Trojan.vundo (virtumonde)
Utilisateur anonyme
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour, j'ai un soucis avec le trojan.vundo ou virtumonde, je crois que c'est la même chose...
Je n'arrive pas à le supprimer définitivement, lorsque je lance spybot il apparraît toujours.
Quelqu'un pourrait-il me venir en aide SVP je désespère -__-
Voici mon scan sur hijackthis : Y-a t-il quelque chose de pas normal?
Logfile of HijackThis v1.99.1
Scan saved at 17:58:13, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\xxxxx~1\LOCALS~1\Temp\Rar$EX00.235\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\brngdueg.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454211 6
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
xxxx = Nom supprimé Modération CCM
Je n'arrive pas à le supprimer définitivement, lorsque je lance spybot il apparraît toujours.
Quelqu'un pourrait-il me venir en aide SVP je désespère -__-
Voici mon scan sur hijackthis : Y-a t-il quelque chose de pas normal?
Logfile of HijackThis v1.99.1
Scan saved at 17:58:13, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\xxxxx~1\LOCALS~1\Temp\Rar$EX00.235\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\brngdueg.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454211 6
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
xxxx = Nom supprimé Modération CCM
7 réponses
Bonjour,
infecté mais pas par MSN, l'oiseau rare lol.
Ton hijackthis est mal placé. Il est à l'intérieur d'un sous-répertoire temporaire et peut être nettoyé à chaque instant. Créé C:\Hijackthis et mets le dedans.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Poste le rapport avec un nouveau log Hijckthis.
@+
infecté mais pas par MSN, l'oiseau rare lol.
Ton hijackthis est mal placé. Il est à l'intérieur d'un sous-répertoire temporaire et peut être nettoyé à chaque instant. Créé C:\Hijackthis et mets le dedans.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Poste le rapport avec un nouveau log Hijckthis.
@+
Merci de m'apporter ton aide :)
Donc j'ai suivi tout ce que tu as décris et voici le nouveau scan :
Logfile of HijackThis v1.99.1
Scan saved at 19:09:21, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\xxyvutq.dll
O2 - BHO: (no name) - {38C73C2B-715F-4935-BA92-A25FE3910DBD} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7DA2F2EA-DC97-4864-B486-970E6B0AD320} - C:\WINDOWS\system32\jkkjk.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tevgryvi.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\brngdueg.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454211 6
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: xxyvutq - C:\WINDOWS\SYSTEM32\xxyvutq.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Donc j'ai suivi tout ce que tu as décris et voici le nouveau scan :
Logfile of HijackThis v1.99.1
Scan saved at 19:09:21, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\xxyvutq.dll
O2 - BHO: (no name) - {38C73C2B-715F-4935-BA92-A25FE3910DBD} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7DA2F2EA-DC97-4864-B486-970E6B0AD320} - C:\WINDOWS\system32\jkkjk.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tevgryvi.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\brngdueg.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454211 6
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O20 - Winlogon Notify: xxyvutq - C:\WINDOWS\SYSTEM32\xxyvutq.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Re,
je voudrais le rapport de vundofix (c:\vundofix.txt je crois).
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
Poste le rapport de Virtumundobegone et un nouiveau log Hijackthis
@+
je voudrais le rapport de vundofix (c:\vundofix.txt je crois).
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
Poste le rapport de Virtumundobegone et un nouiveau log Hijackthis
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
D'acc... alors voilà le rapport de vundofix :
VundoFix V6.5.6
Checking Java version...
Scan started at 19:21:32 31/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\vtsqr.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Ensuite le rapport de VBG.TXT :
[07/31/2007, 19:30:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\xxxxx\Bureau\VirtumundoBeGone.exe" )
[07/31/2007, 19:30:53] - Detected System Information:
[07/31/2007, 19:30:53] - Windows Version: 5.1.2600, Service Pack 2
[07/31/2007, 19:30:53] - Current Username: xxxxxx (Admin)
[07/31/2007, 19:30:53] - Windows is in NORMAL mode.
[07/31/2007, 19:30:53] - Searching for Browser Helper Objects:
[07/31/2007, 19:30:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:53] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:53] - BHO 3: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\xxyvutq
[07/31/2007, 19:30:53] - Found: HKLM\...\Winlogon\Notify\xxyvutq - This is probably Virtumundo.
[07/31/2007, 19:30:53] - Assigning {1FB63E52-4D6E-48C1-A08F-F630FE50F337} MSEvents Object
[07/31/2007, 19:30:53] - BHO list has been changed! Starting over...
[07/31/2007, 19:30:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:53] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:53] - BHO 3: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} (MSEvents Object)
[07/31/2007, 19:30:53] - ALERT: Found MSEvents Object!
[07/31/2007, 19:30:53] - BHO 4: {38C73C2B-715F-4935-BA92-A25FE3910DBD} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\gebya
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[07/31/2007, 19:30:53] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 19:30:53] - BHO 6: {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\ssqrs, continuing.
[07/31/2007, 19:30:53] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 19:30:53] - BHO 8: {7DA2F2EA-DC97-4864-B486-970E6B0AD320} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[07/31/2007, 19:30:53] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - No filename found. Continuing.
[07/31/2007, 19:30:53] - BHO 10: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/31/2007, 19:30:53] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/31/2007, 19:30:53] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/31/2007, 19:30:53] - BHO 13: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\tevgryvi
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\tevgryvi, continuing.
[07/31/2007, 19:30:53] - BHO 14: {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\vtsqr
[07/31/2007, 19:30:53] - Found: HKLM\...\Winlogon\Notify\vtsqr - This is probably Virtumundo.
[07/31/2007, 19:30:53] - Assigning {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF} MSEvents Object
[07/31/2007, 19:30:53] - BHO list has been changed! Starting over...
[07/31/2007, 19:30:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:54] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:54] - BHO 3: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} (MSEvents Object)
[07/31/2007, 19:30:54] - ALERT: Found MSEvents Object!
[07/31/2007, 19:30:54] - BHO 4: {38C73C2B-715F-4935-BA92-A25FE3910DBD} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\gebya
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[07/31/2007, 19:30:54] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 19:30:54] - BHO 6: {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\ssqrs, continuing.
[07/31/2007, 19:30:54] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 19:30:54] - BHO 8: {7DA2F2EA-DC97-4864-B486-970E6B0AD320} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[07/31/2007, 19:30:54] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - No filename found. Continuing.
[07/31/2007, 19:30:54] - BHO 10: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/31/2007, 19:30:54] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/31/2007, 19:30:54] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/31/2007, 19:30:54] - BHO 13: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\tevgryvi
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\tevgryvi, continuing.
[07/31/2007, 19:30:54] - BHO 14: {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF} (MSEvents Object)
[07/31/2007, 19:30:54] - ALERT: Found MSEvents Object!
[07/31/2007, 19:30:54] - BHO 15: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[07/31/2007, 19:30:54] - Finished Searching Browser Helper Objects
[07/31/2007, 19:30:54] - *** Detected MSEvents Object
[07/31/2007, 19:30:54] - Trying to remove MSEvents Object...
[07/31/2007, 19:30:55] - Terminating Process: IEXPLORE.EXE
[07/31/2007, 19:30:55] - Terminating Process: RUNDLL32.EXE
[07/31/2007, 19:30:55] - Disabling Automatic Shell Restart
[07/31/2007, 19:30:55] - Terminating Process: EXPLORER.EXE
[07/31/2007, 19:30:56] - Suspending the NT Session Manager System Service
[07/31/2007, 19:30:56] - Terminating Windows NT Logon/Logoff Manager
[07/31/2007, 19:30:56] - Re-enabling Automatic Shell Restart
[07/31/2007, 19:30:56] - File to disable: C:\WINDOWS\system32\xxyvutq.dll
[07/31/2007, 19:30:56] - Renaming C:\WINDOWS\system32\xxyvutq.dll -> C:\WINDOWS\system32\xxyvutq.dll.vir
[07/31/2007, 19:30:56] - File successfully renamed!
[07/31/2007, 19:30:56] - Removing HKLM\...\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 19:30:56] - Removing HKCR\CLSID\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 19:30:56] - Adding Kill Bit for ActiveX for GUID: {1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 19:30:56] - Deleting ATLEvents/MSEvents Registry entries
[07/31/2007, 19:30:56] - Removing HKLM\...\Winlogon\Notify\xxyvutq
[07/31/2007, 19:30:56] - Searching for Browser Helper Objects:
[07/31/2007, 19:30:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:56] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:56] - BHO 3: {38C73C2B-715F-4935-BA92-A25FE3910DBD} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\gebya
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[07/31/2007, 19:30:56] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 19:30:56] - BHO 5: {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\ssqrs, continuing.
[07/31/2007, 19:30:56] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 19:30:56] - BHO 7: {7DA2F2EA-DC97-4864-B486-970E6B0AD320} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[07/31/2007, 19:30:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - No filename found. Continuing.
[07/31/2007, 19:30:56] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/31/2007, 19:30:56] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/31/2007, 19:30:56] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/31/2007, 19:30:56] - BHO 12: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\tevgryvi
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\tevgryvi, continuing.
[07/31/2007, 19:30:56] - BHO 13: {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF} (MSEvents Object)
[07/31/2007, 19:30:56] - ALERT: Found MSEvents Object!
[07/31/2007, 19:30:56] - BHO 14: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[07/31/2007, 19:30:56] - Finished Searching Browser Helper Objects
[07/31/2007, 19:30:56] - *** Detected MSEvents Object
[07/31/2007, 19:30:56] - Trying to remove MSEvents Object...
[07/31/2007, 19:30:57] - Terminating Process: IEXPLORE.EXE
[07/31/2007, 19:30:58] - Terminating Process: RUNDLL32.EXE
[07/31/2007, 19:30:58] - Disabling Automatic Shell Restart
[07/31/2007, 19:30:58] - Terminating Process: EXPLORER.EXE
[07/31/2007, 19:30:58] - Suspending the NT Session Manager System Service
[07/31/2007, 19:30:58] - Terminating Windows NT Logon/Logoff Manager
[07/31/2007, 19:30:58] - Re-enabling Automatic Shell Restart
[07/31/2007, 19:30:58] - File to disable: C:\WINDOWS\system32\vtsqr.dll
[07/31/2007, 19:30:58] - Renaming C:\WINDOWS\system32\vtsqr.dll -> C:\WINDOWS\system32\vtsqr.dll.vir
[07/31/2007, 19:30:58] - File successfully renamed!
[07/31/2007, 19:30:58] - Removing HKLM\...\Browser Helper Objects\{D8D2B39C-2F40-4E2E-8A34-A0177E753DCF}
[07/31/2007, 19:30:58] - Removing HKCR\CLSID\{D8D2B39C-2F40-4E2E-8A34-A0177E753DCF}
[07/31/2007, 19:30:58] - Adding Kill Bit for ActiveX for GUID: {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF}
[07/31/2007, 19:30:58] - Deleting ATLEvents/MSEvents Registry entries
[07/31/2007, 19:30:58] - Removing HKLM\...\Winlogon\Notify\vtsqr
[07/31/2007, 19:30:58] - Searching for Browser Helper Objects:
[07/31/2007, 19:30:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:58] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:58] - BHO 3: {38C73C2B-715F-4935-BA92-A25FE3910DBD} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\gebya
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[07/31/2007, 19:30:58] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 19:30:58] - BHO 5: {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\ssqrs, continuing.
[07/31/2007, 19:30:58] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 19:30:58] - BHO 7: {7DA2F2EA-DC97-4864-B486-970E6B0AD320} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[07/31/2007, 19:30:58] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - No filename found. Continuing.
[07/31/2007, 19:30:58] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/31/2007, 19:30:58] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/31/2007, 19:30:58] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/31/2007, 19:30:58] - BHO 12: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\tevgryvi
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\tevgryvi, continuing.
[07/31/2007, 19:30:58] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[07/31/2007, 19:30:58] - Finished Searching Browser Helper Objects
[07/31/2007, 19:30:58] - Finishing up...
[07/31/2007, 19:30:58] - A restart is needed.
[07/31/2007, 19:31:07] - Attempting to Restart via STOP error (Blue Screen!)
Et enfin le nouveau rapport de HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 19:33:15, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {38C73C2B-715F-4935-BA92-A25FE3910DBD} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7DA2F2EA-DC97-4864-B486-970E6B0AD320} - C:\WINDOWS\system32\jkkjk.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tevgryvi.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\brngdueg.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454211 6
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
xxxxx = Nom supprimé Modération CCM
VundoFix V6.5.6
Checking Java version...
Scan started at 19:21:32 31/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\vtsqr.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Ensuite le rapport de VBG.TXT :
[07/31/2007, 19:30:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\xxxxx\Bureau\VirtumundoBeGone.exe" )
[07/31/2007, 19:30:53] - Detected System Information:
[07/31/2007, 19:30:53] - Windows Version: 5.1.2600, Service Pack 2
[07/31/2007, 19:30:53] - Current Username: xxxxxx (Admin)
[07/31/2007, 19:30:53] - Windows is in NORMAL mode.
[07/31/2007, 19:30:53] - Searching for Browser Helper Objects:
[07/31/2007, 19:30:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:53] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:53] - BHO 3: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\xxyvutq
[07/31/2007, 19:30:53] - Found: HKLM\...\Winlogon\Notify\xxyvutq - This is probably Virtumundo.
[07/31/2007, 19:30:53] - Assigning {1FB63E52-4D6E-48C1-A08F-F630FE50F337} MSEvents Object
[07/31/2007, 19:30:53] - BHO list has been changed! Starting over...
[07/31/2007, 19:30:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:53] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:53] - BHO 3: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} (MSEvents Object)
[07/31/2007, 19:30:53] - ALERT: Found MSEvents Object!
[07/31/2007, 19:30:53] - BHO 4: {38C73C2B-715F-4935-BA92-A25FE3910DBD} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\gebya
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[07/31/2007, 19:30:53] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 19:30:53] - BHO 6: {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\ssqrs, continuing.
[07/31/2007, 19:30:53] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 19:30:53] - BHO 8: {7DA2F2EA-DC97-4864-B486-970E6B0AD320} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[07/31/2007, 19:30:53] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - No filename found. Continuing.
[07/31/2007, 19:30:53] - BHO 10: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/31/2007, 19:30:53] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/31/2007, 19:30:53] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/31/2007, 19:30:53] - BHO 13: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\tevgryvi
[07/31/2007, 19:30:53] - Key not found: HKLM\...\Winlogon\Notify\tevgryvi, continuing.
[07/31/2007, 19:30:53] - BHO 14: {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF} ()
[07/31/2007, 19:30:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:53] - Checking for HKLM\...\Winlogon\Notify\vtsqr
[07/31/2007, 19:30:53] - Found: HKLM\...\Winlogon\Notify\vtsqr - This is probably Virtumundo.
[07/31/2007, 19:30:53] - Assigning {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF} MSEvents Object
[07/31/2007, 19:30:53] - BHO list has been changed! Starting over...
[07/31/2007, 19:30:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:54] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:54] - BHO 3: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} (MSEvents Object)
[07/31/2007, 19:30:54] - ALERT: Found MSEvents Object!
[07/31/2007, 19:30:54] - BHO 4: {38C73C2B-715F-4935-BA92-A25FE3910DBD} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\gebya
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[07/31/2007, 19:30:54] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 19:30:54] - BHO 6: {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\ssqrs, continuing.
[07/31/2007, 19:30:54] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 19:30:54] - BHO 8: {7DA2F2EA-DC97-4864-B486-970E6B0AD320} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[07/31/2007, 19:30:54] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - No filename found. Continuing.
[07/31/2007, 19:30:54] - BHO 10: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/31/2007, 19:30:54] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/31/2007, 19:30:54] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/31/2007, 19:30:54] - BHO 13: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 19:30:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:54] - Checking for HKLM\...\Winlogon\Notify\tevgryvi
[07/31/2007, 19:30:54] - Key not found: HKLM\...\Winlogon\Notify\tevgryvi, continuing.
[07/31/2007, 19:30:54] - BHO 14: {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF} (MSEvents Object)
[07/31/2007, 19:30:54] - ALERT: Found MSEvents Object!
[07/31/2007, 19:30:54] - BHO 15: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[07/31/2007, 19:30:54] - Finished Searching Browser Helper Objects
[07/31/2007, 19:30:54] - *** Detected MSEvents Object
[07/31/2007, 19:30:54] - Trying to remove MSEvents Object...
[07/31/2007, 19:30:55] - Terminating Process: IEXPLORE.EXE
[07/31/2007, 19:30:55] - Terminating Process: RUNDLL32.EXE
[07/31/2007, 19:30:55] - Disabling Automatic Shell Restart
[07/31/2007, 19:30:55] - Terminating Process: EXPLORER.EXE
[07/31/2007, 19:30:56] - Suspending the NT Session Manager System Service
[07/31/2007, 19:30:56] - Terminating Windows NT Logon/Logoff Manager
[07/31/2007, 19:30:56] - Re-enabling Automatic Shell Restart
[07/31/2007, 19:30:56] - File to disable: C:\WINDOWS\system32\xxyvutq.dll
[07/31/2007, 19:30:56] - Renaming C:\WINDOWS\system32\xxyvutq.dll -> C:\WINDOWS\system32\xxyvutq.dll.vir
[07/31/2007, 19:30:56] - File successfully renamed!
[07/31/2007, 19:30:56] - Removing HKLM\...\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 19:30:56] - Removing HKCR\CLSID\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 19:30:56] - Adding Kill Bit for ActiveX for GUID: {1FB63E52-4D6E-48C1-A08F-F630FE50F337}
[07/31/2007, 19:30:56] - Deleting ATLEvents/MSEvents Registry entries
[07/31/2007, 19:30:56] - Removing HKLM\...\Winlogon\Notify\xxyvutq
[07/31/2007, 19:30:56] - Searching for Browser Helper Objects:
[07/31/2007, 19:30:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:56] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:56] - BHO 3: {38C73C2B-715F-4935-BA92-A25FE3910DBD} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\gebya
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[07/31/2007, 19:30:56] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 19:30:56] - BHO 5: {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\ssqrs, continuing.
[07/31/2007, 19:30:56] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 19:30:56] - BHO 7: {7DA2F2EA-DC97-4864-B486-970E6B0AD320} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[07/31/2007, 19:30:56] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - No filename found. Continuing.
[07/31/2007, 19:30:56] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/31/2007, 19:30:56] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/31/2007, 19:30:56] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/31/2007, 19:30:56] - BHO 12: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 19:30:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:56] - Checking for HKLM\...\Winlogon\Notify\tevgryvi
[07/31/2007, 19:30:56] - Key not found: HKLM\...\Winlogon\Notify\tevgryvi, continuing.
[07/31/2007, 19:30:56] - BHO 13: {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF} (MSEvents Object)
[07/31/2007, 19:30:56] - ALERT: Found MSEvents Object!
[07/31/2007, 19:30:56] - BHO 14: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[07/31/2007, 19:30:56] - Finished Searching Browser Helper Objects
[07/31/2007, 19:30:56] - *** Detected MSEvents Object
[07/31/2007, 19:30:56] - Trying to remove MSEvents Object...
[07/31/2007, 19:30:57] - Terminating Process: IEXPLORE.EXE
[07/31/2007, 19:30:58] - Terminating Process: RUNDLL32.EXE
[07/31/2007, 19:30:58] - Disabling Automatic Shell Restart
[07/31/2007, 19:30:58] - Terminating Process: EXPLORER.EXE
[07/31/2007, 19:30:58] - Suspending the NT Session Manager System Service
[07/31/2007, 19:30:58] - Terminating Windows NT Logon/Logoff Manager
[07/31/2007, 19:30:58] - Re-enabling Automatic Shell Restart
[07/31/2007, 19:30:58] - File to disable: C:\WINDOWS\system32\vtsqr.dll
[07/31/2007, 19:30:58] - Renaming C:\WINDOWS\system32\vtsqr.dll -> C:\WINDOWS\system32\vtsqr.dll.vir
[07/31/2007, 19:30:58] - File successfully renamed!
[07/31/2007, 19:30:58] - Removing HKLM\...\Browser Helper Objects\{D8D2B39C-2F40-4E2E-8A34-A0177E753DCF}
[07/31/2007, 19:30:58] - Removing HKCR\CLSID\{D8D2B39C-2F40-4E2E-8A34-A0177E753DCF}
[07/31/2007, 19:30:58] - Adding Kill Bit for ActiveX for GUID: {D8D2B39C-2F40-4E2E-8A34-A0177E753DCF}
[07/31/2007, 19:30:58] - Deleting ATLEvents/MSEvents Registry entries
[07/31/2007, 19:30:58] - Removing HKLM\...\Winlogon\Notify\vtsqr
[07/31/2007, 19:30:58] - Searching for Browser Helper Objects:
[07/31/2007, 19:30:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/31/2007, 19:30:58] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/31/2007, 19:30:58] - BHO 3: {38C73C2B-715F-4935-BA92-A25FE3910DBD} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\gebya
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[07/31/2007, 19:30:58] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/31/2007, 19:30:58] - BHO 5: {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\ssqrs, continuing.
[07/31/2007, 19:30:58] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/31/2007, 19:30:58] - BHO 7: {7DA2F2EA-DC97-4864-B486-970E6B0AD320} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[07/31/2007, 19:30:58] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - No filename found. Continuing.
[07/31/2007, 19:30:58] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[07/31/2007, 19:30:58] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/31/2007, 19:30:58] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/31/2007, 19:30:58] - BHO 12: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/31/2007, 19:30:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/31/2007, 19:30:58] - Checking for HKLM\...\Winlogon\Notify\tevgryvi
[07/31/2007, 19:30:58] - Key not found: HKLM\...\Winlogon\Notify\tevgryvi, continuing.
[07/31/2007, 19:30:58] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[07/31/2007, 19:30:58] - Finished Searching Browser Helper Objects
[07/31/2007, 19:30:58] - Finishing up...
[07/31/2007, 19:30:58] - A restart is needed.
[07/31/2007, 19:31:07] - Attempting to Restart via STOP error (Blue Screen!)
Et enfin le nouveau rapport de HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 19:33:15, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {38C73C2B-715F-4935-BA92-A25FE3910DBD} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59382BE9-724A-43EB-BC8A-F25DF7F78BA3} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7DA2F2EA-DC97-4864-B486-970E6B0AD320} - C:\WINDOWS\system32\jkkjk.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tevgryvi.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\brngdueg.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454211 6
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
xxxxx = Nom supprimé Modération CCM
re,
Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit dans la fenêtre blanche, choisis Add more files ?
Rajoute dans la première ligne :
C:\WINDOWS\system32\tevgryvi.dll
Dans la deuxième ligne :
C:\WINDOWS\system32\brngdueg.dll
Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo
Si l'outil te demande de redémarrer, accepte.
Copie/Colle ensuite le rapport C:\vundofix.txt
Remets aussi un nouveau log Hijackthis;
@+
Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit dans la fenêtre blanche, choisis Add more files ?
Rajoute dans la première ligne :
C:\WINDOWS\system32\tevgryvi.dll
Dans la deuxième ligne :
C:\WINDOWS\system32\brngdueg.dll
Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo
Si l'outil te demande de redémarrer, accepte.
Copie/Colle ensuite le rapport C:\vundofix.txt
Remets aussi un nouveau log Hijackthis;
@+
