269300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbruxawx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpjhisjl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jznrhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kcyvohtm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGwUNe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rnaeno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scui.cpl (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQhiGV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\terhvm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUKcdeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxrspqul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\creader.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\inst.imd (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\install_stat2.tmp (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\language.cfg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\MFC71.dll (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\msvcp71.dll (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\msvcr71.dll (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\pcid.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\PerfOpt.chm (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\po_cfg.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\ReadMe.doc (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\sload.sbd (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\ver.dat (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1031_im1.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1031_im2.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1031_im4.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1033_im1.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1033_im2.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1033_im4.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1034_im1.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1034_im2.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1034_im4.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1036_im1.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1036_im2.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\1036_im4.png (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\English.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\English_po.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\English_spo.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\Franch.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\Franch_po.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\Franch_spo.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\German.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\German_po.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\German_spo.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\Spanish.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\Spanish_po.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Language\Spanish_spo.ini (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3pssavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

que dois je faire de plus??
merci

13 réponses

Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
Salut !!

redémarre le pc pour finir la suppression de malwarebytes si ce n est déjà fait et ensuite :

Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

voici un tuto pour bien l installer : https://forums.cnetfrance.fr

-une fois installé, le renommer HJT.exe pour contrer une éventuelle infection vundo
-Double-clic dessus
- Clic sur "Do a system scan and save the log"
- copier le rapport, le coller dans la réponse
Messages postés
12
Date d'inscription
jeudi 24 juillet 2008
Statut
Membre
Dernière intervention
25 avril 2009

voila c'est fait.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:18, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {03628940-49E5-4845-A98E-65894695526C} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36ba183f-3253-4877-ae29-02894a17cc1b} - (no file)
O2 - BHO: (no name) - {3AA6678D-1CE0-499E-B9F6-8444DEE39D88} - C:\WINDOWS\system32\ljJCtqnl.dll
O2 - BHO: (no name) - {4D01E6FB-6765-4411-9306-32F90AE7A439} - (no file)
O2 - BHO: (no name) - {5142F3B3-C3F6-42DB-A24E-EFEE2B44945A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70C37D78-43E7-46C7-9F46-29AAA82FE9CD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {910ABBC5-4327-4052-9E32-1DE7107D510D} - C:\WINDOWS\system32\geBrPHWp.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup2] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP002.TMP\"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [07575129551469642935110445102367] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: FreeBot.lnk = C:\Program Files\FreeBot\freebot.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - https://www.trendmicro.com/fr_fr/business.html (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - https://www.trendmicro.com/fr_fr/business.html
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.photoweb.fr/order/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ljJCtqnl - C:\WINDOWS\SYSTEM32\ljJCtqnl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
Télécharger l'utilitaire FixVundo (Symantec) : https://www.broadcom.com/support/security-center


Lancer "FixVundo" en double-cliquant sur son icône.

Démarrer l'analyse en Cliquant sur "Start".
A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.

copier/coller le rapport dans le nouveau message sur le forum
Messages postés
12
Date d'inscription
jeudi 24 juillet 2008
Statut
Membre
Dernière intervention
25 avril 2009

j'arrive pas a le dl!
ca me met run time error


--ymantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It cannot be terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.


The scanning procedure was cancelled.


Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 3
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0

Windows XP edition familiale
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
ok...essais ceci :

Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

déconnecte internet et désactive ton antivirus le temps de la manipulation



=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

ensuite refais un nouveau rapport hijackthis stp
c'est fais mon pc c'est eteind et a redemaré :d
voila le rapport
[07/24/2008, 21:25:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\52I0RI81\VirtumundoBeGone[1].exe" )
[07/24/2008, 21:25:23] - Detected System Information:
[07/24/2008, 21:25:23] - Windows Version: 5.1.2600, Service Pack 2
[07/24/2008, 21:25:23] - Current Username: Propriétaire (Admin)
[07/24/2008, 21:25:23] - Windows is in NORMAL mode.
[07/24/2008, 21:25:23] - Searching for Browser Helper Objects:
[07/24/2008, 21:25:23] - BHO 1: {03628940-49E5-4845-A98E-65894695526C} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - No filename found. Continuing.
[07/24/2008, 21:25:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/24/2008, 21:25:23] - BHO 3: {36ba183f-3253-4877-ae29-02894a17cc1b} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - No filename found. Continuing.
[07/24/2008, 21:25:23] - BHO 4: {3AA6678D-1CE0-499E-B9F6-8444DEE39D88} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - Checking for HKLM\...\Winlogon\Notify\ljJCtqnl
[07/24/2008, 21:25:23] - Found: HKLM\...\Winlogon\Notify\ljJCtqnl - This is probably Virtumundo.
[07/24/2008, 21:25:23] - Assigning {3AA6678D-1CE0-499E-B9F6-8444DEE39D88} MSEvents Object
[07/24/2008, 21:25:23] - BHO list has been changed! Starting over...
[07/24/2008, 21:25:23] - BHO 1: {03628940-49E5-4845-A98E-65894695526C} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - No filename found. Continuing.
[07/24/2008, 21:25:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/24/2008, 21:25:23] - BHO 3: {36ba183f-3253-4877-ae29-02894a17cc1b} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - No filename found. Continuing.
[07/24/2008, 21:25:23] - BHO 4: {3AA6678D-1CE0-499E-B9F6-8444DEE39D88} (MSEvents Object)
[07/24/2008, 21:25:23] - ALERT: Found MSEvents Object!
[07/24/2008, 21:25:23] - BHO 5: {4D01E6FB-6765-4411-9306-32F90AE7A439} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - No filename found. Continuing.
[07/24/2008, 21:25:23] - BHO 6: {5142F3B3-C3F6-42DB-A24E-EFEE2B44945A} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - No filename found. Continuing.
[07/24/2008, 21:25:23] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/24/2008, 21:25:23] - BHO 8: {70C37D78-43E7-46C7-9F46-29AAA82FE9CD} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - No filename found. Continuing.
[07/24/2008, 21:25:23] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/24/2008, 21:25:23] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - No filename found. Continuing.
[07/24/2008, 21:25:23] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/24/2008, 21:25:23] - BHO 12: {910ABBC5-4327-4052-9E32-1DE7107D510D} ()
[07/24/2008, 21:25:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:23] - Checking for HKLM\...\Winlogon\Notify\geBrPHWp
[07/24/2008, 21:25:23] - Key not found: HKLM\...\Winlogon\Notify\geBrPHWp, continuing.
[07/24/2008, 21:25:23] - BHO 13: {A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)
[07/24/2008, 21:25:23] - BHO 14: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/24/2008, 21:25:23] - BHO 15: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/24/2008, 21:25:23] - BHO 16: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/24/2008, 21:25:23] - Finished Searching Browser Helper Objects
[07/24/2008, 21:25:23] - *** Detected MSEvents Object
[07/24/2008, 21:25:23] - Trying to remove MSEvents Object...
[07/24/2008, 21:25:24] - Terminating Process: IEXPLORE.EXE
[07/24/2008, 21:25:24] - Terminating Process: RUNDLL32.EXE
[07/24/2008, 21:25:24] - Disabling Automatic Shell Restart
[07/24/2008, 21:25:24] - Terminating Process: EXPLORER.EXE
[07/24/2008, 21:25:25] - Suspending the NT Session Manager System Service
[07/24/2008, 21:25:25] - Terminating Windows NT Logon/Logoff Manager
[07/24/2008, 21:25:25] - Re-enabling Automatic Shell Restart
[07/24/2008, 21:25:25] - File to disable: C:\WINDOWS\system32\ljJCtqnl.dll
[07/24/2008, 21:25:25] - Renaming C:\WINDOWS\system32\ljJCtqnl.dll -> C:\WINDOWS\system32\ljJCtqnl.dll.vir
[07/24/2008, 21:25:25] - File successfully renamed!
[07/24/2008, 21:25:25] - Removing HKLM\...\Browser Helper Objects\{3AA6678D-1CE0-499E-B9F6-8444DEE39D88}
[07/24/2008, 21:25:26] - Removing HKCR\CLSID\{3AA6678D-1CE0-499E-B9F6-8444DEE39D88}
[07/24/2008, 21:25:26] - Adding Kill Bit for ActiveX for GUID: {3AA6678D-1CE0-499E-B9F6-8444DEE39D88}
[07/24/2008, 21:25:26] - Deleting ATLEvents/MSEvents Registry entries
[07/24/2008, 21:25:26] - Removing HKLM\...\Winlogon\Notify\ljJCtqnl
[07/24/2008, 21:25:26] - Searching for Browser Helper Objects:
[07/24/2008, 21:25:26] - BHO 1: {03628940-49E5-4845-A98E-65894695526C} ()
[07/24/2008, 21:25:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:26] - No filename found. Continuing.
[07/24/2008, 21:25:26] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/24/2008, 21:25:26] - BHO 3: {36ba183f-3253-4877-ae29-02894a17cc1b} ()
[07/24/2008, 21:25:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:26] - No filename found. Continuing.
[07/24/2008, 21:25:26] - BHO 4: {4D01E6FB-6765-4411-9306-32F90AE7A439} ()
[07/24/2008, 21:25:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:26] - No filename found. Continuing.
[07/24/2008, 21:25:26] - BHO 5: {5142F3B3-C3F6-42DB-A24E-EFEE2B44945A} ()
[07/24/2008, 21:25:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:26] - No filename found. Continuing.
[07/24/2008, 21:25:26] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/24/2008, 21:25:26] - BHO 7: {70C37D78-43E7-46C7-9F46-29AAA82FE9CD} ()
[07/24/2008, 21:25:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:26] - No filename found. Continuing.
[07/24/2008, 21:25:26] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/24/2008, 21:25:26] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/24/2008, 21:25:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:26] - No filename found. Continuing.
[07/24/2008, 21:25:26] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/24/2008, 21:25:26] - BHO 11: {910ABBC5-4327-4052-9E32-1DE7107D510D} ()
[07/24/2008, 21:25:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/24/2008, 21:25:26] - Checking for HKLM\...\Winlogon\Notify\geBrPHWp
[07/24/2008, 21:25:26] - Key not found: HKLM\...\Winlogon\Notify\geBrPHWp, continuing.
[07/24/2008, 21:25:26] - BHO 12: {A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)
[07/24/2008, 21:25:26] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/24/2008, 21:25:26] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/24/2008, 21:25:26] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/24/2008, 21:25:26] - Finished Searching Browser Helper Objects
[07/24/2008, 21:25:26] - Finishing up...
[07/24/2008, 21:25:26] - A restart is needed.
[07/24/2008, 21:25:44] - Attempting to Restart via STOP error (Blue Screen!)

le rapport hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:19, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FreeBot\freebot.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {03628940-49E5-4845-A98E-65894695526C} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36ba183f-3253-4877-ae29-02894a17cc1b} - (no file)
O2 - BHO: (no name) - {4D01E6FB-6765-4411-9306-32F90AE7A439} - (no file)
O2 - BHO: (no name) - {5142F3B3-C3F6-42DB-A24E-EFEE2B44945A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70C37D78-43E7-46C7-9F46-29AAA82FE9CD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {910ABBC5-4327-4052-9E32-1DE7107D510D} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FC1D2118-A8BF-4977-A03B-A2944A2DDC20} - C:\WINDOWS\system32\geBrPHWp.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup2] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP002.TMP\"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [07575129551469642935110445102367] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: FreeBot.lnk = C:\Program Files\FreeBot\freebot.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - https://www.trendmicro.com/fr_fr/business.html (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - https://www.trendmicro.com/fr_fr/business.html
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.photoweb.fr/order/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
ca a l air bon je ne vois plus d infections

relance hijackthis en cliquant sur scan only et coches ces lignes stp:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: (no name) - {03628940-49E5-4845-A98E-65894695526C} - (no file)
O2 - BHO: (no name) - {36ba183f-3253-4877-ae29-02894a17cc1b} - (no file)
O2 - BHO: (no name) - {4D01E6FB-6765-4411-9306-32F90AE7A439} - (no file)
O2 - BHO: (no name) - {5142F3B3-C3F6-42DB-A24E-EFEE2B44945A} - (no file)
O2 - BHO: (no name) - {70C37D78-43E7-46C7-9F46-29AAA82FE9CD} - (no file)
O2 - BHO: (no name) - {910ABBC5-4327-4052-9E32-1DE7107D510D} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O2 - BHO: (no name) - {FC1D2118-A8BF-4977-A03B-A2944A2DDC20} - C:\WINDOWS\system32\geBrPHWp.dll
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup2] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP002.TMP\"
O4 - HKCU\..\Run: [07575129551469642935110445102367] C:\Program Files\Antivirus 2009\av2009.exe
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - https://www.trendmicro.com/fr_fr/business.html­l_pre.php (file missing)
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab

puis tu cliques sur fix checked.

tu as encore des traces de norton...utilise ce programme pour les supprimer :

norton removal tools : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

vas aussi faire les mises à niveau de java et adobe reader à ces adresses :

java : https://www.java.com/fr/download/manual.jsp

adobe reader XP : https://get2.adobe.com/reader/otherversions/

et ensuite désinstalles les versions antérieures.

est ce que tu as encore des problemes ??
Messages postés
12
Date d'inscription
jeudi 24 juillet 2008
Statut
Membre
Dernière intervention
25 avril 2009

merci beaucoup pour ton aide precieuse.j'ai suivi tes instructions,j'espere que c'est ok,je te renvoie un rapport hijack afin de voir si tout est ok .en tout cas merci beaucoup tu gere.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:51, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FC1D2118-A8BF-4977-A03B-A2944A2DDC20} - C:\WINDOWS\system32\geBrPHWp.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup2] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP002.TMP\"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: FreeBot.lnk = C:\Program Files\FreeBot\freebot.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - https://www.trendmicro.com/fr_fr/business.html
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.photoweb.fr/order/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
mais de rien c était avec plaisir que je t ai aidé..

si tu n as plus de problemes tu peux faire ceci pour terminer :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

Télécharge toolscleaner sur ton Bureau : http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse


Désactive et réactive la Restauration du système :

1 Dans la barre des tâches de Windows, clique sur Démarrer.

2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.

5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Messages postés
12
Date d'inscription
jeudi 24 juillet 2008
Statut
Membre
Dernière intervention
25 avril 2009

voici le rapport ,j'ai fait ce que tu m'as dit.ca fonctionne ,merci encore ,si j'ai d'autre soucis je sais a qui m'adresser.
-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Mes documents\HJTInstall.exe: trouvé !
C:\Documents and Settings\Propriétaire\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Mes documents\HJTInstall.exe: supprimé !
C:\Documents and Settings\Propriétaire\Recent\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
C est ok ;-)

tu pourras mettre résolu à ton topic !!

Bonne fin de soirée @+
Messages postés
12
Date d'inscription
jeudi 24 juillet 2008
Statut
Membre
Dernière intervention
25 avril 2009

a toi aussi bonne fin de soirée a +
bjr moiaussi javai antivirus 2009 jai telecharger spyware terminator le scana durer 2h30 min mai dpui jai plu aucun prob voila donc si ca peu aider a plus