Please HELP ME!!! trojan...
Résolu/Fermé
frangioo
Messages postés
9
Date d'inscription
mardi 3 juillet 2007
Statut
Membre
Dernière intervention
23 décembre 2007
-
3 juil. 2007 à 20:27
Utilisateur anonyme - 6 juil. 2007 à 23:26
Utilisateur anonyme - 6 juil. 2007 à 23:26
A voir également:
- Please HELP ME!!! trojan...
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan - Forum Virus
- Trojan win32 - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
- Trojan agent ✓ - Forum Virus
10 réponses
Utilisateur anonyme
4 juil. 2007 à 01:32
4 juil. 2007 à 01:32
Bonjour
Peux tu recommencer Vundofix et nous donner un rapport si il y a.
Fais ce qui suis dans l'ordre :
¤ Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
J'attends donc trois rapports ;-)
Peux tu recommencer Vundofix et nous donner un rapport si il y a.
Fais ce qui suis dans l'ordre :
¤ Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
J'attends donc trois rapports ;-)
frangioo
Messages postés
9
Date d'inscription
mardi 3 juillet 2007
Statut
Membre
Dernière intervention
23 décembre 2007
4 juil. 2007 à 21:22
4 juil. 2007 à 21:22
j' ai fais tout ce que tu m'as dit, ça m'a pris pas mal de temps, virtumundo be gone et avg ont bugué...
efin voilà les rapport
RAPPORT VGB****************************************************************************
[07/04/2007, 12:47:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur.HOME\Bureau\VirtumundoBeGone.exe" )
[07/04/2007, 12:47:38] - Detected System Information:
[07/04/2007, 12:47:38] - Windows Version: 5.1.2600, Service Pack 1
[07/04/2007, 12:47:38] - Current Username: Administrateur (Admin)
[07/04/2007, 12:47:38] - Windows is in NORMAL mode.
[07/04/2007, 12:47:38] - Searching for Browser Helper Objects:
[07/04/2007, 12:47:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:38] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:38] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:38] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:38] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:38] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:38] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:38] - BHO 4: {69C91264-56D3-4C85-8761-937245CB8EB7} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - Checking for HKLM\...\Winlogon\Notify\mljjk
[07/04/2007, 12:47:39] - Found: HKLM\...\Winlogon\Notify\mljjk - This is probably Virtumundo.
[07/04/2007, 12:47:39] - Assigning {69C91264-56D3-4C85-8761-937245CB8EB7} MSEvents Object
[07/04/2007, 12:47:39] - BHO list has been changed! Starting over...
[07/04/2007, 12:47:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:39] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:39] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:39] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:39] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:39] - BHO 4: {69C91264-56D3-4C85-8761-937245CB8EB7} (MSEvents Object)
[07/04/2007, 12:47:39] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:39] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:39] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - No filename found. Continuing.
[07/04/2007, 12:47:39] - BHO 7: {8A61098D-612B-4EF2-943D-64E920684061} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - Checking for HKLM\...\Winlogon\Notify\pmnkhfd
[07/04/2007, 12:47:39] - Found: HKLM\...\Winlogon\Notify\pmnkhfd - This is probably Virtumundo.
[07/04/2007, 12:47:40] - Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object
[07/04/2007, 12:47:40] - BHO list has been changed! Starting over...
[07/04/2007, 12:47:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:40] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:40] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:40] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:40] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:40] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:40] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:40] - BHO 4: {69C91264-56D3-4C85-8761-937245CB8EB7} (MSEvents Object)
[07/04/2007, 12:47:40] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:40] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:40] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:40] - No filename found. Continuing.
[07/04/2007, 12:47:40] - BHO 7: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[07/04/2007, 12:47:40] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:40] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:40] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[07/04/2007, 12:47:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:40] - Checking for HKLM\...\Winlogon\Notify\qdfjlglo
[07/04/2007, 12:47:40] - Found: HKLM\...\Winlogon\Notify\qdfjlglo - This is probably Virtumundo.
[07/04/2007, 12:47:41] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[07/04/2007, 12:47:41] - BHO list has been changed! Starting over...
[07/04/2007, 12:47:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:41] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:41] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:41] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:41] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:41] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:41] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:41] - BHO 4: {69C91264-56D3-4C85-8761-937245CB8EB7} (MSEvents Object)
[07/04/2007, 12:47:41] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:41] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:41] - No filename found. Continuing.
[07/04/2007, 12:47:41] - BHO 7: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[07/04/2007, 12:47:41] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:41] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:41] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[07/04/2007, 12:47:41] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:41] - Finished Searching Browser Helper Objects
[07/04/2007, 12:47:42] - *** Detected MSEvents Object
[07/04/2007, 12:47:42] - Trying to remove MSEvents Object...
[07/04/2007, 12:47:43] - Terminating Process: IEXPLORE.EXE
[07/04/2007, 12:47:43] - Terminating Process: RUNDLL32.EXE
[07/04/2007, 12:47:43] - Disabling Automatic Shell Restart
[07/04/2007, 12:47:44] - Terminating Process: EXPLORER.EXE
[07/04/2007, 12:47:44] - Suspending the NT Session Manager System Service
[07/04/2007, 12:47:44] - Terminating Windows NT Logon/Logoff Manager
[07/04/2007, 12:47:45] - Re-enabling Automatic Shell Restart
[07/04/2007, 12:47:45] - File to disable: C:\WINDOWS\System32\mljjk.dll
[07/04/2007, 12:47:45] - Renaming C:\WINDOWS\System32\mljjk.dll -> C:\WINDOWS\System32\mljjk.dll.vir
[07/04/2007, 12:47:45] - File successfully renamed!
[07/04/2007, 12:47:45] - Removing HKLM\...\Browser Helper Objects\{69C91264-56D3-4C85-8761-937245CB8EB7}
[07/04/2007, 12:47:45] - Removing HKCR\CLSID\{69C91264-56D3-4C85-8761-937245CB8EB7}
[07/04/2007, 12:47:45] - Adding Kill Bit for ActiveX for GUID: {69C91264-56D3-4C85-8761-937245CB8EB7}
[07/04/2007, 12:47:45] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2007, 12:47:45] - Removing HKLM\...\Winlogon\Notify\mljjk
[07/04/2007, 12:47:45] - Searching for Browser Helper Objects:
[07/04/2007, 12:47:45] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:45] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:45] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:45] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:45] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:46] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:46] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:46] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:46] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:46] - No filename found. Continuing.
[07/04/2007, 12:47:46] - BHO 6: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[07/04/2007, 12:47:46] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:46] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:46] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[07/04/2007, 12:47:46] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:46] - Finished Searching Browser Helper Objects
[07/04/2007, 12:47:46] - *** Detected MSEvents Object
[07/04/2007, 12:47:46] - Trying to remove MSEvents Object...
[07/04/2007, 12:47:47] - Terminating Process: IEXPLORE.EXE
[07/04/2007, 12:47:47] - Terminating Process: RUNDLL32.EXE
[07/04/2007, 12:47:47] - Disabling Automatic Shell Restart
[07/04/2007, 12:47:47] - Terminating Process: EXPLORER.EXE
[07/04/2007, 12:47:48] - Suspending the NT Session Manager System Service
[07/04/2007, 12:47:48] - Terminating Windows NT Logon/Logoff Manager
[07/04/2007, 12:47:48] - Re-enabling Automatic Shell Restart
[07/04/2007, 12:47:48] - File to disable: C:\WINDOWS\System32\pmnkhfd.dll
[07/04/2007, 12:47:48] - Renaming C:\WINDOWS\System32\pmnkhfd.dll -> C:\WINDOWS\System32\pmnkhfd.dll.vir
[07/04/2007, 12:47:48] - File successfully renamed!
[07/04/2007, 12:47:48] - Removing HKLM\...\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
[07/04/2007, 12:47:48] - Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
[07/04/2007, 12:47:48] - Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061}
[07/04/2007, 12:47:48] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2007, 12:47:48] - Removing HKLM\...\Winlogon\Notify\pmnkhfd
[07/04/2007, 12:47:48] - Searching for Browser Helper Objects:
[07/04/2007, 12:47:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:48] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:49] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:49] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:49] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:49] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:49] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:49] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:49] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:49] - No filename found. Continuing.
[07/04/2007, 12:47:49] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:49] - BHO 7: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[07/04/2007, 12:47:49] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:49] - Finished Searching Browser Helper Objects
[07/04/2007, 12:47:49] - *** Detected MSEvents Object
[07/04/2007, 12:47:49] - Trying to remove MSEvents Object...
[07/04/2007, 12:47:50] - Terminating Process: IEXPLORE.EXE
[07/04/2007, 12:47:50] - Terminating Process: RUNDLL32.EXE
[07/04/2007, 12:47:50] - Disabling Automatic Shell Restart
[07/04/2007, 12:47:50] - Terminating Process: EXPLORER.EXE
[07/04/2007, 12:47:51] - Suspending the NT Session Manager System Service
[07/04/2007, 12:47:51] - Terminating Windows NT Logon/Logoff Manager
[07/04/2007, 12:47:51] - Re-enabling Automatic Shell Restart
[07/04/2007, 12:47:51] - File to disable: C:\WINDOWS\system32\qdfjlglo.dll
[07/04/2007, 12:47:51] - Renaming C:\WINDOWS\system32\qdfjlglo.dll -> C:\WINDOWS\system32\qdfjlglo.dll.vir
[07/04/2007, 12:47:51] - File successfully renamed!
[07/04/2007, 12:47:51] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[07/04/2007, 12:47:51] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[07/04/2007, 12:47:51] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[07/04/2007, 12:47:51] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2007, 12:47:51] - Removing HKLM\...\Winlogon\Notify\qdfjlglo
[07/04/2007, 12:47:51] - Searching for Browser Helper Objects:
[07/04/2007, 12:47:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:52] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:52] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:52] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:52] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:52] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:52] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:52] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:52] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:52] - No filename found. Continuing.
[07/04/2007, 12:47:52] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:52] - Finished Searching Browser Helper Objects
[07/04/2007, 12:47:52] - Finishing up...
[07/04/2007, 12:47:52] - A restart is needed.
[07/04/2007, 12:48:05] - Attempting to Restart via STOP error (Blue Screen!)
RAPPORT HIJACKTHIS********************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 19:23:42, on 04/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} - C:\WINDOWS\System32\vtuts.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\opgsvtjc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\plcexmqi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\plcexmqi.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\egepvxge.dll",realset
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Service Update] C:\WINDOWS\System32\mswsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: plcexmqi - C:\WINDOWS\SYSTEM32\plcexmqi.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
RAPPORT AVG***************************************************************************
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:19:42 04/07/2007
+ Résultat de l'analyse:
C:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : Ignoré.
C:\Program Files\Everest Poker\cstart.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP124\A0025134.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP126\A0025207.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP126\A0025251.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP132\A0026791.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP157\A0043096.dll -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\ljjhgdb.dll.bad -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\ssqqpqo.dll.bad -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\yayyxvs.dll.bad -> Adware.Virtumonde : Ignoré.
C:\WINDOWS\system32\pmnkhfd.dll.vir -> Adware.Virtumonde : Ignoré.
C:\WINDOWS\system32\ssqqpqo.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP157\A0044095.exe -> Backdoor.Rbot.ckm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP157\A0044101.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.161:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.162:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.163:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.164:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.165:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.166:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.167:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.184:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.145:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.149:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.150:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.155:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.176:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adengage : Nettoyé.
:mozilla.114:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.115:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.218:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.68:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.93:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.188:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.189:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.190:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.191:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.192:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.193:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.124:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.125:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.126:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.70:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.75:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.85:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.199:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.145:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7a4ipqfs.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.146:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7a4ipqfs.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.129:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.130:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.135:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.136:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.137:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.138:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.118:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.129:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7a4ipqfs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.210:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.90:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.91:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.92:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.143:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.144:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.61:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.62:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.79:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.24:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
RAPPORT BITFENDER*********************************************************************
BitDefender Online Scanner - Real Time Virus Report
Generated at: Wed, Jul 04, 2007 - 20:58:05
Scan Info
Scanned Files
277328
Infected Files
21
Virus Detected
DeepScan:Generic.Virtumonde1.ge.D160349B
1
Trojan.Clicker.MNB
1
DeepScan:Generic.Virtumonde1.ge.9AA90EC0
efin voilà les rapport
RAPPORT VGB****************************************************************************
[07/04/2007, 12:47:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur.HOME\Bureau\VirtumundoBeGone.exe" )
[07/04/2007, 12:47:38] - Detected System Information:
[07/04/2007, 12:47:38] - Windows Version: 5.1.2600, Service Pack 1
[07/04/2007, 12:47:38] - Current Username: Administrateur (Admin)
[07/04/2007, 12:47:38] - Windows is in NORMAL mode.
[07/04/2007, 12:47:38] - Searching for Browser Helper Objects:
[07/04/2007, 12:47:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:38] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:38] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:38] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:38] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:38] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:38] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:38] - BHO 4: {69C91264-56D3-4C85-8761-937245CB8EB7} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - Checking for HKLM\...\Winlogon\Notify\mljjk
[07/04/2007, 12:47:39] - Found: HKLM\...\Winlogon\Notify\mljjk - This is probably Virtumundo.
[07/04/2007, 12:47:39] - Assigning {69C91264-56D3-4C85-8761-937245CB8EB7} MSEvents Object
[07/04/2007, 12:47:39] - BHO list has been changed! Starting over...
[07/04/2007, 12:47:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:39] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:39] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:39] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:39] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:39] - BHO 4: {69C91264-56D3-4C85-8761-937245CB8EB7} (MSEvents Object)
[07/04/2007, 12:47:39] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:39] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:39] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - No filename found. Continuing.
[07/04/2007, 12:47:39] - BHO 7: {8A61098D-612B-4EF2-943D-64E920684061} ()
[07/04/2007, 12:47:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:39] - Checking for HKLM\...\Winlogon\Notify\pmnkhfd
[07/04/2007, 12:47:39] - Found: HKLM\...\Winlogon\Notify\pmnkhfd - This is probably Virtumundo.
[07/04/2007, 12:47:40] - Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object
[07/04/2007, 12:47:40] - BHO list has been changed! Starting over...
[07/04/2007, 12:47:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:40] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:40] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:40] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:40] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:40] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:40] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:40] - BHO 4: {69C91264-56D3-4C85-8761-937245CB8EB7} (MSEvents Object)
[07/04/2007, 12:47:40] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:40] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:40] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:40] - No filename found. Continuing.
[07/04/2007, 12:47:40] - BHO 7: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[07/04/2007, 12:47:40] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:40] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:40] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[07/04/2007, 12:47:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:40] - Checking for HKLM\...\Winlogon\Notify\qdfjlglo
[07/04/2007, 12:47:40] - Found: HKLM\...\Winlogon\Notify\qdfjlglo - This is probably Virtumundo.
[07/04/2007, 12:47:41] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[07/04/2007, 12:47:41] - BHO list has been changed! Starting over...
[07/04/2007, 12:47:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:41] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:41] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:41] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:41] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:41] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:41] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:41] - BHO 4: {69C91264-56D3-4C85-8761-937245CB8EB7} (MSEvents Object)
[07/04/2007, 12:47:41] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:41] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:41] - No filename found. Continuing.
[07/04/2007, 12:47:41] - BHO 7: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[07/04/2007, 12:47:41] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:41] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:41] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[07/04/2007, 12:47:41] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:41] - Finished Searching Browser Helper Objects
[07/04/2007, 12:47:42] - *** Detected MSEvents Object
[07/04/2007, 12:47:42] - Trying to remove MSEvents Object...
[07/04/2007, 12:47:43] - Terminating Process: IEXPLORE.EXE
[07/04/2007, 12:47:43] - Terminating Process: RUNDLL32.EXE
[07/04/2007, 12:47:43] - Disabling Automatic Shell Restart
[07/04/2007, 12:47:44] - Terminating Process: EXPLORER.EXE
[07/04/2007, 12:47:44] - Suspending the NT Session Manager System Service
[07/04/2007, 12:47:44] - Terminating Windows NT Logon/Logoff Manager
[07/04/2007, 12:47:45] - Re-enabling Automatic Shell Restart
[07/04/2007, 12:47:45] - File to disable: C:\WINDOWS\System32\mljjk.dll
[07/04/2007, 12:47:45] - Renaming C:\WINDOWS\System32\mljjk.dll -> C:\WINDOWS\System32\mljjk.dll.vir
[07/04/2007, 12:47:45] - File successfully renamed!
[07/04/2007, 12:47:45] - Removing HKLM\...\Browser Helper Objects\{69C91264-56D3-4C85-8761-937245CB8EB7}
[07/04/2007, 12:47:45] - Removing HKCR\CLSID\{69C91264-56D3-4C85-8761-937245CB8EB7}
[07/04/2007, 12:47:45] - Adding Kill Bit for ActiveX for GUID: {69C91264-56D3-4C85-8761-937245CB8EB7}
[07/04/2007, 12:47:45] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2007, 12:47:45] - Removing HKLM\...\Winlogon\Notify\mljjk
[07/04/2007, 12:47:45] - Searching for Browser Helper Objects:
[07/04/2007, 12:47:45] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:45] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:45] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:45] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:45] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:46] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:46] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:46] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:46] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:46] - No filename found. Continuing.
[07/04/2007, 12:47:46] - BHO 6: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[07/04/2007, 12:47:46] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:46] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:46] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[07/04/2007, 12:47:46] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:46] - Finished Searching Browser Helper Objects
[07/04/2007, 12:47:46] - *** Detected MSEvents Object
[07/04/2007, 12:47:46] - Trying to remove MSEvents Object...
[07/04/2007, 12:47:47] - Terminating Process: IEXPLORE.EXE
[07/04/2007, 12:47:47] - Terminating Process: RUNDLL32.EXE
[07/04/2007, 12:47:47] - Disabling Automatic Shell Restart
[07/04/2007, 12:47:47] - Terminating Process: EXPLORER.EXE
[07/04/2007, 12:47:48] - Suspending the NT Session Manager System Service
[07/04/2007, 12:47:48] - Terminating Windows NT Logon/Logoff Manager
[07/04/2007, 12:47:48] - Re-enabling Automatic Shell Restart
[07/04/2007, 12:47:48] - File to disable: C:\WINDOWS\System32\pmnkhfd.dll
[07/04/2007, 12:47:48] - Renaming C:\WINDOWS\System32\pmnkhfd.dll -> C:\WINDOWS\System32\pmnkhfd.dll.vir
[07/04/2007, 12:47:48] - File successfully renamed!
[07/04/2007, 12:47:48] - Removing HKLM\...\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
[07/04/2007, 12:47:48] - Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
[07/04/2007, 12:47:48] - Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061}
[07/04/2007, 12:47:48] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2007, 12:47:48] - Removing HKLM\...\Winlogon\Notify\pmnkhfd
[07/04/2007, 12:47:48] - Searching for Browser Helper Objects:
[07/04/2007, 12:47:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:48] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:49] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:49] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:49] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:49] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:49] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:49] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:49] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:49] - No filename found. Continuing.
[07/04/2007, 12:47:49] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:49] - BHO 7: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[07/04/2007, 12:47:49] - ALERT: Found MSEvents Object!
[07/04/2007, 12:47:49] - Finished Searching Browser Helper Objects
[07/04/2007, 12:47:49] - *** Detected MSEvents Object
[07/04/2007, 12:47:49] - Trying to remove MSEvents Object...
[07/04/2007, 12:47:50] - Terminating Process: IEXPLORE.EXE
[07/04/2007, 12:47:50] - Terminating Process: RUNDLL32.EXE
[07/04/2007, 12:47:50] - Disabling Automatic Shell Restart
[07/04/2007, 12:47:50] - Terminating Process: EXPLORER.EXE
[07/04/2007, 12:47:51] - Suspending the NT Session Manager System Service
[07/04/2007, 12:47:51] - Terminating Windows NT Logon/Logoff Manager
[07/04/2007, 12:47:51] - Re-enabling Automatic Shell Restart
[07/04/2007, 12:47:51] - File to disable: C:\WINDOWS\system32\qdfjlglo.dll
[07/04/2007, 12:47:51] - Renaming C:\WINDOWS\system32\qdfjlglo.dll -> C:\WINDOWS\system32\qdfjlglo.dll.vir
[07/04/2007, 12:47:51] - File successfully renamed!
[07/04/2007, 12:47:51] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[07/04/2007, 12:47:51] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[07/04/2007, 12:47:51] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[07/04/2007, 12:47:51] - Deleting ATLEvents/MSEvents Registry entries
[07/04/2007, 12:47:51] - Removing HKLM\...\Winlogon\Notify\qdfjlglo
[07/04/2007, 12:47:51] - Searching for Browser Helper Objects:
[07/04/2007, 12:47:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2007, 12:47:52] - BHO 2: {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} ()
[07/04/2007, 12:47:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:52] - Checking for HKLM\...\Winlogon\Notify\vtuts
[07/04/2007, 12:47:52] - Key not found: HKLM\...\Winlogon\Notify\vtuts, continuing.
[07/04/2007, 12:47:52] - BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[07/04/2007, 12:47:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:52] - Checking for HKLM\...\Winlogon\Notify\opgsvtjc
[07/04/2007, 12:47:52] - Key not found: HKLM\...\Winlogon\Notify\opgsvtjc, continuing.
[07/04/2007, 12:47:52] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2007, 12:47:52] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2007, 12:47:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2007, 12:47:52] - No filename found. Continuing.
[07/04/2007, 12:47:52] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2007, 12:47:52] - Finished Searching Browser Helper Objects
[07/04/2007, 12:47:52] - Finishing up...
[07/04/2007, 12:47:52] - A restart is needed.
[07/04/2007, 12:48:05] - Attempting to Restart via STOP error (Blue Screen!)
RAPPORT HIJACKTHIS********************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 19:23:42, on 04/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FBEAAD2-9C8F-4A57-8299-582E9F017DD9} - C:\WINDOWS\System32\vtuts.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\opgsvtjc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\plcexmqi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\plcexmqi.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\egepvxge.dll",realset
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Service Update] C:\WINDOWS\System32\mswsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: plcexmqi - C:\WINDOWS\SYSTEM32\plcexmqi.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
RAPPORT AVG***************************************************************************
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:19:42 04/07/2007
+ Résultat de l'analyse:
C:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : Ignoré.
C:\Program Files\Everest Poker\cstart.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP124\A0025134.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP126\A0025207.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP126\A0025251.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP132\A0026791.exe -> Adware.Casino : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP157\A0043096.dll -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\ljjhgdb.dll.bad -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\ssqqpqo.dll.bad -> Adware.Virtumonde : Ignoré.
C:\VundoFix Backups\yayyxvs.dll.bad -> Adware.Virtumonde : Ignoré.
C:\WINDOWS\system32\pmnkhfd.dll.vir -> Adware.Virtumonde : Ignoré.
C:\WINDOWS\system32\ssqqpqo.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP157\A0044095.exe -> Backdoor.Rbot.ckm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{7CE2B181-F532-4E03-8CFA-93EB098F28FE}\RP157\A0044101.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.161:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.162:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.163:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.164:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.165:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.166:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.167:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.184:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.145:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.149:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.150:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.155:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.176:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adengage : Nettoyé.
:mozilla.114:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.115:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.218:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.68:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.93:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.188:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.189:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.190:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.191:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.192:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.193:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.124:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.125:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.126:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.70:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.75:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.85:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.199:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.145:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7a4ipqfs.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.146:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7a4ipqfs.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.129:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.130:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.135:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.136:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.137:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.138:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.118:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.129:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7a4ipqfs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.210:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.90:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.91:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.92:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.143:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.144:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.61:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.62:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.79:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrateur.HOME\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.24:C:\Documents and Settings\Administrateur.HOME\Application Data\Mozilla\Firefox\Profiles\5huqjh9t.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
RAPPORT BITFENDER*********************************************************************
BitDefender Online Scanner - Real Time Virus Report
Generated at: Wed, Jul 04, 2007 - 20:58:05
Scan Info
Scanned Files
277328
Infected Files
21
Virus Detected
DeepScan:Generic.Virtumonde1.ge.D160349B
1
Trojan.Clicker.MNB
1
DeepScan:Generic.Virtumonde1.ge.9AA90EC0
Utilisateur anonyme
4 juil. 2007 à 21:25
4 juil. 2007 à 21:25
1. peux tu recommencer vundofix et nous donner le rapport s'il en existe un.
2. Recommence AVG et supprime tout, tu réinstalleras Everest Poker plus tard, pas grave.
3. Ton rapport Bitdefender est incomplet ;-)
2. Recommence AVG et supprime tout, tu réinstalleras Everest Poker plus tard, pas grave.
3. Ton rapport Bitdefender est incomplet ;-)
frangioo
Messages postés
9
Date d'inscription
mardi 3 juillet 2007
Statut
Membre
Dernière intervention
23 décembre 2007
4 juil. 2007 à 21:28
4 juil. 2007 à 21:28
OK j 'envoie le reste. En fait j'ai le reste du rapport bitfender, mais c'est du htlm en texte... c un peu long!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
frangioo
Messages postés
9
Date d'inscription
mardi 3 juillet 2007
Statut
Membre
Dernière intervention
23 décembre 2007
4 juil. 2007 à 22:07
4 juil. 2007 à 22:07
j' ai relancé vundofix, il m a trouvé 3 fichiers suspet: egepvxge.dll egxvpege.ini opgsvtjc.dll
y a pas eu de rapport mais apparament il me les a supprimé
y a pas eu de rapport mais apparament il me les a supprimé
Utilisateur anonyme
4 juil. 2007 à 23:26
4 juil. 2007 à 23:26
Le rapport est ici C:/vundo.txt
¤ Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
http://redir.fr/gmll
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
¤ Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
http://redir.fr/gmll
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
frangioo
Messages postés
9
Date d'inscription
mardi 3 juillet 2007
Statut
Membre
Dernière intervention
23 décembre 2007
5 juil. 2007 à 23:44
5 juil. 2007 à 23:44
c'est bon j'ai le rapport, mais encore en html, alors je te l'envoi sur Gmail
Et sinon , il y a 1 truc que je pige pas, vundofix contient 1 trojan?
Et sinon , il y a 1 truc que je pige pas, vundofix contient 1 trojan?
Utilisateur anonyme
6 juil. 2007 à 00:22
6 juil. 2007 à 00:22
Je l'ai reçu, non Vundofix ne contient rien c'est le dossier de quarantaine.
Supprime-le : C:\VundoFix Backups
Puis fais ceci :
Alors ceci : C:\System Volume Information\_restore (voir rapport Bitdefender )
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
Dis moi comment se comporte ton PC puis remet un dernier rapport hijackthis stp
Supprime-le : C:\VundoFix Backups
Puis fais ceci :
Alors ceci : C:\System Volume Information\_restore (voir rapport Bitdefender )
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
Dis moi comment se comporte ton PC puis remet un dernier rapport hijackthis stp
frangioo
Messages postés
9
Date d'inscription
mardi 3 juillet 2007
Statut
Membre
Dernière intervention
23 décembre 2007
6 juil. 2007 à 22:28
6 juil. 2007 à 22:28
ça a l'air d'etre OK, ça rame moin!!! MERCI pour tout, j'aurais appris quelque truc sur le sujet.
Bonne continuation a toi forgeron!
voici donc le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:54:59, on 06/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\ashServ.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\plcexmqi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\plcexmqi.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: plcexmqi - C:\WINDOWS\SYSTEM32\plcexmqi.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Bonne continuation a toi forgeron!
voici donc le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:54:59, on 06/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\ashServ.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\plcexmqi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\plcexmqi.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: plcexmqi - C:\WINDOWS\SYSTEM32\plcexmqi.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Utilisateur anonyme
6 juil. 2007 à 23:26
6 juil. 2007 à 23:26
Pense à mettre à jour ton Windows car il ne l'est pas.
Démarrer, tous les programmes, tout en haut (Windows update)
N'hésite pas en cas de souci, a++
Petit message de rappel et de fin
Pense à nettoyer tes fichiers temporaires très souvent pour éviter que des bestioles exotiques squattent les dossiers temporaires.
Scanner au moins deux fois par mois ton PC avec tes anti-spywares que tu auras préalablement mis à jour ainsi qu'avec ton anti-virus au moins une fois tous les mois.
Si une bestiole persiste au nettoyage pense à utiliser le mode sans échec il y a de forte chance que ça règle ton problème.
N'installe jamais deux anti-virus sur ton PC pour éviter tous conflits, si tu as besoin il existe des scans anti-virus gratuits en ligne ainsi que des scans anti-spywares pour déterminer si ton PC est propre de tous intrus.
Si ton PC traîne un peu la patte pense à régler tes services Windows, de défragmenter ton disque dur et si besoin d'enlever des programmes du démarrage de Windows.
Démarrer, tous les programmes, tout en haut (Windows update)
N'hésite pas en cas de souci, a++
Petit message de rappel et de fin
Pense à nettoyer tes fichiers temporaires très souvent pour éviter que des bestioles exotiques squattent les dossiers temporaires.
Scanner au moins deux fois par mois ton PC avec tes anti-spywares que tu auras préalablement mis à jour ainsi qu'avec ton anti-virus au moins une fois tous les mois.
Si une bestiole persiste au nettoyage pense à utiliser le mode sans échec il y a de forte chance que ça règle ton problème.
N'installe jamais deux anti-virus sur ton PC pour éviter tous conflits, si tu as besoin il existe des scans anti-virus gratuits en ligne ainsi que des scans anti-spywares pour déterminer si ton PC est propre de tous intrus.
Si ton PC traîne un peu la patte pense à régler tes services Windows, de défragmenter ton disque dur et si besoin d'enlever des programmes du démarrage de Windows.
