Comment interpreter le log de Hijackthis
jeremie59
Messages postés
3
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
voila j'ai vu que l'on pouvait mettre son rapport ici
J'ai toujours Adware.virtumonde qui revient j'ai donc fais un scan avec Hijackthis
voila le rapport
merci d'avance de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 12:28:50, on 16/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Application Data\argzulqf.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fjzcmaamgy.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\hfbmffbk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {887C3BBB-938B-4996-A4D3-892F5FA8920C} - C:\WINDOWS\System32\efcyx.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\System32\fccbyvu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [argzulqf.exe] C:\Documents and Settings\All Users\Application Data\argzulqf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\wayhqjnf.dll",realset
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.3suissesphoto.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: efcyx - C:\WINDOWS\System32\efcyx.dll
O20 - Winlogon Notify: fccbyvu - C:\WINDOWS\SYSTEM32\fccbyvu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghp32 - C:\WINDOWS\SYSTEM32\winghp32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'ai toujours Adware.virtumonde qui revient j'ai donc fais un scan avec Hijackthis
voila le rapport
merci d'avance de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 12:28:50, on 16/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Application Data\argzulqf.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fjzcmaamgy.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\hfbmffbk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {887C3BBB-938B-4996-A4D3-892F5FA8920C} - C:\WINDOWS\System32\efcyx.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\System32\fccbyvu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [argzulqf.exe] C:\Documents and Settings\All Users\Application Data\argzulqf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\wayhqjnf.dll",realset
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.3suissesphoto.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: efcyx - C:\WINDOWS\System32\efcyx.dll
O20 - Winlogon Notify: fccbyvu - C:\WINDOWS\SYSTEM32\fccbyvu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghp32 - C:\WINDOWS\SYSTEM32\winghp32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Comment interpreter le log de Hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Vpn no log - Guide
- Log freebox - Forum Freebox
- View rescue log traduction - Guide
- Log crash windows - Guide
2 réponses
voila j'ai lancé VirtumundoBegone
[06/16/2007, 13:41:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jérémie\Bureau\VirtumundoBeGone.exe" )
[06/16/2007, 13:49:13] - Detected System Information:
[06/16/2007, 13:49:13] - Windows Version: 5.1.2600, Service Pack 1
[06/16/2007, 13:49:13] - Current Username: Jérémie (Admin)
[06/16/2007, 13:49:13] - Windows is in NORMAL mode.
[06/16/2007, 13:49:13] - Searching for Browser Helper Objects:
[06/16/2007, 13:49:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:13] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:13] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:13] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:13] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:14] - No filename found. Continuing.
[06/16/2007, 13:49:14] - BHO 4: {887C3BBB-938B-4996-A4D3-892F5FA8920C} ()
[06/16/2007, 13:49:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:14] - Checking for HKLM\...\Winlogon\Notify\efcyx
[06/16/2007, 13:49:14] - Found: HKLM\...\Winlogon\Notify\efcyx - This is probably Virtumundo.
[06/16/2007, 13:49:14] - Assigning {887C3BBB-938B-4996-A4D3-892F5FA8920C} MSEvents Object
[06/16/2007, 13:49:14] - BHO list has been changed! Starting over...
[06/16/2007, 13:49:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:14] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:14] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:14] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:14] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:14] - No filename found. Continuing.
[06/16/2007, 13:49:14] - BHO 4: {887C3BBB-938B-4996-A4D3-892F5FA8920C} (MSEvents Object)
[06/16/2007, 13:49:14] - ALERT: Found MSEvents Object!
[06/16/2007, 13:49:14] - BHO 5: {8A61098D-612B-4EF2-943D-64E920684061} ()
[06/16/2007, 13:49:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:15] - Checking for HKLM\...\Winlogon\Notify\fccbyvu
[06/16/2007, 13:49:15] - Found: HKLM\...\Winlogon\Notify\fccbyvu - This is probably Virtumundo.
[06/16/2007, 13:49:15] - Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object
[06/16/2007, 13:49:15] - BHO list has been changed! Starting over...
[06/16/2007, 13:49:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:15] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:15] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:15] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:15] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:15] - No filename found. Continuing.
[06/16/2007, 13:49:15] - BHO 4: {887C3BBB-938B-4996-A4D3-892F5FA8920C} (MSEvents Object)
[06/16/2007, 13:49:15] - ALERT: Found MSEvents Object!
[06/16/2007, 13:49:15] - BHO 5: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/16/2007, 13:49:15] - ALERT: Found MSEvents Object!
[06/16/2007, 13:49:15] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/16/2007, 13:49:15] - Finished Searching Browser Helper Objects
[06/16/2007, 13:49:15] - *** Detected MSEvents Object
[06/16/2007, 13:49:15] - Trying to remove MSEvents Object...
[06/16/2007, 13:49:16] - Terminating Process: IEXPLORE.EXE
[06/16/2007, 13:49:18] - Terminating Process: RUNDLL32.EXE
[06/16/2007, 13:49:18] - Disabling Automatic Shell Restart
[06/16/2007, 13:49:18] - Terminating Process: EXPLORER.EXE
[06/16/2007, 13:49:19] - Suspending the NT Session Manager System Service
[06/16/2007, 13:49:19] - Terminating Windows NT Logon/Logoff Manager
[06/16/2007, 13:49:19] - Re-enabling Automatic Shell Restart
[06/16/2007, 13:49:20] - File to disable: C:\WINDOWS\System32\efcyx.dll
[06/16/2007, 13:49:20] - Renaming C:\WINDOWS\System32\efcyx.dll -> C:\WINDOWS\System32\efcyx.dll.vir
[06/16/2007, 13:49:20] - File successfully renamed!
[06/16/2007, 13:49:20] - Removing HKLM\...\Browser Helper Objects\{887C3BBB-938B-4996-A4D3-892F5FA8920C}
[06/16/2007, 13:49:20] - Removing HKCR\CLSID\{887C3BBB-938B-4996-A4D3-892F5FA8920C}
[06/16/2007, 13:49:20] - Adding Kill Bit for ActiveX for GUID: {887C3BBB-938B-4996-A4D3-892F5FA8920C}
[06/16/2007, 13:49:20] - Deleting ATLEvents/MSEvents Registry entries
[06/16/2007, 13:49:20] - Removing HKLM\...\Winlogon\Notify\efcyx
[06/16/2007, 13:49:20] - Searching for Browser Helper Objects:
[06/16/2007, 13:49:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:20] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:20] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:20] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:20] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:20] - No filename found. Continuing.
[06/16/2007, 13:49:20] - BHO 4: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/16/2007, 13:49:21] - ALERT: Found MSEvents Object!
[06/16/2007, 13:49:21] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/16/2007, 13:49:21] - Finished Searching Browser Helper Objects
[06/16/2007, 13:49:21] - *** Detected MSEvents Object
[06/16/2007, 13:49:21] - Trying to remove MSEvents Object...
[06/16/2007, 13:49:22] - Terminating Process: IEXPLORE.EXE
[06/16/2007, 13:49:22] - Terminating Process: RUNDLL32.EXE
[06/16/2007, 13:49:22] - Disabling Automatic Shell Restart
[06/16/2007, 13:49:22] - Terminating Process: EXPLORER.EXE
[06/16/2007, 13:49:22] - Suspending the NT Session Manager System Service
[06/16/2007, 13:49:22] - Terminating Windows NT Logon/Logoff Manager
[06/16/2007, 13:49:23] - Re-enabling Automatic Shell Restart
[06/16/2007, 13:49:23] - File to disable: C:\WINDOWS\System32\fccbyvu.dll
[06/16/2007, 13:49:23] - Renaming C:\WINDOWS\System32\fccbyvu.dll -> C:\WINDOWS\System32\fccbyvu.dll.vir
[06/16/2007, 13:49:23] - File successfully renamed!
[06/16/2007, 13:49:23] - Removing HKLM\...\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
[06/16/2007, 13:49:23] - Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
[06/16/2007, 13:49:23] - Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061}
[06/16/2007, 13:49:23] - Deleting ATLEvents/MSEvents Registry entries
[06/16/2007, 13:49:23] - Removing HKLM\...\Winlogon\Notify\fccbyvu
[06/16/2007, 13:49:23] - Searching for Browser Helper Objects:
[06/16/2007, 13:49:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:23] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:23] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:23] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:23] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:23] - No filename found. Continuing.
[06/16/2007, 13:49:23] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/16/2007, 13:49:23] - Finished Searching Browser Helper Objects
[06/16/2007, 13:49:23] - Finishing up...
[06/16/2007, 13:49:23] - A restart is needed.
[06/16/2007, 13:49:31] - Attempting to Restart via STOP error (Blue Screen!)
et Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:57:30, on 16/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Application Data\argzulqf.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jérémie\Bureau\VirtumundoBeGone.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fjzcmaamgy.com/dwBvLBBPUaNVEyzee3R9lHN6rZDa5p_ay6ujBiVZbrBb5fUz0tRW1l21IzMKhDip.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\hfbmffbk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [argzulqf.exe] C:\Documents and Settings\All Users\Application Data\argzulqf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\wayhqjnf.dll",realset
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.3suissesphoto.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghp32 - C:\WINDOWS\SYSTEM32\winghp32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[06/16/2007, 13:41:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jérémie\Bureau\VirtumundoBeGone.exe" )
[06/16/2007, 13:49:13] - Detected System Information:
[06/16/2007, 13:49:13] - Windows Version: 5.1.2600, Service Pack 1
[06/16/2007, 13:49:13] - Current Username: Jérémie (Admin)
[06/16/2007, 13:49:13] - Windows is in NORMAL mode.
[06/16/2007, 13:49:13] - Searching for Browser Helper Objects:
[06/16/2007, 13:49:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:13] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:13] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:13] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:13] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:14] - No filename found. Continuing.
[06/16/2007, 13:49:14] - BHO 4: {887C3BBB-938B-4996-A4D3-892F5FA8920C} ()
[06/16/2007, 13:49:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:14] - Checking for HKLM\...\Winlogon\Notify\efcyx
[06/16/2007, 13:49:14] - Found: HKLM\...\Winlogon\Notify\efcyx - This is probably Virtumundo.
[06/16/2007, 13:49:14] - Assigning {887C3BBB-938B-4996-A4D3-892F5FA8920C} MSEvents Object
[06/16/2007, 13:49:14] - BHO list has been changed! Starting over...
[06/16/2007, 13:49:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:14] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:14] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:14] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:14] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:14] - No filename found. Continuing.
[06/16/2007, 13:49:14] - BHO 4: {887C3BBB-938B-4996-A4D3-892F5FA8920C} (MSEvents Object)
[06/16/2007, 13:49:14] - ALERT: Found MSEvents Object!
[06/16/2007, 13:49:14] - BHO 5: {8A61098D-612B-4EF2-943D-64E920684061} ()
[06/16/2007, 13:49:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:15] - Checking for HKLM\...\Winlogon\Notify\fccbyvu
[06/16/2007, 13:49:15] - Found: HKLM\...\Winlogon\Notify\fccbyvu - This is probably Virtumundo.
[06/16/2007, 13:49:15] - Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object
[06/16/2007, 13:49:15] - BHO list has been changed! Starting over...
[06/16/2007, 13:49:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:15] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:15] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:15] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:15] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:15] - No filename found. Continuing.
[06/16/2007, 13:49:15] - BHO 4: {887C3BBB-938B-4996-A4D3-892F5FA8920C} (MSEvents Object)
[06/16/2007, 13:49:15] - ALERT: Found MSEvents Object!
[06/16/2007, 13:49:15] - BHO 5: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/16/2007, 13:49:15] - ALERT: Found MSEvents Object!
[06/16/2007, 13:49:15] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/16/2007, 13:49:15] - Finished Searching Browser Helper Objects
[06/16/2007, 13:49:15] - *** Detected MSEvents Object
[06/16/2007, 13:49:15] - Trying to remove MSEvents Object...
[06/16/2007, 13:49:16] - Terminating Process: IEXPLORE.EXE
[06/16/2007, 13:49:18] - Terminating Process: RUNDLL32.EXE
[06/16/2007, 13:49:18] - Disabling Automatic Shell Restart
[06/16/2007, 13:49:18] - Terminating Process: EXPLORER.EXE
[06/16/2007, 13:49:19] - Suspending the NT Session Manager System Service
[06/16/2007, 13:49:19] - Terminating Windows NT Logon/Logoff Manager
[06/16/2007, 13:49:19] - Re-enabling Automatic Shell Restart
[06/16/2007, 13:49:20] - File to disable: C:\WINDOWS\System32\efcyx.dll
[06/16/2007, 13:49:20] - Renaming C:\WINDOWS\System32\efcyx.dll -> C:\WINDOWS\System32\efcyx.dll.vir
[06/16/2007, 13:49:20] - File successfully renamed!
[06/16/2007, 13:49:20] - Removing HKLM\...\Browser Helper Objects\{887C3BBB-938B-4996-A4D3-892F5FA8920C}
[06/16/2007, 13:49:20] - Removing HKCR\CLSID\{887C3BBB-938B-4996-A4D3-892F5FA8920C}
[06/16/2007, 13:49:20] - Adding Kill Bit for ActiveX for GUID: {887C3BBB-938B-4996-A4D3-892F5FA8920C}
[06/16/2007, 13:49:20] - Deleting ATLEvents/MSEvents Registry entries
[06/16/2007, 13:49:20] - Removing HKLM\...\Winlogon\Notify\efcyx
[06/16/2007, 13:49:20] - Searching for Browser Helper Objects:
[06/16/2007, 13:49:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:20] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:20] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:20] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:20] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:20] - No filename found. Continuing.
[06/16/2007, 13:49:20] - BHO 4: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/16/2007, 13:49:21] - ALERT: Found MSEvents Object!
[06/16/2007, 13:49:21] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/16/2007, 13:49:21] - Finished Searching Browser Helper Objects
[06/16/2007, 13:49:21] - *** Detected MSEvents Object
[06/16/2007, 13:49:21] - Trying to remove MSEvents Object...
[06/16/2007, 13:49:22] - Terminating Process: IEXPLORE.EXE
[06/16/2007, 13:49:22] - Terminating Process: RUNDLL32.EXE
[06/16/2007, 13:49:22] - Disabling Automatic Shell Restart
[06/16/2007, 13:49:22] - Terminating Process: EXPLORER.EXE
[06/16/2007, 13:49:22] - Suspending the NT Session Manager System Service
[06/16/2007, 13:49:22] - Terminating Windows NT Logon/Logoff Manager
[06/16/2007, 13:49:23] - Re-enabling Automatic Shell Restart
[06/16/2007, 13:49:23] - File to disable: C:\WINDOWS\System32\fccbyvu.dll
[06/16/2007, 13:49:23] - Renaming C:\WINDOWS\System32\fccbyvu.dll -> C:\WINDOWS\System32\fccbyvu.dll.vir
[06/16/2007, 13:49:23] - File successfully renamed!
[06/16/2007, 13:49:23] - Removing HKLM\...\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
[06/16/2007, 13:49:23] - Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
[06/16/2007, 13:49:23] - Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061}
[06/16/2007, 13:49:23] - Deleting ATLEvents/MSEvents Registry entries
[06/16/2007, 13:49:23] - Removing HKLM\...\Winlogon\Notify\fccbyvu
[06/16/2007, 13:49:23] - Searching for Browser Helper Objects:
[06/16/2007, 13:49:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/16/2007, 13:49:23] - BHO 2: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 13:49:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:23] - Checking for HKLM\...\Winlogon\Notify\hfbmffbk
[06/16/2007, 13:49:23] - Key not found: HKLM\...\Winlogon\Notify\hfbmffbk, continuing.
[06/16/2007, 13:49:23] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/16/2007, 13:49:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 13:49:23] - No filename found. Continuing.
[06/16/2007, 13:49:23] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/16/2007, 13:49:23] - Finished Searching Browser Helper Objects
[06/16/2007, 13:49:23] - Finishing up...
[06/16/2007, 13:49:23] - A restart is needed.
[06/16/2007, 13:49:31] - Attempting to Restart via STOP error (Blue Screen!)
et Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:57:30, on 16/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Application Data\argzulqf.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jérémie\Bureau\VirtumundoBeGone.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fjzcmaamgy.com/dwBvLBBPUaNVEyzee3R9lHN6rZDa5p_ay6ujBiVZbrBb5fUz0tRW1l21IzMKhDip.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\hfbmffbk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [argzulqf.exe] C:\Documents and Settings\All Users\Application Data\argzulqf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\wayhqjnf.dll",realset
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.3suissesphoto.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghp32 - C:\WINDOWS\SYSTEM32\winghp32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
