Salut, tu vas dans le menu "quarantaine" et tu les supprimes.

L'idéal est de faire le scan en mode sans échec, "examen complet" et, à la fin du scan cocher la fonction "supprimer la sélection"

Copie un nouveau rapport du scan ici (vas dans l'onglet Log/rapport, fais édition sélectionner tout, copier et colle le rapport ici)

Vu le nombre d'infections, il serait souhaitable que tu fasses un rapport Hijackthis
http://www.malekal.com/tutorial_HijackThis.html

A bientôt

Zor

Merci
mais là le pc a bloqué. je ne peux plus rien faire
grrrrrrrrrr

ça y est, la saléction a été supprimée. mais là j'ai un message de malwarebytes qui me dit qu'il lui est impossible de supprimer certains éléments. il me dit de redémarrer l'ordi afin que le processus se termine. est-ce que je dois le faire??? est-ce que je vais perdre des dossiers ?

Bonjour

cela ressemble a du trojan vundo
poste le rapport ensuite pour que l'on puisse verifier Merci de mettre tout les rapports

Merci de me répondre voilà le rapport
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1030
Windows 5.1.2600 Service Pack 2

14:46:06 07/08/2008
mbam-log-8-7-2008 (14-46-06).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 205560
Temps écoulé: 1 hour(s), 10 minute(s), 5 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 60

Processus mémoire infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.Installer) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pmnoPGWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\woikklqe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ysmwlapg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRHabA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mcdwzj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eiswqbqy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e54688b-a91b-48a2-a7ee-3ae8b90cd669} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e54688b-a91b-48a2-a7ee-3ae8b90cd669} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8751e4c3-270b-4172-9624-651e044f3689} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8751e4c3-270b-4172-9624-651e044f3689} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxrhaba (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{20380abb-8d1e-4bd2-926e-a0cd8180fcd4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20380abb-8d1e-4bd2-926e-a0cd8180fcd4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{88a6bf68-b9b6-429b-a8b0-3cc5c6db948c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8adabfcc-2174-46c8-8dc8-161780adeac5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fcaeb7d-f8ae-4a67-ae6c-57ee1416bb6d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d58660f7-617d-4f87-83c8-d1906529cdad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\04df2f09 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm07ec1c95 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3fcaeb7d-f8ae-4a67-ae6c-57ee1416bb6d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnopgwm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnopgwm -> Delete on reboot.

Dossier(s) infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\mcdwzj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnoPGWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mWGPonmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mWGPonmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\woikklqe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eqlkkiow.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ysmwlapg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRHabA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eiswqbqy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temp\smchk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temporary Internet Files\Content.IE5\0FDA380M\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\nino thamon\Local Settings\Temporary Internet Files\Content.IE5\ARIY3MSL\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP150\A0016289.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP154\A0017346.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP157\A0018530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{683968DD-D731-44C8-993C-F391EA91FA6A}\RP157\A0018597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\erms.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhkbpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRLEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eutfjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ickirmhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwuajncy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwkyhthh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvyicmvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttpcoohm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yythaein.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\midsjsfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqasfqcv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfvkprvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723005009859.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723085304171.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723090431390.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723091225515.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080723161535312.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080724171717640.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080804164644421.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806112029015.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806141125500.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806203329328.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080806214423734.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807064306906.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807101632250.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080807132257234.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07ec1c95.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07ec1c95.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\qndsfmao.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\evgratsm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Et bien pas mal

à lire jusqu'en bas

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJT­Install.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier
et choisis "renommer" : tapes eden et valide .



Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm Merci de mettre tout les rapports

Désolé mais j'arrive pas à trouver le "save log" pour enregistrer le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:59, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\nino thamon\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
End of file - 7071 bytes

Shion ares t'es parti??? tu veux plus m'aider?

J'analyse patiente stp Merci de mettre tout les rapports

Redémarre quand malwarebytes te le dit et tout sera beaucoup plus clean ____________________________________________________________­____________________________



Il vaut mieux être seigneur en enfer qu'esclave au paradis!

J'ai déjà redémarrer. et c'est après que j'ai fait installé le "hijackthis"

Ton rapport est propre Merci de mettre tout les rapports

C'est donc terminé???
qu'est ce que je fais avec ce qui est en quarantaine dans malwarebytes? il y a 108 éléments

Tu vide la quarantaine Merci de mettre tout les rapports

Ok c'est fait pour la quarantaine. est-ce que je dois faire d'autres manip? est-ce que je dois garder malwarebytes et hijackthis sur le pc??

Garde MBAM il très bon comme anti-malware hijackthis tu peux le désinstallé Merci de mettre tout les rapports

Merci à toi