Probleme avec total secure [spyware]Fermé

Question

Bonjour tous le monde. j'ai un spyware du nom de total secure qui me pause quelques problèmes, et je n'arrive pas a le supprimer. Ce serais cependant bien s'il pouvais partir assez vite car il commence a supprimer pas mal d'icône dans mon menu démarrer ou ma barre de tache.

 Merci d'avance pour votre aide

buginformatik · Answer

Lu'

Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

/!\ Déconnectes toi d'internet, fermes toutes tes fenêtres en cours et désactives ton system de défense ( anti-virus ,anti-spyware,...) le temps de la manip.

Il faut impérativement Installes le fix à la racine de C: ( et pas ailleurs ! ==>"C:\SmitfraudFix.exe" ) .

Tuto : http://siri.urz.free.fr/Fix/SmitfraudFix.php

Double clique sur l'icône "Smitfraudfix.exe" et sélectionnes l'option 1, pour créer un rapport des fichiers infectés.

Postes le rapport ( "rapport.txt" qui se trouve sous C: ).

Utilisateur anonyme · Answer

Même pas de Hijackthis pour contrôler.........
Le monde est a l'envers

Masterpinguin · Answer

plouf, Merci de votre aide les gens.
Donc comme demander voila le rapport.



SmitFraudFix v2.370

Rapport fait à 11:36:43,34, 31/10/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Propriétaire\Mes documents\SmitfraudFix\Policies.exe
C:\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\emnvoqgx.exe PRESENT !
C:\WINDOWS\k.txt PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

[!] Suspicious: SYSBAS~1.DLL
BHO: Phonomia - {A2F253AD-1F23-4D87-A64B-D6987F38D981}
TypeLib: {10026069-7A5F-4531-811E-C8DF20643BEE}
Interface: {5E58DFE1-D27C-4CF0-BFEF-539A63C0BECE}
VersionIndependentProgID: pnphon.Bho
ProgID: Poals



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="ktjsqw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Compact Wireless-G USB Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0D6463CF-AEE5-498C-B2FF-2CB9E362D63C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0D6463CF-AEE5-498C-B2FF-2CB9E362D63C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

Tu es bizarre....

buginformatik · Answer

Redémarre ton PC en mode sans échec. 

Pour cela, redémarre ton ordinateur
Après le bip, tapote la touche F8 de ton clavier
Choisir le mode sans échec


Lance Smitfraudfix comme la 1ère fois, et choisir l'option 2

Réponds par Y ou O aux questions posées et valide par ENTREE...


Redémarre en mode normal et poste le rapport sur le forum.




PS : je sors, j'en ai pour une bonne heure, si par hasard et cela pour gagner ton temps et le notre, Loicdem souhaite t'aider il y est le bienvenu ;)
A+

Masterpinguin · Answer

plouf, donc voila le rapport

SmitFraudFix v2.370

Rapport fait à 12:13:54,84, 31/10/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix



»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\emnvoqgx.exe supprimé
C:\WINDOWS\k.txt supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

C:\WINDOWS\system32\SYSBAS~1.DLL deleted.


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0D6463CF-AEE5-498C-B2FF-2CB9E362D63C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0D6463CF-AEE5-498C-B2FF-2CB9E362D63C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin





Sinon après avoir redémarrer j'avais encore des icône de spyware autre que total  secure, si vous savez comment les supprimer définitivement ce serasi bien en passant :p ^^

buginformatik · Answer

Avant d'utiliser Hijackthis on va nettoyer le PC :

Il existe un logiciel nommé Ccleaner, qui vous permet de supprimer tout les fichiers inutiles de votre ordinateur, parfois responsables de la lenteur :
https://filehippo.com/download_ccleaner/
Latest Version
CCleaner 2.13.720

ATTENTION : décochez la ligne Ajouter la barre d'Outils Yahoo! CCleaner.

>>>

Pour CCleaner : Afin que le nettoyage soit le plus en profondeur et que tu puisse garder un certain confort tu peux cocher sans problèmes :

POUR L'ONGLET WINDOWS :

- Tout internet explorer (vu que tu es sous firefox)

- Tout Windows explorer

- Tout dans Système, exceptés : Raccourcis du menu démarrer et l'autre

- Dans avancé : Vieilles données du prefecht, fichiers journal ISS, désinstallateurs de hotfixes

POUR L'ONGLET APPLICATION :

- Mozilla : cache, cookies, et les 2 historiques

- Après tu peux tout cocher, sauf ce qui est liés à la sécurité du PC (windows defender, Spybot etc...)


PARTIE REGISTRE :

Tu coches TOUT sauf extensions de fichiers inexistantes puis chercher les erreurs, sans oublier de bien faire la sauvegarde proposée en la gardant dans mes documents. 
A faire 2 fois de suite


>>>

Télécharges hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.zip

et voici un gif pour bien l'installer : http://pageperso.aol.fr/balltrap34/Hijenr.gif

- Une fois téléchargé, renommer l'éxécutable en HJT.exe pour contrer une éventuelle infection vundo
- Double-clic dessus
- Clic sur "Do a system scan and save the log"
- Copies le rapport, le coller dans la réponse


A priori en passant Malware byte anti malware tu sera totalement débarassée

Masterpinguin · Answer

plouf, donc voila le rapport hijackThis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12: VIRUS ALERT!, on 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17377F5C-2147-428F-AE9E-A457EF430AF4} - C:\WINDOWS\system32\awtqPhfc.dll
O2 - BHO: (no name) - {3057C056-7BFC-4D6E-A1A2-1F1E408E6F05} - (no file)
O2 - BHO: (no name) - {31FC1F5B-A825-4335-827F-9A604838884A} - C:\WINDOWS\system32\cbXRjjHy.dll
O2 - BHO: {1d4fa7f0-2e00-96ba-4804-6754b858cc93} - {39cc858b-4576-4084-ab69-00e20f7af4d1} - C:\WINDOWS\system32\ktjsqw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A2F253AD-1F23-4D87-A64B-D6987F38D981} - (no file)
O2 - BHO: (no name) - {B4AA904D-84F6-40F0-8939-44ED82D302C9} - (no file)
O2 - BHO: (no name) - {CB81D82C-0C59-4004-A81C-6DF226BDA65D} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: wvfsrqab - {BF5D331A-6F87-49DD-A63A-3598EB776844} - C:\WINDOWS\wvfsrqab.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [486627f0] rundll32.exe "C:\WINDOWS\system32\yquuybde.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: ktjsqw.dll
O20 - Winlogon Notify: cbXRjjHy - C:\WINDOWS\SYSTEM32\cbXRjjHy.dll
O21 - SSODL: wfexqnrp - {14455C99-0B06-47A7-B391-E78FBB533C8D} - C:\WINDOWS\wfexqnrp.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

buginformatik · Answer

Tu vas télécharger la dernière version de Malwarebytes anti malware 1.30 : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

Voici un tuto pour bien l'installer et l'utiliser : http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
(N'utilises pas File assassin)
<gras>

N'oublie pas de supprimer les menaces à la fin du scan et de poster le log sur le forum !
Merci

Masterpinguin · Answer

Plouf, K je ferais cela tt a l'heure parce que la je dois aussi partir. encore merci et je fais la manip des que je peux 
bonne fin de jounrée

Masterpinguin · Answer

donc voila le log si je me trompe pas sur ce que c'est :p

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1349
Windows 5.1.2600 Service Pack 3

01/11/2008 17:56:24
mbam-log-2008-11-01 (17-56-24).txt

Type de recherche: Examen complet (C:\|D:\|L:\|)
Eléments examinés: 246209
Temps écoulé: 2 hour(s), 19 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 17
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awtqPhfc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\udejue.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRjjHy.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31fc1f5b-a825-4335-827f-9a604838884a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxrjjhy (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{31fc1f5b-a825-4335-827f-9a604838884a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e031ebe-789b-4116-8123-172434d41f27} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8e031ebe-789b-4116-8123-172434d41f27} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8cd84c3-1d83-4594-89cf-849d7cb8803f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f8cd84c3-1d83-4594-89cf-849d7cb8803f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f8cd84c3-1d83-4594-89cf-849d7cb8803f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31fc1f5b-a825-4335-827f-9a604838884a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5e58dfe1-d27c-4cf0-bfef-539a63c0bece} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{10026069-7a5f-4531-811e-c8df20643bee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2f253ad-1f23-4d87-a64b-d6987f38d981} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2f253ad-1f23-4d87-a64b-d6987f38d981} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14455c99-0b06-47a7-b391-e78fbb533c8d} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e97d3569-acd2-4951-9b9b-39e3a8bcb305} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a35f3f2-295d-44a0-9463-9616089a5ba7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf5d331a-6f87-49dd-a63a-3598eb776844} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf5d331a-6f87-49dd-a63a-3598eb776844} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wvfsrqab.blxs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wvfsrqab.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\486627f0 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{31fc1f5b-a825-4335-827f-9a604838884a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wfexqnrp (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf5d331a-6f87-49dd-a63a-3598eb776844} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awtqphfc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtqphfc  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55639-OEM-0011903-00106) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\cbXRjjHy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtqPhfc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cfhPqtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfhPqtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udejue.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\svnjuqjv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjqujnvs.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\222RKYQD
d82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\222RKYQD\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0031927.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0031928.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0032044.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\elqw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wfexqnrp.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRhEUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gciygmpc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhaefhqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ktjsqw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnMFyAT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoLcBS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrbabrmf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yomlzv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\wvfsrqab.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Bureau\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Bureau\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Bureau\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.



et merci encore une fosi de ton attention pour ce probleme problematique :p

Masterpinguin · Answer

plouf!!  donc voila le rapport hijackthis




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:25, on 02/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3057C056-7BFC-4D6E-A1A2-1F1E408E6F05} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B4AA904D-84F6-40F0-8939-44ED82D302C9} - (no file)
O2 - BHO: (no name) - {CB81D82C-0C59-4004-A81C-6DF226BDA65D} - (no file)
O2 - BHO: (no name) - {F123F28B-5BA4-499D-95B8-9A2BAE810FF2} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: udejue.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

buginformatik · Answer

Tu n'as pas d'antivirus ???

~~ Faites nous confiance ~~
Mettez Toujours vos navigateurs internet à jour ! (IE7, Mozilla 3.0.3)

Masterpinguin · Answer

plouf, en faite si j'ai avast, mais je l'aii désinstaller juste avant de commencer a poster parce que je penser qu'il avait était infester car il n'arriver pas a supprimer toutes les merdes, et je dois avouer qeu je l'ai toujours pas réinstaller..... :D

buginformatik · Answer

On va virer avast car... plouf

Télécharge antivir c'est un peu long selon ta connexion) : https://download.cnet.com/Avira-Free-Security-with-Antivirus/3000-18510_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=10867326

Puis, Télécharge l'Utilitaire de désinstallation d'avast! : https://www.avast.com/fr-fr/uninstall-utility

Coupe ta connexion internet

# Désactive le système d’autoprotection avast! si enclenché
# Exécute l'utilitaire téléchargé
# Si vous avez installé avast dans un dossier différent de celui par défaut retrouvez le en parcourrant votre disque avec le bouton "...". (Note: Faites attention! Le contenu de tout dossier que vous choisirez sera supprimé!)
# Cliquez sur Uninstall
# supprime l'Utilitaire de désinstallation d'avast!
# Redémarrez votre ordinateur



Installe antivir récemment téléchargé

Tuto de prise en main d'antivir : https://www.malekal.com/avira-free-security-antivirus-gratuit/


>>>>>>>>>>>>>>>
Voici pourquoi plouf :

Voici le comparatif de Avast et antivir : http://forum.malekal.com/ftopic3528.php

Masterpinguin · Answer

ouki douki voila qui est fais. bon j'espere que j'aurais plus de problème  et encore merci pour ton aide et le temps que tu m'a consacrer :p

bonne suite ( si c'est bien fini ^^)

Masterpinguin · Answer

et voila le rapport Avira AntiVir Personal Report file date: dimanche 2 novembre 2008 14:57 Scanning for 1001710 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: NOM-69YPOL3RYHI Version information: BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:41:20 ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 12:41:22 ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 12:41:22 ANTIVIR3.VDF : 7.1.0.26 14848 Bytes 31/10/2008 12:41:23 Engineversion : 8.2.0.10 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56 AESCRIPT.DLL : 8.1.1.9 319867 Bytes 02/11/2008 12:41:32 AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 11:05:56 AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 07:06:02 AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 11:05:56 AEOFFICE.DLL : 8.1.0.29 196988 Bytes 02/11/2008 12:41:31 AEHEUR.DLL : 8.1.0.63 1479032 Bytes 02/11/2008 12:41:30 AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 11:05:56 AEGEN.DLL : 8.1.0.42 319861 Bytes 02/11/2008 12:41:26 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56 AECORE.DLL : 8.1.2.9 172407 Bytes 02/11/2008 12:41:24 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 02/11/2008 12:41:23 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 2 novembre 2008 14:57 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '0' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned Scan process 'kbd.exe' - '1' Module(s) have been scanned Scan process 'hphmon05.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'WUSB54GC.exe' - '1' Module(s) have been scanned Scan process 'WLService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 39 processes with 39 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '72' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Propriétaire\Shared\Copie de Cypress Hill - Hits from the Bong.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was deleted! C:\Documents and Settings\Propriétaire\Shared\Cypress Hill - Hits from the Bong.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033137.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033141.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033142.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033143.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033144.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033145.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033146.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033147.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033148.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033159.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033160.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP144\A0033162.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! Begin scan in 'D:\' End of the scan: dimanche 2 novembre 2008 16:03 Used time: 1:06:08 Hour(s) The scan has been done completely. 8305 Scanning directories 571369 Files were scanned 14 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 14 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 571353 Files not concerned 14734 Archives were scanned 6 Warnings 14 Notes

buginformatik · Answer

Ouai bien joué reposte un rapport hijackthis

Masterpinguin · Answer

le rapport hijackthis demander !!
un rapport un !! ^^


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:32, on 02/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3057C056-7BFC-4D6E-A1A2-1F1E408E6F05} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B4AA904D-84F6-40F0-8939-44ED82D302C9} - (no file)
O2 - BHO: (no name) - {CB81D82C-0C59-4004-A81C-6DF226BDA65D} - (no file)
O2 - BHO: (no name) - {F123F28B-5BA4-499D-95B8-9A2BAE810FF2} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: udejue.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

buginformatik · Answer

relance ton PC en mode sans échec (tapoter F8 après le bip du démarrage, avant le logo Windows), ouvre hijackthis et coche les lignes :

 	O2 - BHO: (no name) - {B4AA904D-84F6-40F0-8939-44ED82D302C9} - (no file)
 	O2 - BHO: (no name) - {CB81D82C-0C59-4004-A81C-6DF226BDA65D} - (no file)
 	O2 - BHO: (no name) - {F123F28B-5BA4-499D-95B8-9A2BAE810FF2} - (no file)
 	O2 - BHO: (no name) - {3057C056-7BFC-4D6E-A1A2-1F1E408E6F05} - (no file)
        O20 - AppInit_DLLs: udejue.dll

Puis fix checked
relance en mode normal et refait moi un rapport hijackthis !

On a presque fini a priori :)

Probleme avec total secure [spyware]

20 réponses

Discussions similaires

Newsletters