Sujet Précédent Sujet Suivant

[virus?]registry cleaner/drive cleaner and Co

Résolu/Fermé
Titou - 18 avril 2007 à 13:20
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 9 mai 2007 à 19:27
Bonjour, Depuis 2j je suis embeté par registry cleaner (ds la barre en bas à droite), des messages me demandant d'installer drive cleaner egalement suivi d'ouverture de pages (Drive cleaner, error safe, ...) et lorsque je vais sur internet des pubs a gogo et l'ajout de toolbar non desirée !!!
J'ai avast 4.7 edition familiale .

Il faut savoir je pense egalement que lorsque le problemme est arrivé le bouton arréter avait disparu et le gestionnaire de taches... j'ai depuis reussi a les remettres en suivant les conseil que vous aviez donnés a d'autre personne.... pour le probleme de registry cleaner drive cleaner ect... les manip ayant l'air lourde et vu mon niveau d'informatik je prefere créer mon topic et vous demander directement.

Merci d'avance jespere pouvoir compter sur vous :) ...
A voir également:

81 réponses

Précédent
Réponse 41 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
25 avril 2007 à 00:32
Muhahha hijackthis doit m'en voulloir ma refai le meme coup !!! lol

voila rapport :
Logfile of HijackThis v1.99.1
Scan saved at 00:30:08, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fluo.com/?m=Titou search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] -HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] -sm56hlpr.exe
O4 - HKLM\..\Run: [Muscbrigade] -c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] -C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] -C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] -C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] -"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] -"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] -C:\WINDOWS\reminder\fsc-reminder.exe 2454170 6
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - -"C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
0
Réponse 42 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
25 avril 2007 à 08:45
Ah bizarre ca.

Ou en sont tes soucis?

A+
0
Réponse 43 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
25 avril 2007 à 12:49
Tj plein de pop up (movies ticket,....) je te tien au courant j'ai pas encor bcp surfé la (3min :p)...
0
Réponse 44 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
25 avril 2007 à 13:05
Toujours des pubs? Quels genre?

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
25 avril 2007 à 17:40
ba j'ai des pub qui saffiche genre movies ticket/ hollywood truc/ .... parfois des pti message ki me dise ke je mon ordi peut etre infecté et veullent me faire telecharG un truc dc j'annule (car le choix c OK ou annuler) et la ya une pub soit de winantivirus pro ..soit drive cleaner ...
G ossi error face ou truc du genre ....

Et sur quelque une notamment winantivirusPro jai avast ki repere WIn32 BST.. adaware machin...ke jmet en quarantaine....

....... il me semble ke a chak fois ke tu me fai viré des truc machin ca marche et des ke je retourne sur internet jle rechope..car avast me signal Win32 truc tj apres ke jai fai une de tes procedure de "netoyage" ou jsai po comment ca sapelle !!! c possible?
0
Réponse 46 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
25 avril 2007 à 20:49
Hello

As tu encore navilog1? Tu peux me mettre le rapport de l option 1?

A+
0
Réponse 47 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
26 avril 2007 à 01:19
Oui tkt j'ai tout garD :) (ca prend plein de place sur mon bureau dailleur lol) :

Search Navipromo version 1.1.5 commencé le 26/04/2007 à 1:10:19,53

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Documents and Settings\Titousteopathe\Bureau\navilog1
Mise a jour le 13.04.2007 a 20h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Titousteopathe\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 04/26/07 at 01:10:20.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..........................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 04/26/07 at 01:16:29 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\ututv.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ututv.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


*** Analyse Terminé le 26/04/2007 à 1:16:43,59 ***
0
Réponse 48 / 81
alex
26 avril 2007 à 01:24
slt les mecs aider moi je vous en supplie jai un virus dans mon ordi est je sas pas comment faire pour qu'il senleve je croi que vous etes monseu lespoir il est dans un fichier qui est marquer inpossbile a supprier ni a mettre en quarentaine et je sais pas dou il vient que faire rep svp c tro uregent
0
Grodoock Messages postés 26 Date d'inscription mardi 3 avril 2007 Statut Membre Dernière intervention 28 juin 2007
26 avril 2007 à 02:03
Evite de poster dans tous les topics stp.
En premier lieu du doit créer ton propre topic et donner un max d'infos pour qu'on puisse t'aider (log hijackthis).

A+
0
Réponse 49 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
26 avril 2007 à 11:35
Titousteo;

Tu as toujours Vundofix?

A+
0
Réponse 50 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
26 avril 2007 à 19:06
Of course ..j'ai une panoplie de ouf sur mon bureau lol ( ccleaner, navilog1, vundofix, smidfraudfix, SDfix, Fileinfo, Killbox et qq pti compte rendu :p) Et ouai !!!! lol

JE lexecute en mode sans echec... c ca? ya un choix machin jme souvient plu tro comment il fonctionne celui la jattend tes instructions sinon jvai faire des boulettes lol !!

@+++

PS: Dsl d'etre plus lent a repondre sur le forum mais j'ai repris les cours dc bon.... internet c en rentrant le soir et tres tard...
0
Réponse 51 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
26 avril 2007 à 22:52
oui pas de probleme lol

Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

0
Réponse 52 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
26 avril 2007 à 23:23
VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.11

Scan started at 23:08:10 26/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\dagndiqw.dll
C:\WINDOWS\system32\juflsqqm.dll
C:\WINDOWS\system32\kddbbwuq.dll
C:\WINDOWS\system32\mqqslfuj.ini
C:\WINDOWS\system32\vtutu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dagndiqw.dll
C:\WINDOWS\system32\dagndiqw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\juflsqqm.dll
C:\WINDOWS\system32\juflsqqm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kddbbwuq.dll
C:\WINDOWS\system32\kddbbwuq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mqqslfuj.ini
C:\WINDOWS\system32\mqqslfuj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Has been deleted!

Performing Repairs to the registry.
Done!

et le hijack :

Logfile of HijackThis v1.99.1
Scan saved at 23:18:12, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fluo.com/?m=Titou search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\vntydiqr.dll
O2 - BHO: (no name) - {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} - C:\WINDOWS\system32\krknucwj.dll
O2 - BHO: (no name) - {30863089-6B4C-41F6-A9BE-E1568B0D31E3} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\ddcaxxw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {ED593E05-0872-4290-B76C-7473B5D56B6E} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] -HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] -sm56hlpr.exe
O4 - HKLM\..\Run: [Muscbrigade] -c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] -C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] -C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] -C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] -"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] -"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\gjpjduqv.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] -C:\WINDOWS\reminder\fsc-reminder.exe 2454170 6
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcaxxw - C:\WINDOWS\SYSTEM32\ddcaxxw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - -"C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

voilou...
0
Réponse 53 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
27 avril 2007 à 09:20
Bonjour,

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.

A+
0
Réponse 54 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
27 avril 2007 à 19:31
[04/27/2007, 19:28:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Titousteopathe\Bureau\VirtumundoBeGone.exe" )
[04/27/2007, 19:28:08] - Detected System Information:
[04/27/2007, 19:28:08] - Windows Version: 5.1.2600, Service Pack 2
[04/27/2007, 19:28:08] - Current Username: Titousteopathe (Admin)
[04/27/2007, 19:28:08] - Windows is in NORMAL mode.
[04/27/2007, 19:28:08] - Searching for Browser Helper Objects:
[04/27/2007, 19:28:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:08] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:08] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:08] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:09] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:09] - BHO 4: {32AC76CA-98D6-41F5-A096-EB1733D1D494} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\pmnlm
[04/27/2007, 19:28:09] - Found: HKLM\...\Winlogon\Notify\pmnlm - This is probably Virtumundo.
[04/27/2007, 19:28:09] - Assigning {32AC76CA-98D6-41F5-A096-EB1733D1D494} MSEvents Object
[04/27/2007, 19:28:09] - BHO list has been changed! Starting over...
[04/27/2007, 19:28:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:09] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:09] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:09] - BHO 4: {32AC76CA-98D6-41F5-A096-EB1733D1D494} (MSEvents Object)
[04/27/2007, 19:28:09] - ALERT: Found MSEvents Object!
[04/27/2007, 19:28:09] - BHO 5: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\ddcaxxw
[04/27/2007, 19:28:09] - Found: HKLM\...\Winlogon\Notify\ddcaxxw - This is probably Virtumundo.
[04/27/2007, 19:28:09] - Assigning {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} MSEvents Object
[04/27/2007, 19:28:09] - BHO list has been changed! Starting over...
[04/27/2007, 19:28:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:09] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:09] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:09] - BHO 4: {32AC76CA-98D6-41F5-A096-EB1733D1D494} (MSEvents Object)
[04/27/2007, 19:28:09] - ALERT: Found MSEvents Object!
[04/27/2007, 19:28:09] - BHO 5: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} (MSEvents Object)
[04/27/2007, 19:28:09] - ALERT: Found MSEvents Object!
[04/27/2007, 19:28:09] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/27/2007, 19:28:09] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - No filename found. Continuing.
[04/27/2007, 19:28:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/27/2007, 19:28:09] - BHO 9: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\yywgkdtq
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\yywgkdtq, continuing.
[04/27/2007, 19:28:09] - BHO 10: {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\ddccd
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[04/27/2007, 19:28:09] - BHO 11: {ED593E05-0872-4290-B76C-7473B5D56B6E} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\ssqrq
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\ssqrq, continuing.
[04/27/2007, 19:28:09] - Finished Searching Browser Helper Objects
[04/27/2007, 19:28:09] - *** Detected MSEvents Object
[04/27/2007, 19:28:09] - Trying to remove MSEvents Object...
[04/27/2007, 19:28:10] - Terminating Process: IEXPLORE.EXE
[04/27/2007, 19:28:11] - Terminating Process: RUNDLL32.EXE
[04/27/2007, 19:28:11] - Disabling Automatic Shell Restart
[04/27/2007, 19:28:11] - Terminating Process: EXPLORER.EXE
[04/27/2007, 19:28:11] - Suspending the NT Session Manager System Service
[04/27/2007, 19:28:11] - Terminating Windows NT Logon/Logoff Manager
[04/27/2007, 19:28:11] - Re-enabling Automatic Shell Restart
[04/27/2007, 19:28:11] - File to disable: C:\WINDOWS\system32\pmnlm.dll
[04/27/2007, 19:28:11] - Renaming C:\WINDOWS\system32\pmnlm.dll -> C:\WINDOWS\system32\pmnlm.dll.vir
[04/27/2007, 19:28:11] - File successfully renamed!
[04/27/2007, 19:28:11] - Removing HKLM\...\Browser Helper Objects\{32AC76CA-98D6-41F5-A096-EB1733D1D494}
[04/27/2007, 19:28:11] - Removing HKCR\CLSID\{32AC76CA-98D6-41F5-A096-EB1733D1D494}
[04/27/2007, 19:28:11] - Adding Kill Bit for ActiveX for GUID: {32AC76CA-98D6-41F5-A096-EB1733D1D494}
[04/27/2007, 19:28:11] - Deleting ATLEvents/MSEvents Registry entries
[04/27/2007, 19:28:11] - Removing HKLM\...\Winlogon\Notify\pmnlm
[04/27/2007, 19:28:11] - Searching for Browser Helper Objects:
[04/27/2007, 19:28:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:11] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:11] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:11] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:11] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:11] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:11] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:11] - BHO 4: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} (MSEvents Object)
[04/27/2007, 19:28:11] - ALERT: Found MSEvents Object!
[04/27/2007, 19:28:11] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/27/2007, 19:28:11] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/27/2007, 19:28:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:11] - No filename found. Continuing.
[04/27/2007, 19:28:11] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/27/2007, 19:28:11] - BHO 8: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/27/2007, 19:28:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:12] - Checking for HKLM\...\Winlogon\Notify\yywgkdtq
[04/27/2007, 19:28:12] - Key not found: HKLM\...\Winlogon\Notify\yywgkdtq, continuing.
[04/27/2007, 19:28:12] - BHO 9: {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} ()
[04/27/2007, 19:28:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:12] - Checking for HKLM\...\Winlogon\Notify\ddccd
[04/27/2007, 19:28:12] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[04/27/2007, 19:28:12] - BHO 10: {ED593E05-0872-4290-B76C-7473B5D56B6E} ()
[04/27/2007, 19:28:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:12] - Checking for HKLM\...\Winlogon\Notify\ssqrq
[04/27/2007, 19:28:12] - Key not found: HKLM\...\Winlogon\Notify\ssqrq, continuing.
[04/27/2007, 19:28:12] - Finished Searching Browser Helper Objects
[04/27/2007, 19:28:12] - *** Detected MSEvents Object
[04/27/2007, 19:28:12] - Trying to remove MSEvents Object...
[04/27/2007, 19:28:13] - Terminating Process: IEXPLORE.EXE
[04/27/2007, 19:28:13] - Terminating Process: RUNDLL32.EXE
[04/27/2007, 19:28:13] - Disabling Automatic Shell Restart
[04/27/2007, 19:28:13] - Terminating Process: EXPLORER.EXE
[04/27/2007, 19:28:13] - Suspending the NT Session Manager System Service
[04/27/2007, 19:28:13] - Terminating Windows NT Logon/Logoff Manager
[04/27/2007, 19:28:13] - Re-enabling Automatic Shell Restart
[04/27/2007, 19:28:13] - File to disable: C:\WINDOWS\system32\ddcaxxw.dll
[04/27/2007, 19:28:13] - Renaming C:\WINDOWS\system32\ddcaxxw.dll -> C:\WINDOWS\system32\ddcaxxw.dll.vir
[04/27/2007, 19:28:13] - File successfully renamed!
[04/27/2007, 19:28:13] - Removing HKLM\...\Browser Helper Objects\{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[04/27/2007, 19:28:13] - Removing HKCR\CLSID\{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[04/27/2007, 19:28:13] - Adding Kill Bit for ActiveX for GUID: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[04/27/2007, 19:28:13] - Deleting ATLEvents/MSEvents Registry entries
[04/27/2007, 19:28:13] - Removing HKLM\...\Winlogon\Notify\ddcaxxw
[04/27/2007, 19:28:13] - Searching for Browser Helper Objects:
[04/27/2007, 19:28:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:13] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:13] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:13] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/27/2007, 19:28:13] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - No filename found. Continuing.
[04/27/2007, 19:28:13] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/27/2007, 19:28:13] - BHO 7: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\yywgkdtq
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\yywgkdtq, continuing.
[04/27/2007, 19:28:13] - BHO 8: {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\ddccd
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[04/27/2007, 19:28:13] - BHO 9: {ED593E05-0872-4290-B76C-7473B5D56B6E} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\ssqrq
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\ssqrq, continuing.
[04/27/2007, 19:28:13] - Finished Searching Browser Helper Objects
[04/27/2007, 19:28:13] - Finishing up...
[04/27/2007, 19:28:13] - A restart is needed.
[04/27/2007, 19:28:15] - Attempting to Restart via STOP error (Blue Screen!)

meme po inkiet !!! :p

et le log :
Logfile of HijackThis v1.99.1
Scan saved at 19:30:06, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fluo.com/?m=Titou search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} - C:\WINDOWS\system32\krknucwj.dll
O2 - BHO: (no name) - {30863089-6B4C-41F6-A9BE-E1568B0D31E3} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yywgkdtq.dll
O2 - BHO: (no name) - {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {ED593E05-0872-4290-B76C-7473B5D56B6E} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] -HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] -sm56hlpr.exe
O4 - HKLM\..\Run: [Muscbrigade] -c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] -C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] -C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] -C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] -"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] -"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\gjpjduqv.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] -C:\WINDOWS\reminder\fsc-reminder.exe 2454170 6
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - -"C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
0
Réponse 55 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
27 avril 2007 à 21:06
lol

On va tester une chose:

Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
- Sélectionne "single File"
- copie et colle:

C:\WINDOWS\system32\gjpjduqv.dll

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg

Relance Vundofix.
Laisse le pc redémarrer.

Et après reposte un log HijackThis et le rapport Vundofix.

A+
0
Réponse 56 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
27 avril 2007 à 22:26
VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.11

Scan started at 22:18:38 27/04/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

log:

Logfile of HijackThis v1.99.1
Scan saved at 22:24:40, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fluo.com/?m=Titou search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} - C:\WINDOWS\system32\krknucwj.dll
O2 - BHO: (no name) - {30863089-6B4C-41F6-A9BE-E1568B0D31E3} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yywgkdtq.dll
O2 - BHO: (no name) - {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {ED593E05-0872-4290-B76C-7473B5D56B6E} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] -HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] -sm56hlpr.exe
O4 - HKLM\..\Run: [Muscbrigade] -c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] -C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] -C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] -C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] -"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] -"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\gjpjduqv.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] -C:\WINDOWS\reminder\fsc-reminder.exe 2454170 6
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - -"C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

.....
0
Réponse 57 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
28 avril 2007 à 10:51
Bonjour,

Peux tu relancer Virtumundobegone stp?

A+
0
Réponse 58 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
28 avril 2007 à 12:26
[04/27/2007, 19:28:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Titousteopathe\Bureau\VirtumundoBeGone.exe" )
[04/27/2007, 19:28:08] - Detected System Information:
[04/27/2007, 19:28:08] - Windows Version: 5.1.2600, Service Pack 2
[04/27/2007, 19:28:08] - Current Username: Titousteopathe (Admin)
[04/27/2007, 19:28:08] - Windows is in NORMAL mode.
[04/27/2007, 19:28:08] - Searching for Browser Helper Objects:
[04/27/2007, 19:28:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:08] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:08] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:08] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:09] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:09] - BHO 4: {32AC76CA-98D6-41F5-A096-EB1733D1D494} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\pmnlm
[04/27/2007, 19:28:09] - Found: HKLM\...\Winlogon\Notify\pmnlm - This is probably Virtumundo.
[04/27/2007, 19:28:09] - Assigning {32AC76CA-98D6-41F5-A096-EB1733D1D494} MSEvents Object
[04/27/2007, 19:28:09] - BHO list has been changed! Starting over...
[04/27/2007, 19:28:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:09] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:09] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:09] - BHO 4: {32AC76CA-98D6-41F5-A096-EB1733D1D494} (MSEvents Object)
[04/27/2007, 19:28:09] - ALERT: Found MSEvents Object!
[04/27/2007, 19:28:09] - BHO 5: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\ddcaxxw
[04/27/2007, 19:28:09] - Found: HKLM\...\Winlogon\Notify\ddcaxxw - This is probably Virtumundo.
[04/27/2007, 19:28:09] - Assigning {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} MSEvents Object
[04/27/2007, 19:28:09] - BHO list has been changed! Starting over...
[04/27/2007, 19:28:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:09] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:09] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:09] - BHO 4: {32AC76CA-98D6-41F5-A096-EB1733D1D494} (MSEvents Object)
[04/27/2007, 19:28:09] - ALERT: Found MSEvents Object!
[04/27/2007, 19:28:09] - BHO 5: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} (MSEvents Object)
[04/27/2007, 19:28:09] - ALERT: Found MSEvents Object!
[04/27/2007, 19:28:09] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/27/2007, 19:28:09] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - No filename found. Continuing.
[04/27/2007, 19:28:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/27/2007, 19:28:09] - BHO 9: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\yywgkdtq
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\yywgkdtq, continuing.
[04/27/2007, 19:28:09] - BHO 10: {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\ddccd
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[04/27/2007, 19:28:09] - BHO 11: {ED593E05-0872-4290-B76C-7473B5D56B6E} ()
[04/27/2007, 19:28:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:09] - Checking for HKLM\...\Winlogon\Notify\ssqrq
[04/27/2007, 19:28:09] - Key not found: HKLM\...\Winlogon\Notify\ssqrq, continuing.
[04/27/2007, 19:28:09] - Finished Searching Browser Helper Objects
[04/27/2007, 19:28:09] - *** Detected MSEvents Object
[04/27/2007, 19:28:09] - Trying to remove MSEvents Object...
[04/27/2007, 19:28:10] - Terminating Process: IEXPLORE.EXE
[04/27/2007, 19:28:11] - Terminating Process: RUNDLL32.EXE
[04/27/2007, 19:28:11] - Disabling Automatic Shell Restart
[04/27/2007, 19:28:11] - Terminating Process: EXPLORER.EXE
[04/27/2007, 19:28:11] - Suspending the NT Session Manager System Service
[04/27/2007, 19:28:11] - Terminating Windows NT Logon/Logoff Manager
[04/27/2007, 19:28:11] - Re-enabling Automatic Shell Restart
[04/27/2007, 19:28:11] - File to disable: C:\WINDOWS\system32\pmnlm.dll
[04/27/2007, 19:28:11] - Renaming C:\WINDOWS\system32\pmnlm.dll -> C:\WINDOWS\system32\pmnlm.dll.vir
[04/27/2007, 19:28:11] - File successfully renamed!
[04/27/2007, 19:28:11] - Removing HKLM\...\Browser Helper Objects\{32AC76CA-98D6-41F5-A096-EB1733D1D494}
[04/27/2007, 19:28:11] - Removing HKCR\CLSID\{32AC76CA-98D6-41F5-A096-EB1733D1D494}
[04/27/2007, 19:28:11] - Adding Kill Bit for ActiveX for GUID: {32AC76CA-98D6-41F5-A096-EB1733D1D494}
[04/27/2007, 19:28:11] - Deleting ATLEvents/MSEvents Registry entries
[04/27/2007, 19:28:11] - Removing HKLM\...\Winlogon\Notify\pmnlm
[04/27/2007, 19:28:11] - Searching for Browser Helper Objects:
[04/27/2007, 19:28:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:11] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:11] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:11] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:11] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:11] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:11] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:11] - BHO 4: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} (MSEvents Object)
[04/27/2007, 19:28:11] - ALERT: Found MSEvents Object!
[04/27/2007, 19:28:11] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/27/2007, 19:28:11] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/27/2007, 19:28:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:11] - No filename found. Continuing.
[04/27/2007, 19:28:11] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/27/2007, 19:28:11] - BHO 8: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/27/2007, 19:28:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:12] - Checking for HKLM\...\Winlogon\Notify\yywgkdtq
[04/27/2007, 19:28:12] - Key not found: HKLM\...\Winlogon\Notify\yywgkdtq, continuing.
[04/27/2007, 19:28:12] - BHO 9: {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} ()
[04/27/2007, 19:28:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:12] - Checking for HKLM\...\Winlogon\Notify\ddccd
[04/27/2007, 19:28:12] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[04/27/2007, 19:28:12] - BHO 10: {ED593E05-0872-4290-B76C-7473B5D56B6E} ()
[04/27/2007, 19:28:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:12] - Checking for HKLM\...\Winlogon\Notify\ssqrq
[04/27/2007, 19:28:12] - Key not found: HKLM\...\Winlogon\Notify\ssqrq, continuing.
[04/27/2007, 19:28:12] - Finished Searching Browser Helper Objects
[04/27/2007, 19:28:12] - *** Detected MSEvents Object
[04/27/2007, 19:28:12] - Trying to remove MSEvents Object...
[04/27/2007, 19:28:13] - Terminating Process: IEXPLORE.EXE
[04/27/2007, 19:28:13] - Terminating Process: RUNDLL32.EXE
[04/27/2007, 19:28:13] - Disabling Automatic Shell Restart
[04/27/2007, 19:28:13] - Terminating Process: EXPLORER.EXE
[04/27/2007, 19:28:13] - Suspending the NT Session Manager System Service
[04/27/2007, 19:28:13] - Terminating Windows NT Logon/Logoff Manager
[04/27/2007, 19:28:13] - Re-enabling Automatic Shell Restart
[04/27/2007, 19:28:13] - File to disable: C:\WINDOWS\system32\ddcaxxw.dll
[04/27/2007, 19:28:13] - Renaming C:\WINDOWS\system32\ddcaxxw.dll -> C:\WINDOWS\system32\ddcaxxw.dll.vir
[04/27/2007, 19:28:13] - File successfully renamed!
[04/27/2007, 19:28:13] - Removing HKLM\...\Browser Helper Objects\{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[04/27/2007, 19:28:13] - Removing HKCR\CLSID\{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[04/27/2007, 19:28:13] - Adding Kill Bit for ActiveX for GUID: {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
[04/27/2007, 19:28:13] - Deleting ATLEvents/MSEvents Registry entries
[04/27/2007, 19:28:13] - Removing HKLM\...\Winlogon\Notify\ddcaxxw
[04/27/2007, 19:28:13] - Searching for Browser Helper Objects:
[04/27/2007, 19:28:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/27/2007, 19:28:13] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/27/2007, 19:28:13] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/27/2007, 19:28:13] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/27/2007, 19:28:13] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - No filename found. Continuing.
[04/27/2007, 19:28:13] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/27/2007, 19:28:13] - BHO 7: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\yywgkdtq
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\yywgkdtq, continuing.
[04/27/2007, 19:28:13] - BHO 8: {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\ddccd
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[04/27/2007, 19:28:13] - BHO 9: {ED593E05-0872-4290-B76C-7473B5D56B6E} ()
[04/27/2007, 19:28:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/27/2007, 19:28:13] - Checking for HKLM\...\Winlogon\Notify\ssqrq
[04/27/2007, 19:28:13] - Key not found: HKLM\...\Winlogon\Notify\ssqrq, continuing.
[04/27/2007, 19:28:13] - Finished Searching Browser Helper Objects
[04/27/2007, 19:28:13] - Finishing up...
[04/27/2007, 19:28:13] - A restart is needed.
[04/27/2007, 19:28:15] - Attempting to Restart via STOP error (Blue Screen!)

[04/28/2007, 12:25:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Titousteopathe\Bureau\VirtumundoBeGone.exe" )
[04/28/2007, 12:25:55] - Detected System Information:
[04/28/2007, 12:25:55] - Windows Version: 5.1.2600, Service Pack 2
[04/28/2007, 12:25:55] - Current Username: Titousteopathe (Admin)
[04/28/2007, 12:25:55] - Windows is in NORMAL mode.
[04/28/2007, 12:25:55] - Searching for Browser Helper Objects:
[04/28/2007, 12:25:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/28/2007, 12:25:55] - BHO 2: {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} ()
[04/28/2007, 12:25:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/28/2007, 12:25:55] - Checking for HKLM\...\Winlogon\Notify\krknucwj
[04/28/2007, 12:25:55] - Key not found: HKLM\...\Winlogon\Notify\krknucwj, continuing.
[04/28/2007, 12:25:55] - BHO 3: {30863089-6B4C-41F6-A9BE-E1568B0D31E3} ()
[04/28/2007, 12:25:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/28/2007, 12:25:55] - Checking for HKLM\...\Winlogon\Notify\vtutu
[04/28/2007, 12:25:55] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[04/28/2007, 12:25:55] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/28/2007, 12:25:55] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/28/2007, 12:25:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/28/2007, 12:25:55] - No filename found. Continuing.
[04/28/2007, 12:25:55] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/28/2007, 12:25:55] - BHO 7: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/28/2007, 12:25:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/28/2007, 12:25:55] - Checking for HKLM\...\Winlogon\Notify\yywgkdtq
[04/28/2007, 12:25:55] - Key not found: HKLM\...\Winlogon\Notify\yywgkdtq, continuing.
[04/28/2007, 12:25:55] - BHO 8: {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} ()
[04/28/2007, 12:25:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/28/2007, 12:25:56] - Checking for HKLM\...\Winlogon\Notify\ddccd
[04/28/2007, 12:25:56] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[04/28/2007, 12:25:56] - BHO 9: {ED593E05-0872-4290-B76C-7473B5D56B6E} ()
[04/28/2007, 12:25:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/28/2007, 12:25:56] - Checking for HKLM\...\Winlogon\Notify\ssqrq
[04/28/2007, 12:25:56] - Key not found: HKLM\...\Winlogon\Notify\ssqrq, continuing.
[04/28/2007, 12:25:56] - Finished Searching Browser Helper Objects
[04/28/2007, 12:25:56] - Finishing up...
[04/28/2007, 12:25:56] - Nothing found! Exiting...
0
Réponse 59 / 81
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
28 avril 2007 à 18:51
OKi,

remet un hijackthis

a+
0
Réponse 60 / 81
Titousteo Messages postés 73 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 23 mai 2008
29 avril 2007 à 04:45
Logfile of HijackThis v1.99.1
Scan saved at 04:45:58, on 29/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fluo.com/?m=Titou search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E6F5A1C-3166-4735-B06B-1644E23D2ECe} - C:\WINDOWS\system32\krknucwj.dll
O2 - BHO: (no name) - {30863089-6B4C-41F6-A9BE-E1568B0D31E3} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yywgkdtq.dll
O2 - BHO: (no name) - {E9567E45-D8F2-4E14-B1F5-335DD0DCD813} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {ED593E05-0872-4290-B76C-7473B5D56B6E} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] -HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] -sm56hlpr.exe
O4 - HKLM\..\Run: [Muscbrigade] -c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] -C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] -C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] -C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] -"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] -"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\gjpjduqv.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] -C:\WINDOWS\reminder\fsc-reminder.exe 2454170 6
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - -"C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
0

Discussions similaires

que penser de PC cleaner ?
elvaroy52 -
Mamydett -

5 réponses