Sujet Précédent Sujet Suivant

Virtumonde aidez moi

NIhil -  
raleuboleu Messages postés 5028 Statut Membre -
Bonjour,
J'ai virtumonde, vous savez cet ami qui vous veut du mal. J'ai tenté spybot pour l'enlever mais rien n'y a fait, j'en ai testé d'autres por me retrouver avec un windows dont j'ai perdu tous les paramètres et un fichier manquant (J6261032.dll). Là je n'en peux plus, je désepère, pouvez-vous m'aider?
J'ai testé un truc qui s'appelle vundo je sais plus quoi où il faut écrire l'emplacement d'un .dll puis le meme nom à l'envers mais j'ai du faire une mauvaise manip car ensuite sur hijack je n'y comprends plus rien donc je m'abstiens et ca ne ésoud pas le problème

Voici le hijack du moment :

Logfile of HijackThis v1.99.1
Scan saved at 00:20:41, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\nihil\Bureau\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://81.95.149.173/campaign/main.sc?cid=z0HHVpU0Ij&wmid=FOYGq2JV9B&ver=1003&bid=1542506755&newerr=0&newhr=0&size=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
O4 - HKLM\..\Run: [j6261032] rundll32 C:\WINDOWS\system32\j6261032.dll sook
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ahjbkxoi.dll",realset
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

25 réponses

  • 1
  • 2
Réponse 1 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
salut

esssaie ceci:

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

pendant ce temps je matte ton hijack

bizoux
0
NIhil
 
Salut

merci de ton aide
donc je l'ai lancé en mode sans échec ainsiq u'en mode normal mais pas de redémarage intempestif ou d'écran bleu, par contre voilà le log de VBG


[06/08/2007, 12:14:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nihil\Bureau\VirtumundoBeGone.exe" )
[06/08/2007, 12:14:23] - Detected System Information:
[06/08/2007, 12:14:23] - Windows Version: 5.1.2600, Service Pack 2
[06/08/2007, 12:14:23] - Current Username: nihil (Admin)
[06/08/2007, 12:14:23] - Windows is in NORMAL mode.
[06/08/2007, 12:14:23] - Searching for Browser Helper Objects:
[06/08/2007, 12:14:23] - BHO 1: {05D692D1-060C-4C58-A05B-8627D30E2EDA} ()
[06/08/2007, 12:14:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:23] - Checking for HKLM\...\Winlogon\Notify\gebyy
[06/08/2007, 12:14:23] - Found: HKLM\...\Winlogon\Notify\gebyy - This is probably Virtumundo.
[06/08/2007, 12:14:23] - Assigning {05D692D1-060C-4C58-A05B-8627D30E2EDA} MSEvents Object
[06/08/2007, 12:14:24] - BHO list has been changed! Starting over...
[06/08/2007, 12:14:24] - BHO 1: {05D692D1-060C-4C58-A05B-8627D30E2EDA} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:14:24] - BHO 3: {08C134D3-087C-4139-A98C-3A078358DFDE} ()
[06/08/2007, 12:14:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:24] - Checking for HKLM\...\Winlogon\Notify\opnkiif
[06/08/2007, 12:14:24] - Found: HKLM\...\Winlogon\Notify\opnkiif - This is probably Virtumundo.
[06/08/2007, 12:14:24] - Assigning {08C134D3-087C-4139-A98C-3A078358DFDE} MSEvents Object
[06/08/2007, 12:14:24] - BHO list has been changed! Starting over...
[06/08/2007, 12:14:24] - BHO 1: {05D692D1-060C-4C58-A05B-8627D30E2EDA} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:14:24] - BHO 3: {08C134D3-087C-4139-A98C-3A078358DFDE} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 4: {4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7} ()
[06/08/2007, 12:14:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:24] - Checking for HKLM\...\Winlogon\Notify\ddccc
[06/08/2007, 12:14:24] - Found: HKLM\...\Winlogon\Notify\ddccc - This is probably Virtumundo.
[06/08/2007, 12:14:24] - Assigning {4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7} MSEvents Object
[06/08/2007, 12:14:24] - BHO list has been changed! Starting over...
[06/08/2007, 12:14:24] - BHO 1: {05D692D1-060C-4C58-A05B-8627D30E2EDA} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:14:24] - BHO 3: {08C134D3-087C-4139-A98C-3A078358DFDE} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 4: {4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/08/2007, 12:14:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:24] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/08/2007, 12:14:24] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/08/2007, 12:14:24] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/08/2007, 12:14:24] - BHO 7: {A3F97925-61F1-4C36-9ED6-AB24E974B8E9} ()
[06/08/2007, 12:14:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:24] - Checking for HKLM\...\Winlogon\Notify\vtutt
[06/08/2007, 12:14:24] - Found: HKLM\...\Winlogon\Notify\vtutt - This is probably Virtumundo.
[06/08/2007, 12:14:24] - Assigning {A3F97925-61F1-4C36-9ED6-AB24E974B8E9} MSEvents Object
[06/08/2007, 12:14:24] - BHO list has been changed! Starting over...
[06/08/2007, 12:14:24] - BHO 1: {05D692D1-060C-4C58-A05B-8627D30E2EDA} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:14:24] - BHO 3: {08C134D3-087C-4139-A98C-3A078358DFDE} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 4: {4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/08/2007, 12:14:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:24] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/08/2007, 12:14:24] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/08/2007, 12:14:24] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/08/2007, 12:14:24] - BHO 7: {A3F97925-61F1-4C36-9ED6-AB24E974B8E9} (MSEvents Object)
[06/08/2007, 12:14:24] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:24] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/08/2007, 12:14:24] - BHO 9: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
[06/08/2007, 12:14:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:24] - Checking for HKLM\...\Winlogon\Notify\aasyowqu
[06/08/2007, 12:14:24] - Key not found: HKLM\...\Winlogon\Notify\aasyowqu, continuing.
[06/08/2007, 12:14:24] - Finished Searching Browser Helper Objects
[06/08/2007, 12:14:24] - *** Detected MSEvents Object
[06/08/2007, 12:14:24] - Trying to remove MSEvents Object...
[06/08/2007, 12:14:25] - Terminating Process: IEXPLORE.EXE
[06/08/2007, 12:14:25] - Terminating Process: RUNDLL32.EXE
[06/08/2007, 12:14:26] - Disabling Automatic Shell Restart
[06/08/2007, 12:14:26] - Terminating Process: EXPLORER.EXE
[06/08/2007, 12:14:26] - Suspending the NT Session Manager System Service
[06/08/2007, 12:14:26] - Terminating Windows NT Logon/Logoff Manager
[06/08/2007, 12:14:26] - Re-enabling Automatic Shell Restart
[06/08/2007, 12:14:26] - File to disable: C:\WINDOWS\system32\gebyy.dll
[06/08/2007, 12:14:26] - Removing HKLM\...\Browser Helper Objects\{05D692D1-060C-4C58-A05B-8627D30E2EDA}
[06/08/2007, 12:14:26] - Removing HKCR\CLSID\{05D692D1-060C-4C58-A05B-8627D30E2EDA}
[06/08/2007, 12:14:26] - Adding Kill Bit for ActiveX for GUID: {05D692D1-060C-4C58-A05B-8627D30E2EDA}
[06/08/2007, 12:14:26] - Deleting ATLEvents/MSEvents Registry entries
[06/08/2007, 12:14:26] - Removing HKLM\...\Winlogon\Notify\gebyy
[06/08/2007, 12:14:26] - Searching for Browser Helper Objects:
[06/08/2007, 12:14:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:14:26] - BHO 2: {08C134D3-087C-4139-A98C-3A078358DFDE} (MSEvents Object)
[06/08/2007, 12:14:26] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:26] - BHO 3: {4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7} (MSEvents Object)
[06/08/2007, 12:14:26] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:26] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/08/2007, 12:14:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:26] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/08/2007, 12:14:26] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/08/2007, 12:14:26] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/08/2007, 12:14:26] - BHO 6: {A3F97925-61F1-4C36-9ED6-AB24E974B8E9} (MSEvents Object)
[06/08/2007, 12:14:26] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:26] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/08/2007, 12:14:26] - BHO 8: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
[06/08/2007, 12:14:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:26] - Checking for HKLM\...\Winlogon\Notify\aasyowqu
[06/08/2007, 12:14:26] - Key not found: HKLM\...\Winlogon\Notify\aasyowqu, continuing.
[06/08/2007, 12:14:26] - Finished Searching Browser Helper Objects
[06/08/2007, 12:14:26] - *** Detected MSEvents Object
[06/08/2007, 12:14:26] - Trying to remove MSEvents Object...
[06/08/2007, 12:14:27] - Terminating Process: IEXPLORE.EXE
[06/08/2007, 12:14:27] - Terminating Process: RUNDLL32.EXE
[06/08/2007, 12:14:27] - Disabling Automatic Shell Restart
[06/08/2007, 12:14:27] - Terminating Process: EXPLORER.EXE
[06/08/2007, 12:14:27] - Suspending the NT Session Manager System Service
[06/08/2007, 12:14:28] - Terminating Windows NT Logon/Logoff Manager
[06/08/2007, 12:14:28] - Re-enabling Automatic Shell Restart
[06/08/2007, 12:14:28] - File to disable: C:\WINDOWS\system32\opnkiif.dll
[06/08/2007, 12:14:28] - Renaming C:\WINDOWS\system32\opnkiif.dll -> C:\WINDOWS\system32\opnkiif.dll.vir
[06/08/2007, 12:14:28] - File successfully renamed!
[06/08/2007, 12:14:28] - Removing HKLM\...\Browser Helper Objects\{08C134D3-087C-4139-A98C-3A078358DFDE}
[06/08/2007, 12:14:28] - Removing HKCR\CLSID\{08C134D3-087C-4139-A98C-3A078358DFDE}
[06/08/2007, 12:14:28] - Adding Kill Bit for ActiveX for GUID: {08C134D3-087C-4139-A98C-3A078358DFDE}
[06/08/2007, 12:14:28] - Deleting ATLEvents/MSEvents Registry entries
[06/08/2007, 12:14:28] - Removing HKLM\...\Winlogon\Notify\opnkiif
[06/08/2007, 12:14:28] - Searching for Browser Helper Objects:
[06/08/2007, 12:14:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:14:28] - BHO 2: {4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7} (MSEvents Object)
[06/08/2007, 12:14:28] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:28] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/08/2007, 12:14:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:28] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/08/2007, 12:14:28] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/08/2007, 12:14:28] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/08/2007, 12:14:28] - BHO 5: {A3F97925-61F1-4C36-9ED6-AB24E974B8E9} (MSEvents Object)
[06/08/2007, 12:14:28] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:28] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/08/2007, 12:14:28] - BHO 7: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
[06/08/2007, 12:14:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:28] - Checking for HKLM\...\Winlogon\Notify\aasyowqu
[06/08/2007, 12:14:28] - Key not found: HKLM\...\Winlogon\Notify\aasyowqu, continuing.
[06/08/2007, 12:14:28] - Finished Searching Browser Helper Objects
[06/08/2007, 12:14:28] - *** Detected MSEvents Object
[06/08/2007, 12:14:28] - Trying to remove MSEvents Object...
[06/08/2007, 12:14:29] - Terminating Process: IEXPLORE.EXE
[06/08/2007, 12:14:29] - Terminating Process: RUNDLL32.EXE
[06/08/2007, 12:14:29] - Disabling Automatic Shell Restart
[06/08/2007, 12:14:29] - Terminating Process: EXPLORER.EXE
[06/08/2007, 12:14:29] - Suspending the NT Session Manager System Service
[06/08/2007, 12:14:29] - Terminating Windows NT Logon/Logoff Manager
[06/08/2007, 12:14:29] - Re-enabling Automatic Shell Restart
[06/08/2007, 12:14:29] - File to disable: C:\WINDOWS\system32\ddccc.dll
[06/08/2007, 12:14:29] - Removing HKLM\...\Browser Helper Objects\{4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7}
[06/08/2007, 12:14:29] - Removing HKCR\CLSID\{4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7}
[06/08/2007, 12:14:29] - Adding Kill Bit for ActiveX for GUID: {4CDF14E1-3A5E-470F-9D16-8C9F8DFAD8D7}
[06/08/2007, 12:14:29] - Deleting ATLEvents/MSEvents Registry entries
[06/08/2007, 12:14:29] - Removing HKLM\...\Winlogon\Notify\ddccc
[06/08/2007, 12:14:29] - Searching for Browser Helper Objects:
[06/08/2007, 12:14:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:14:29] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/08/2007, 12:14:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/08/2007, 12:14:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/08/2007, 12:14:29] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/08/2007, 12:14:29] - BHO 4: {A3F97925-61F1-4C36-9ED6-AB24E974B8E9} (MSEvents Object)
[06/08/2007, 12:14:29] - ALERT: Found MSEvents Object!
[06/08/2007, 12:14:29] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/08/2007, 12:14:29] - BHO 6: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
[06/08/2007, 12:14:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:29] - Checking for HKLM\...\Winlogon\Notify\aasyowqu
[06/08/2007, 12:14:29] - Key not found: HKLM\...\Winlogon\Notify\aasyowqu, continuing.
[06/08/2007, 12:14:29] - Finished Searching Browser Helper Objects
[06/08/2007, 12:14:29] - *** Detected MSEvents Object
[06/08/2007, 12:14:29] - Trying to remove MSEvents Object...
[06/08/2007, 12:14:30] - Terminating Process: IEXPLORE.EXE
[06/08/2007, 12:14:30] - Terminating Process: RUNDLL32.EXE
[06/08/2007, 12:14:30] - Disabling Automatic Shell Restart
[06/08/2007, 12:14:30] - Terminating Process: EXPLORER.EXE
[06/08/2007, 12:14:31] - Suspending the NT Session Manager System Service
[06/08/2007, 12:14:31] - Terminating Windows NT Logon/Logoff Manager
[06/08/2007, 12:14:31] - Re-enabling Automatic Shell Restart
[06/08/2007, 12:14:31] - File to disable: C:\WINDOWS\system32\vtutt.dll
[06/08/2007, 12:14:31] - Renaming C:\WINDOWS\system32\vtutt.dll -> C:\WINDOWS\system32\vtutt.dll.vir
[06/08/2007, 12:14:31] - File successfully renamed!
[06/08/2007, 12:14:31] - Removing HKLM\...\Browser Helper Objects\{A3F97925-61F1-4C36-9ED6-AB24E974B8E9}
[06/08/2007, 12:14:31] - Removing HKCR\CLSID\{A3F97925-61F1-4C36-9ED6-AB24E974B8E9}
[06/08/2007, 12:14:31] - Adding Kill Bit for ActiveX for GUID: {A3F97925-61F1-4C36-9ED6-AB24E974B8E9}
[06/08/2007, 12:14:31] - Deleting ATLEvents/MSEvents Registry entries
[06/08/2007, 12:14:31] - Removing HKLM\...\Winlogon\Notify\vtutt
[06/08/2007, 12:14:31] - Searching for Browser Helper Objects:
[06/08/2007, 12:14:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:14:31] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/08/2007, 12:14:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:31] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/08/2007, 12:14:31] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/08/2007, 12:14:31] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/08/2007, 12:14:31] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/08/2007, 12:14:31] - BHO 5: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
[06/08/2007, 12:14:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:14:31] - Checking for HKLM\...\Winlogon\Notify\aasyowqu
[06/08/2007, 12:14:31] - Key not found: HKLM\...\Winlogon\Notify\aasyowqu, continuing.
[06/08/2007, 12:14:31] - Finished Searching Browser Helper Objects
[06/08/2007, 12:14:31] - Finishing up...
[06/08/2007, 12:14:31] - A restart is needed.
[06/08/2007, 12:15:59] - Attempting to Restart via STOP error (Blue Screen!)

[06/08/2007, 12:20:03] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[06/08/2007, 12:20:05] - Detected System Information:
[06/08/2007, 12:20:05] - Windows Version: 5.1.2600, Service Pack 2
[06/08/2007, 12:20:05] - Current Username: Administrateur (Admin)
[06/08/2007, 12:20:05] - Windows is in SAFE mode.
[06/08/2007, 12:20:05] - Searching for Browser Helper Objects:
[06/08/2007, 12:20:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/08/2007, 12:20:05] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/08/2007, 12:20:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:20:05] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/08/2007, 12:20:05] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/08/2007, 12:20:05] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/08/2007, 12:20:05] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/08/2007, 12:20:05] - BHO 5: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
[06/08/2007, 12:20:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2007, 12:20:05] - Checking for HKLM\...\Winlogon\Notify\aasyowqu
[06/08/2007, 12:20:05] - Key not found: HKLM\...\Winlogon\Notify\aasyowqu, continuing.
[06/08/2007, 12:20:05] - Finished Searching Browser Helper Objects
[06/08/2007, 12:20:05] - Finishing up...
[06/08/2007, 12:20:05] - Nothing found! Exiting...
0
Réponse 2 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
salut

peux tu reposter 1 log hijack stp maintenant que tu as passé virtumundo

bizoux
0
NIhil
 
Voilà, apparement il me reste smitfraud , j'ai trouvé un outil : smitfraudfx mais il n'y a pas eu grand résultat...

Logfile of HijackThis v1.99.1
Scan saved at 20:47:48, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nihil\Bureau\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://81.95.149.173/campaign/main.sc?cid=z0HHVpU0Ij&wmid=FOYGq2JV9B&ver=1003&bid=1542506755&newerr=0&newhr=0&size=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\aasyowqu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
O4 - HKLM\..\Run: [j6261032] rundll32 C:\WINDOWS\system32\j6261032.dll sook
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ahjbkxoi.dll",realset
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
raleuboleu Messages postés 5028 Statut Membre 79
 
remoi!!!

lance hijack et clic sur do a scan only, coches les lignes ci-dessous :







O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\aasyowqu.dll

O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\aasyowqu.dll

O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe

O4 - HKLM\..\Run: [j6261032] rundll32 C:\WINDOWS\system32\j6261032.dll sook

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ahjbkxoi.dll",realset

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/



ensuite fixes les ....


De plus je te conseil d'installer un antivirus autre que celui de windows(+ que mediocre!!)

je vois que tu as avast alors je te conseillerais kerio, tres compatible avec avast et efficace !!gratuit et a telecharger ici:

https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html

tiens moi au courant de tes projets par rapport a ceci ^^




ensuite ne t'en fais pas en fin de seinfection je te dirais de virer smitfraux, etc qui ne te seront + utile

bizoux


bizoux
0
Réponse 3 / 25
NIhil
 
Rapport smitfraudfix

SmitFraudFix v2.192

Rapport fait à 21:02:05,23, 08/06/2007
Executé à partir de C:\Documents and Settings\nihil\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.10.246.2
DNS Server Search Order: 80.10.246.129

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer=80.10.246.2,80.10.246.129

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 4 / 25
NIhil
 
re raleboleu,
j'ai suivi tes consignes mais j'ai toujours smirtfraud
voici le dernier hijack :

Logfile of HijackThis v1.99.1
Scan saved at 21:55:49, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nihil\Bureau\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://81.95.149.173/campaign/main.sc?cid=z0HHVpU0Ij&wmid=FOYGq2JV9B&ver=1003&bid=1542506755&newerr=0&newhr=0&size=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
remoi!!!

lance hijack et clic sur do a scan only, coches les lignes ci-dessous :

O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\aasyowqu.dll

O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\aasyowqu.dll

O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe

O4 - HKLM\..\Run: [j6261032] rundll32 C:\WINDOWS\system32\j6261032.dll sook

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ahjbkxoi.dll",realset

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/

ensuite fixes les ....

De plus je te conseil d'installer un antivirus autre que celui de windows(+ que mediocre!!)

je vois que tu as avast alors je te conseillerais kerio, tres compatible avec avast et efficace !!gratuit et a telecharger ici:

https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html

tiens moi au courant de tes projets par rapport a ceci ^^

bizoux
0
Réponse 6 / 25
NIhil
 
Les lignes que tu me proposes de cocher n'y sont plus, je te recolle mon dernier log de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 22:23:39, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nihil\Bureau\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://81.95.149.173/campaign/main.sc?cid=z0HHVpU0Ij&wmid=FOYGq2JV9B&ver=1003&bid=1542506755&newerr=0&newhr=0&size=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 7 / 25
did71 Messages postés 2187 Statut Contributeur sécurité 36
 
Bonsoir raleuboleu, nihil,

VirtumundoBegone est un peu dépassé pour vundo!

tu devrais passer vundofix!

a+
0
Réponse 8 / 25
NIhil
 
ben en tous cas j'ai réussi à me débarasser de virtumonde grace à raleuboleu, alors obsolete ou pas...
Me reste que ce fichu smitfraud impossible à virer
0
Réponse 9 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
re moi !!

tu ne l'as ni sous ton bureau ni dans et supp de programes?

si nan on remontra a la source ^^

bizoux
0
Réponse 10 / 25
NIhil
 
euh je ne comprends pas ce que tu me dis. Quelle source?
En fait les lignes que tu me donnes dans hijack n'existent plus, je ne sais pas quoi cocher.
0
Réponse 11 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
re nan tinkiete je riai avec une amie

peux tu remettre 1 log pour voir stp

bizoux
0
Réponse 12 / 25
NIhil
 
Voilà le dernier log de hijackthis, différent des autres, tu vas voir que les lignes que tu me donnes ne sont pas présentes

Logfile of HijackThis v1.99.1
Scan saved at 23:23:20, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nihil\Bureau\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://81.95.149.173/campaign/main.sc?cid=z0HHVpU0Ij&wmid=FOYGq2JV9B&ver=1003&bid=1542506755&newerr=0&newhr=0&size=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 13 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
re moi

deinstalles hijack puis fais ce qui est dans ce blog!!! renome ton hijack et mets le au bon endroit stp:

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

ensuite reposte 1 log hijack please

bizoux
0
Réponse 14 / 25
NIhil
 
Voilà j'ai tout suivi je crois

Logfile of HijackThis v1.99.1
Scan saved at 23:34:17, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://81.95.149.173/campaign/main.sc?cid=z0HHVpU0Ij&wmid=FOYGq2JV9B&ver=1003&bid=1542506755&newerr=0&newhr=0&size=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C66A01DC-1BCB-45E3-81DC-9294AAB1A5F9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 15 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
remi

oui ton hijack est bien placé (ca change des choses)

je regardouillle je reviens looool
0
Réponse 16 / 25
NIhil
 
ok merci
0
Réponse 17 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
RAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHH

tu vas loe mettre le parefeu !!!!!! alllez op op op

bizoux
0
Réponse 18 / 25
NIhil
 
Il est mis, ca y est ;-)
Et sinon alors pour ce smitfraud?
0
Réponse 19 / 25
NIhil
 
aïe j'y pense, là je ne suis pas en mode sans échec, je ne sais pas si ca y joue
0
Réponse 20 / 25
raleuboleu Messages postés 5028 Statut Membre 79
 
euh lequel? kério?

**pour smitfraud oui vire le , on s'en servira peut etre 1 autre fois looool nan je dec jte souhaite qu e du bien!!
** virer les cookies , garde Ccleaner (a mettre a jour ) mais passe le 1 x / semaine ou toutes les deux allez ^^

**AVG est 1 bon progra
0