Sujet Précédent Sujet Suivant

Vundo, smitfraud

Résolu/Fermé
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008 - 8 févr. 2007 à 02:05
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 10 juil. 2007 à 21:10
bonjour,

j'ai un gros problème.
je ne connais absolument rien à l'informatique.
voila virus scan entreprise mcaffe me dit qu'il a détecte et supprime le cheval de trois vundo et spybot smitfraud, mais à chaque scan ils sont la.
le problème c'est que sa ouvres des pages internet parfois pornographique mon petit frère va souvent sur le pc donc il pourrai tomber sur ces sites.

pour mon niveau informatique c'est nada.
donc si vous pouvez m'aide en m'indiquant les démarche avec des explication pas trop complique merci.

107 réponses

Précédent
Réponse 41 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
9 févr. 2007 à 23:43
non juste ccleaner
je continu?
0
Réponse 42 / 107
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
9 févr. 2007 à 23:45
ok, fais le scan avec eScan Antivirus Toolkit, ensuite, fais la suite du lien stp

@+
0
Réponse 43 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
9 févr. 2007 à 23:51
en mode sans echec
sur administrateur ou sur mon compte?
stp
0
Réponse 44 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
9 févr. 2007 à 23:53
et je débranche internet?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 107
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
10 févr. 2007 à 00:03
fais le sur ton compte, en mode sans echec, il n'y a pas d'accés au net ;)

++
0
Réponse 46 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
10 févr. 2007 à 00:28
en mode sans echec le bureau n'apparait pas.
quand je démarre normal y a macaffe qui détecte et surprime vundo application explorer.exe
puis y a rundll qui s'affiche et dit erreur de chargement le module spécifie est introuvable.
et internet explorer ouvre une page internet.
que faire stp
0
Réponse 47 / 107
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
10 févr. 2007 à 12:58
Salut

Dans ce cas, fais le en mode normal !

courage,@+
0
Réponse 48 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
10 févr. 2007 à 18:47
j'ai fait le scan de kaspersky en mode sans echec.
le rapport est trop long, je le poste ou pas?

voila le rapport de avg

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:34:26 10/02/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{5075B7DA-C56D-4CEB-B48C-9430C8503D3B}\RP1054\A0270103.cpl -> Adware.P2PNet : Nettoyé.
C:\Documents and Settings\Soulimane Aouraghe\Cookies\soulimane_aouraghe@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\iznogoud\Cookies\iznogoud@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Soulimane Aouraghe\Cookies\soulimane_aouraghe@nsads.valuead[2].txt -> TrackingCookie.Valuead : Nettoyé.
C:\Documents and Settings\iznogoud\Cookies\iznogoud@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{5075B7DA-C56D-4CEB-B48C-9430C8503D3B}\RP1068\A0276989.dll -> Trojan.Agent.acl : Nettoyé.


Fin du rapport
0
Réponse 49 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
10 févr. 2007 à 22:58
BitDefender Online Scanner - Real Time Virus Report







Generated at: Sat, Feb 10, 2007 - 22:56:46









Scan Info







Scanned Files


790331

Infected Files


84















Virus Detected







Trojan.Zlob.GT


1

DeepScan:Generic.Malware.SYBddldg.5159A5B2


2

Trojan.Agent.ACL


11

DeepScan:Generic.Malware.SYddldg.FDA02107


30

Trojan.Spy.VBStat.B


1

Trojan.Juan.E


7

DeepScan:Generic.Malware.I!YBdprng.E4634F97


1

Trojan.Shutdown.Q


2

MemScan:Trojan.Vundo.AA


29























This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
0
Réponse 50 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
10 févr. 2007 à 23:03
pour le rapport de hijackthis je le fait avec celui que tu ma dit de renommer ccm.exe?
0
Réponse 51 / 107
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
10 févr. 2007 à 23:06
oui stp !

0
Réponse 52 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
10 févr. 2007 à 23:10
Logfile of HijackThis v1.99.1
Scan saved at 23:08:34, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\msngr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Soulimane Aouraghe\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: (no name) - {2D81C3CA-5A42-4D14-B119-CCFD483CAE09} - C:\WINDOWS\system32\awtstuv.dll
O2 - BHO: (no name) - {2E5F96DD-A165-41B7-8722-D27F01A84D90} - (no file)
O2 - BHO: (no name) - {2EA7DDDB-49B0-43CF-A187-667FCEDE6751} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6531E851-40D0-47DB-A77D-524BBC29E135} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\lhbjxrin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DF3F4C0A-74E5-484A-A9D2-67303481CB9D} - (no file)
O2 - BHO: (no name) - {FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0} - C:\WINDOWS\system32\geedb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser les options - C:\Program Files\PROMT5\PROMTIE4\options.htm
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Traduire - C:\Program Files\PROMT5\PROMTIE4\translat.htm
O8 - Extra context menu item: Traduire avec WebView - C:\Program Files\PROMT5\PROMTIE4\webview.htm
O8 - Extra context menu item: Traduire la page - C:\Program Files\PROMT5\PROMTIE4\page.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D061514-8D58-40D8-BB88-2BA6DCA9E5DE} - http://www.qurancomplex.org/Downloads/DownloadQuranFont.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635060} - http://www.qurancomplex.org/Downloads/FontSmooth_New.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: bw+0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awtstuv - C:\WINDOWS\SYSTEM32\awtstuv.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: urqnmmn - C:\WINDOWS\SYSTEM32\urqnmmn.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\msngr.exe
0
Réponse 53 / 107
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
10 févr. 2007 à 23:40
re

j'ai pas l'impression que Vundo a été neutralisé :/

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.

Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

++
0
Réponse 54 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
11 févr. 2007 à 00:05
quand j'appuie sur star dans virtmundo
il affiche se message
warning this program may terminate runing...
j'appuis sur oui puis il redemarre et la je relance virtumundo ou non?
0
Réponse 55 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
11 févr. 2007 à 00:07
[02/10/2007, 23:54:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Soulimane Aouraghe\Bureau\VirtumundoBeGone.exe" )
[02/10/2007, 23:54:48] - Detected System Information:
[02/10/2007, 23:54:48] - Windows Version: 5.1.2600, Service Pack 2
[02/10/2007, 23:54:48] - Current Username: Soulimane Aouraghe (Admin)
[02/10/2007, 23:54:48] - Windows is in NORMAL mode.
[02/10/2007, 23:54:48] - Searching for Browser Helper Objects:
[02/10/2007, 23:54:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 23:54:48] - BHO 2: {2843DAC1-05EF-11D2-95BA-0060083493D6} (DgnWebIE)
[02/10/2007, 23:54:48] - BHO 3: {2D81C3CA-5A42-4D14-B119-CCFD483CAE09} ()
[02/10/2007, 23:54:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:48] - Checking for HKLM\...\Winlogon\Notify\awtstuv
[02/10/2007, 23:54:48] - Found: HKLM\...\Winlogon\Notify\awtstuv - This is probably Virtumundo.
[02/10/2007, 23:54:48] - Assigning {2D81C3CA-5A42-4D14-B119-CCFD483CAE09} MSEvents Object
[02/10/2007, 23:54:48] - BHO list has been changed! Starting over...
[02/10/2007, 23:54:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 23:54:49] - BHO 2: {2843DAC1-05EF-11D2-95BA-0060083493D6} (DgnWebIE)
[02/10/2007, 23:54:49] - BHO 3: {2D81C3CA-5A42-4D14-B119-CCFD483CAE09} (MSEvents Object)
[02/10/2007, 23:54:49] - ALERT: Found MSEvents Object!
[02/10/2007, 23:54:49] - BHO 4: {2E5F96DD-A165-41B7-8722-D27F01A84D90} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 5: {2EA7DDDB-49B0-43CF-A187-667FCEDE6751} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 6: {46A4E9D9-B30E-452A-8157-DBBEC8573B03} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/10/2007, 23:54:49] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/10/2007, 23:54:49] - BHO 8: {6531E851-40D0-47DB-A77D-524BBC29E135} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 9: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - Checking for HKLM\...\Winlogon\Notify\lhbjxrin
[02/10/2007, 23:54:49] - Key not found: HKLM\...\Winlogon\Notify\lhbjxrin, continuing.
[02/10/2007, 23:54:49] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2007, 23:54:49] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/10/2007, 23:54:49] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2007, 23:54:49] - BHO 13: {DF3F4C0A-74E5-484A-A9D2-67303481CB9D} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 14: {FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - Checking for HKLM\...\Winlogon\Notify\geedb
[02/10/2007, 23:54:49] - Found: HKLM\...\Winlogon\Notify\geedb - This is probably Virtumundo.
[02/10/2007, 23:54:49] - Assigning {FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0} MSEvents Object
[02/10/2007, 23:54:49] - BHO list has been changed! Starting over...
[02/10/2007, 23:54:49] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 23:54:49] - BHO 2: {2843DAC1-05EF-11D2-95BA-0060083493D6} (DgnWebIE)
[02/10/2007, 23:54:49] - BHO 3: {2D81C3CA-5A42-4D14-B119-CCFD483CAE09} (MSEvents Object)
[02/10/2007, 23:54:49] - ALERT: Found MSEvents Object!
[02/10/2007, 23:54:49] - BHO 4: {2E5F96DD-A165-41B7-8722-D27F01A84D90} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 5: {2EA7DDDB-49B0-43CF-A187-667FCEDE6751} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 6: {46A4E9D9-B30E-452A-8157-DBBEC8573B03} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/10/2007, 23:54:49] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/10/2007, 23:54:49] - BHO 8: {6531E851-40D0-47DB-A77D-524BBC29E135} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 9: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - Checking for HKLM\...\Winlogon\Notify\lhbjxrin
[02/10/2007, 23:54:49] - Key not found: HKLM\...\Winlogon\Notify\lhbjxrin, continuing.
[02/10/2007, 23:54:49] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2007, 23:54:49] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/10/2007, 23:54:49] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2007, 23:54:49] - BHO 13: {DF3F4C0A-74E5-484A-A9D2-67303481CB9D} ()
[02/10/2007, 23:54:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:49] - No filename found. Continuing.
[02/10/2007, 23:54:49] - BHO 14: {FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0} (MSEvents Object)
[02/10/2007, 23:54:49] - ALERT: Found MSEvents Object!
[02/10/2007, 23:54:49] - Finished Searching Browser Helper Objects
[02/10/2007, 23:54:49] - *** Detected MSEvents Object
[02/10/2007, 23:54:49] - Trying to remove MSEvents Object...
[02/10/2007, 23:54:50] - Terminating Process: IEXPLORE.EXE
[02/10/2007, 23:54:51] - Terminating Process: RUNDLL32.EXE
[02/10/2007, 23:54:51] - Disabling Automatic Shell Restart
[02/10/2007, 23:54:51] - Terminating Process: EXPLORER.EXE
[02/10/2007, 23:54:52] - Suspending the NT Session Manager System Service
[02/10/2007, 23:54:52] - Terminating Windows NT Logon/Logoff Manager
[02/10/2007, 23:54:53] - Re-enabling Automatic Shell Restart
[02/10/2007, 23:54:53] - File to disable: C:\WINDOWS\system32\awtstuv.dll
[02/10/2007, 23:54:53] - Renaming C:\WINDOWS\system32\awtstuv.dll -> C:\WINDOWS\system32\awtstuv.dll.vir
[02/10/2007, 23:54:53] - File successfully renamed!
[02/10/2007, 23:54:53] - Removing HKLM\...\Browser Helper Objects\{2D81C3CA-5A42-4D14-B119-CCFD483CAE09}
[02/10/2007, 23:54:53] - Removing HKCR\CLSID\{2D81C3CA-5A42-4D14-B119-CCFD483CAE09}
[02/10/2007, 23:54:53] - Adding Kill Bit for ActiveX for GUID: {2D81C3CA-5A42-4D14-B119-CCFD483CAE09}
[02/10/2007, 23:54:53] - Deleting ATLEvents/MSEvents Registry entries
[02/10/2007, 23:54:53] - Removing HKLM\...\Winlogon\Notify\awtstuv
[02/10/2007, 23:54:53] - Searching for Browser Helper Objects:
[02/10/2007, 23:54:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 23:54:53] - BHO 2: {2843DAC1-05EF-11D2-95BA-0060083493D6} (DgnWebIE)
[02/10/2007, 23:54:53] - BHO 3: {2E5F96DD-A165-41B7-8722-D27F01A84D90} ()
[02/10/2007, 23:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:53] - No filename found. Continuing.
[02/10/2007, 23:54:53] - BHO 4: {2EA7DDDB-49B0-43CF-A187-667FCEDE6751} ()
[02/10/2007, 23:54:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:54] - No filename found. Continuing.
[02/10/2007, 23:54:54] - BHO 5: {46A4E9D9-B30E-452A-8157-DBBEC8573B03} ()
[02/10/2007, 23:54:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:54] - No filename found. Continuing.
[02/10/2007, 23:54:54] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/10/2007, 23:54:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/10/2007, 23:54:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/10/2007, 23:54:54] - BHO 7: {6531E851-40D0-47DB-A77D-524BBC29E135} ()
[02/10/2007, 23:54:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:54] - No filename found. Continuing.
[02/10/2007, 23:54:54] - BHO 8: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/10/2007, 23:54:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:54] - Checking for HKLM\...\Winlogon\Notify\lhbjxrin
[02/10/2007, 23:54:54] - Key not found: HKLM\...\Winlogon\Notify\lhbjxrin, continuing.
[02/10/2007, 23:54:54] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2007, 23:54:54] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/10/2007, 23:54:54] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2007, 23:54:54] - BHO 12: {DF3F4C0A-74E5-484A-A9D2-67303481CB9D} ()
[02/10/2007, 23:54:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:54] - No filename found. Continuing.
[02/10/2007, 23:54:54] - BHO 13: {FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0} (MSEvents Object)
[02/10/2007, 23:54:54] - ALERT: Found MSEvents Object!
[02/10/2007, 23:54:54] - Finished Searching Browser Helper Objects
[02/10/2007, 23:54:54] - *** Detected MSEvents Object
[02/10/2007, 23:54:54] - Trying to remove MSEvents Object...
[02/10/2007, 23:54:55] - Terminating Process: IEXPLORE.EXE
[02/10/2007, 23:54:55] - Terminating Process: RUNDLL32.EXE
[02/10/2007, 23:54:55] - Disabling Automatic Shell Restart
[02/10/2007, 23:54:55] - Terminating Process: EXPLORER.EXE
[02/10/2007, 23:54:55] - Suspending the NT Session Manager System Service
[02/10/2007, 23:54:55] - Terminating Windows NT Logon/Logoff Manager
[02/10/2007, 23:54:55] - Re-enabling Automatic Shell Restart
[02/10/2007, 23:54:55] - File to disable: C:\WINDOWS\system32\geedb.dll
[02/10/2007, 23:54:55] - Renaming C:\WINDOWS\system32\geedb.dll -> C:\WINDOWS\system32\geedb.dll.vir
[02/10/2007, 23:54:55] - File successfully renamed!
[02/10/2007, 23:54:55] - Removing HKLM\...\Browser Helper Objects\{FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0}
[02/10/2007, 23:54:55] - Removing HKCR\CLSID\{FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0}
[02/10/2007, 23:54:55] - Adding Kill Bit for ActiveX for GUID: {FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0}
[02/10/2007, 23:54:55] - Deleting ATLEvents/MSEvents Registry entries
[02/10/2007, 23:54:55] - Removing HKLM\...\Winlogon\Notify\geedb
[02/10/2007, 23:54:55] - Searching for Browser Helper Objects:
[02/10/2007, 23:54:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 23:54:55] - BHO 2: {2843DAC1-05EF-11D2-95BA-0060083493D6} (DgnWebIE)
[02/10/2007, 23:54:55] - BHO 3: {2E5F96DD-A165-41B7-8722-D27F01A84D90} ()
[02/10/2007, 23:54:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:55] - No filename found. Continuing.
[02/10/2007, 23:54:55] - BHO 4: {2EA7DDDB-49B0-43CF-A187-667FCEDE6751} ()
[02/10/2007, 23:54:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:55] - No filename found. Continuing.
[02/10/2007, 23:54:55] - BHO 5: {46A4E9D9-B30E-452A-8157-DBBEC8573B03} ()
[02/10/2007, 23:54:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:55] - No filename found. Continuing.
[02/10/2007, 23:54:55] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/10/2007, 23:54:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/10/2007, 23:54:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/10/2007, 23:54:55] - BHO 7: {6531E851-40D0-47DB-A77D-524BBC29E135} ()
[02/10/2007, 23:54:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:55] - No filename found. Continuing.
[02/10/2007, 23:54:55] - BHO 8: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/10/2007, 23:54:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:55] - Checking for HKLM\...\Winlogon\Notify\lhbjxrin
[02/10/2007, 23:54:55] - Key not found: HKLM\...\Winlogon\Notify\lhbjxrin, continuing.
[02/10/2007, 23:54:55] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2007, 23:54:55] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/10/2007, 23:54:55] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2007, 23:54:55] - BHO 12: {DF3F4C0A-74E5-484A-A9D2-67303481CB9D} ()
[02/10/2007, 23:54:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 23:54:55] - No filename found. Continuing.
[02/10/2007, 23:54:55] - Finished Searching Browser Helper Objects
[02/10/2007, 23:54:55] - Finishing up...
[02/10/2007, 23:54:56] - A restart is needed.
[02/10/2007, 23:56:31] - Attempting to Restart via STOP error (Blue Screen!)

[02/11/2007, 0:00:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Soulimane Aouraghe\Bureau\VirtumundoBeGone.exe" )
[02/11/2007, 0:00:33] - User choose NOT to continue. Exiting...

[02/11/2007, 0:01:27] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Soulimane Aouraghe\Bureau\VirtumundoBeGone.exe" )
[02/11/2007, 0:02:11] - User choose NOT to continue. Exiting...

[02/11/2007, 0:02:49] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Soulimane Aouraghe\Bureau\VirtumundoBeGone.exe" )
[02/11/2007, 0:04:37] - User choose NOT to continue. Exiting...
0
Réponse 56 / 107
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
11 févr. 2007 à 00:07
essaye en mode sans echec pour voir !

0
Réponse 57 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
11 févr. 2007 à 00:16
sa fait la même chose en mode sans échec.
0
Réponse 58 / 107
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
11 févr. 2007 à 00:21
bien, reposte un new hijack pour voir s'il y a eu une evolution et demain, je te donnerai la manip pour tout supprimer manuellement ...

@+
0
Réponse 59 / 107
antinoos Messages postés 99 Date d'inscription jeudi 8 février 2007 Statut Membre Dernière intervention 7 janvier 2008
11 févr. 2007 à 00:23
Logfile of HijackThis v1.99.1
Scan saved at 00:21:38, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\msngr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Soulimane Aouraghe\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: (no name) - {2D81C3CA-5A42-4D14-B119-CCFD483CAE09} - C:\WINDOWS\system32\urqnmmn.dll
O2 - BHO: (no name) - {2E5F96DD-A165-41B7-8722-D27F01A84D90} - (no file)
O2 - BHO: (no name) - {2EA7DDDB-49B0-43CF-A187-667FCEDE6751} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6531E851-40D0-47DB-A77D-524BBC29E135} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\lhbjxrin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9362BAC5-1F9B-4DA8-86E7-272DF3D74FF7} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DF3F4C0A-74E5-484A-A9D2-67303481CB9D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser les options - C:\Program Files\PROMT5\PROMTIE4\options.htm
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Traduire - C:\Program Files\PROMT5\PROMTIE4\translat.htm
O8 - Extra context menu item: Traduire avec WebView - C:\Program Files\PROMT5\PROMTIE4\webview.htm
O8 - Extra context menu item: Traduire la page - C:\Program Files\PROMT5\PROMTIE4\page.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D061514-8D58-40D8-BB88-2BA6DCA9E5DE} - http://www.qurancomplex.org/Downloads/DownloadQuranFont.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635060} - http://www.qurancomplex.org/Downloads/FontSmooth_New.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: bw+0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll
O20 - Winlogon Notify: urqnmmn - C:\WINDOWS\SYSTEM32\urqnmmn.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\msngr.exe
0
Réponse 60 / 107
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
11 févr. 2007 à 12:31
Salut :)

1) Affiche les dossiers système et fichiers cachés :
Ouvrir le poste de travail
- Outils --> Options des dossiers
- Affichage --> zone Paramètres avancés
- Cocher : Afficher le contenu des dossiers système
- Cocher : Afficher les fichiers et dossiers cachés
- Décocher : Masquer les extensions des fichiers dont le type est connu
- Décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)
répondre Oui au message
Clique sur "Appliquer à tous les dossiers"
Clique sur OK

2) Désactiver la Restauration du système

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

( tu pourras la réactivé à la fin de la manip )


3) Relance hijackthis :

choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

O2 - BHO: (no name) - {2D81C3CA-5A42-4D14-B119-CCFD483CAE09} - C:\WINDOWS\system32\awtstuv.dll
O2 - BHO: (no name) - {2E5F96DD-A165-41B7-8722-D27F01A84D90} - (no file)
O2 - BHO: (no name) - {2EA7DDDB-49B0-43CF-A187-667FCEDE6751} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -


O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\lhbjxrin.dll

O2 - BHO: (no name) - {DF3F4C0A-74E5-484A-A9D2-67303481CB9D} - (no file)
O2 - BHO: (no name) - {FFCC4644-8F60-47EE-9D6D-B61C4A69DDA0} - C:\WINDOWS\system32\geedb.dll



O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: PowerReg Scheduler.exe


O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser les options - C:\Program Files\PROMT5\PROMTIE4\options.htm
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Traduire - C:\Program Files\PROMT5\PROMTIE4\translat.htm
O8 - Extra context menu item: Traduire avec WebView - C:\Program Files\PROMT5\PROMTIE4\webview.htm
O8 - Extra context menu item: Traduire la page - C:\Program Files\PROMT5\PROMTIE4\page.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab


O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D061514-8D58-40D8-BB88-2BA6DCA9E5DE} - http://www.qurancomplex.org/Downloads/DownloadQuranFont.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635060} - http://www.qurancomplex.org/Downloads/FontSmooth_New.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

( toutes les 018 )

O18 - Protocol: bw+0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9CF8036E-84D7-415F-83CA-00666A509E17} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


O20 - Winlogon Notify: awtstuv - C:\WINDOWS\SYSTEM32\awtstuv.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: urqnmmn - C:\WINDOWS\SYSTEM32\urqnmmn.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll



O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\msngr.exe



4) Télécharge Killbox sur ton Bureau :

http://www.downloads.subratam.org/KillBox.exe

Double-clique killbox.exe.

Copie le texte gras ci-bas (sélectionne tout avec ta souris, clic-droit et "Copier") :


C:\WINDOWS\system32\urqnmmn.dll
C:\WINDOWS\system32\lhbjxrin.dll
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\msngr.exe


* Sélectionnz "delete on reboot"
* Cliquez sur le menu "File" -> "Past from clip board"
* Cliquez sur All Files
* Cliquez sur la croix rouge et et blanche
* Répondez yes et laisse redémarrer ton pc.
*poste un nouveau blacklight

cf démo : http://mickael.barroux.free.fr/securite/killbox.html


ensuite, repasse un coup de ccleaner + cleanup :

* CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm


poste un new hijack et precise l'evolution de la situation

@+


0

Discussions similaires

Smitfraud-C
Lasto97 -
Lasto97 -

25 réponses
triangle jaune infection smitfraud
Sparcoman -
Sparcoman -

42 réponses
[virus] infecté par trojan vundo
j-mi57 -
j-mi57 -

15 réponses