Infecté par vitumonde

Résolu
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour,

J'ai besion de quelques conseils pour me débarrasser de ce virus qui m'empoisonne la vie

J'ai essayé pas mal de choses, sans succés :vindo fix, combo fix, virtumundo, j'ai changé mon antivirus (avast) pour AVG (qui me trouve des milliers de fichiers infectés), j'ai essayé le mode sans échec, enlever la restauration système et spybot me trouve toujours cette saleté
Si un "pro" pouvait me donner un coup de pouce ce serait super sympa
merci d'avance

18 réponses

Réponse 1 / 18
Utilisateur anonyme
 
bonjour,
sur securiser.com tu trouveras un anti virus en ligne pour te débarraser de virtumonde :
http://www.secuser.com/telechargement/desinfection.htm

voili, voilou !! :))
0
Réponse 2 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
je vais essayer, mais je suis septique sur le résultat, en ce moment je suis au boulot et dés que je rentre à la maison je fais un essai
je te tiens au courant
merci
0
Réponse 3 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
hello, en réfléchissant (ça m'arrive parfois) je me demandais si lorsque spybot me trouve virtumonde (en même temps il m'indique les clés qui correspondent) est il possible d'aller supprimer ces fameuses clés dans le registre??
Ceci afin de se débarrasser de cette saleté (ce qui me semble bizarre c'est que j'ai jamais vu cette solution sur un forum?!?)
0
Réponse 4 / 18
Utilisateur anonyme
 
oui c est possible, mais ce n est pas recommandé de le faire manuellement, car il peut se "cacher" sous d autres noms et laisser son empreinte! éssaie ce que je t ai dis tu verras, tu ne seras pas déçu!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
ok, je te tiens au courant

merci
0
Réponse 6 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
de retour de la maison ou j'en ai profité pour suivre tes conseils, résultats:
Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 64267
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral processes suspended: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0

un petit coup de spybot pour voir un peu et il y a toujours, win 32 BHO df,virtumonde,bluestreak et tradedoubler (la totale)!!
Comment s'en sortir???
0
Réponse 7 / 18
Utilisateur anonyme
 
ok, tu as le détail de chaQ virus ! bin ton anti virus t en débarrasse pas? alors autre solution : Kapersky
Il est super performant et m a aidé à enlever à logiciels espions installés au chaud tranquilou alors que mon ancien : avast me jurait mordicus que j avais plus rien !

--https://www.kaspersky.fr/downloads

je l ai fais : cette fois je pars tranquille, je le sais en train de "bosser" (j en avais 4 en sous marin)...



tant que je trouve pas de solution, je suis têtue !!
0
Réponse 8 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
apparement quand je scanne mon pc avec AVG, il me trouve au moins 3000 fichiers infectés qu'il détruit , mais c'est un truc installé qui revient à chaque fois, la preuve spybot les trouve te dit qu'il les détruit et ils sont toujours là.
en tous cas c'est un truc hyper tenace qui va me faire galérer un bon moment
0
Réponse 9 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
ce soir je recommence les procédures "Astuces Supprimer le trojan Vundo/Virtumonde" qui sont données dans le forum, peut être n'ai je pas tout suivi correctement

je croise les doigts !!
0
Réponse 10 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
bon aprés avoir suivi à la lettre toutes les opérations voici le verdict

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:54, on 08/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\donat\Mes documents\remy\maxvir.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.77.192.61:21
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7a05da82-71fd-4fad-ab43-59d24c273944} - C:\WINDOWS\system32\nepwpsmq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E610F987-88B6-4839-818B-ED43F1256A36} - \
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dc21ca9b] rundll32.exe "C:\WINDOWS\system32\vnjsjwim.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://remvalmimivalou.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108021619857
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll
O18 - Protocol: bw+0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
0
Réponse 11 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
la suite


[11/07/2007, 20:36:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
[11/07/2007, 20:36:30] - Detected System Information:
[11/07/2007, 20:36:30] - Windows Version: 5.1.2600, Service Pack 2
[11/07/2007, 20:36:30] - Current Username: donat (Admin)
[11/07/2007, 20:36:30] - Windows is in SAFE mode.
[11/07/2007, 20:36:30] - Searching for Browser Helper Objects:
[11/07/2007, 20:36:30] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/07/2007, 20:36:30] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
[11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:36:30] - No filename found. Continuing.
[11/07/2007, 20:36:30] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/07/2007, 20:36:30] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
[11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\
[11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/07/2007, 20:36:30] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/07/2007, 20:36:30] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
[11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
[11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
[11/07/2007, 20:36:30] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:36:30] - No filename found. Continuing.
[11/07/2007, 20:36:30] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/07/2007, 20:36:30] - BHO 9: {93A27144-6B30-4198-B0BC-93C26512A8FE} ()
[11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\pmnnk
[11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\pmnnk, continuing.
[11/07/2007, 20:36:30] - BHO 10: {E610F987-88B6-4839-818B-ED43F1256A36} ()
[11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\
[11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/07/2007, 20:36:30] - Finished Searching Browser Helper Objects
[11/07/2007, 20:36:30] - Finishing up...
[11/07/2007, 20:36:30] - Nothing found! Exiting...

[11/07/2007, 20:38:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
[11/07/2007, 20:38:32] - Detected System Information:
[11/07/2007, 20:38:32] - Windows Version: 5.1.2600, Service Pack 2
[11/07/2007, 20:38:32] - Current Username: donat (Admin)
[11/07/2007, 20:38:32] - Windows is in SAFE mode.
[11/07/2007, 20:38:32] - Searching for Browser Helper Objects:
[11/07/2007, 20:38:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/07/2007, 20:38:32] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
[11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:38:32] - No filename found. Continuing.
[11/07/2007, 20:38:32] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/07/2007, 20:38:32] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
[11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\
[11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/07/2007, 20:38:32] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/07/2007, 20:38:32] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
[11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
[11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
[11/07/2007, 20:38:32] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:38:32] - No filename found. Continuing.
[11/07/2007, 20:38:32] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/07/2007, 20:38:32] - BHO 9: {93A27144-6B30-4198-B0BC-93C26512A8FE} ()
[11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\pmnnk
[11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\pmnnk, continuing.
[11/07/2007, 20:38:32] - BHO 10: {E610F987-88B6-4839-818B-ED43F1256A36} ()
[11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\
[11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/07/2007, 20:38:32] - Finished Searching Browser Helper Objects
[11/07/2007, 20:38:32] - Finishing up...
[11/07/2007, 20:38:32] - Nothing found! Exiting...

[11/08/2007, 0:12:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
[11/08/2007, 0:12:30] - Detected System Information:
[11/08/2007, 0:12:30] - Windows Version: 5.1.2600, Service Pack 2
[11/08/2007, 0:12:30] - Current Username: donat (Admin)
[11/08/2007, 0:12:30] - Windows is in NORMAL mode.
[11/08/2007, 0:12:30] - Searching for Browser Helper Objects:
[11/08/2007, 0:12:30] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/08/2007, 0:12:30] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
[11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 0:12:30] - No filename found. Continuing.
[11/08/2007, 0:12:30] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/08/2007, 0:12:30] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
[11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\
[11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/08/2007, 0:12:30] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/08/2007, 0:12:30] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
[11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
[11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
[11/08/2007, 0:12:30] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 0:12:30] - No filename found. Continuing.
[11/08/2007, 0:12:30] - BHO 8: {8B984DF6-8E59-4AE0-B6C6-CBB2F2DE0265} ()
[11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\pmnnk
[11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\pmnnk, continuing.
[11/08/2007, 0:12:30] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/08/2007, 0:12:30] - BHO 10: {E610F987-88B6-4839-818B-ED43F1256A36} ()
[11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\
[11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/08/2007, 0:12:30] - Finished Searching Browser Helper Objects
[11/08/2007, 0:12:30] - Finishing up...
[11/08/2007, 0:12:30] - Nothing found! Exiting...

[11/08/2007, 18:22:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
[11/08/2007, 18:22:48] - Detected System Information:
[11/08/2007, 18:22:48] - Windows Version: 5.1.2600, Service Pack 2
[11/08/2007, 18:22:48] - Current Username: donat (Admin)
[11/08/2007, 18:22:48] - Windows is in SAFE mode with Networking.
[11/08/2007, 18:22:48] - Searching for Browser Helper Objects:
[11/08/2007, 18:22:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/08/2007, 18:22:48] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
[11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:22:48] - No filename found. Continuing.
[11/08/2007, 18:22:48] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:22:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/08/2007, 18:22:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/08/2007, 18:22:48] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
[11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:22:48] - Checking for HKLM\...\Winlogon\Notify\
[11/08/2007, 18:22:48] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/08/2007, 18:22:48] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/08/2007, 18:22:48] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
[11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:22:48] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
[11/08/2007, 18:22:48] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
[11/08/2007, 18:22:48] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:22:48] - No filename found. Continuing.
[11/08/2007, 18:22:48] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/08/2007, 18:22:48] - BHO 9: {E610F987-88B6-4839-818B-ED43F1256A36} ()
[11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:22:48] - Checking for HKLM\...\Winlogon\Notify\
[11/08/2007, 18:22:48] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/08/2007, 18:22:48] - Finished Searching Browser Helper Objects
[11/08/2007, 18:22:48] - Finishing up...
[11/08/2007, 18:22:48] - Nothing found! Exiting...

[11/08/2007, 18:23:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
[11/08/2007, 18:23:14] - Detected System Information:
[11/08/2007, 18:23:14] - Windows Version: 5.1.2600, Service Pack 2
[11/08/2007, 18:23:14] - Current Username: donat (Admin)
[11/08/2007, 18:23:14] - Windows is in SAFE mode with Networking.
[11/08/2007, 18:23:14] - Searching for Browser Helper Objects:
[11/08/2007, 18:23:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/08/2007, 18:23:14] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
[11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:23:14] - No filename found. Continuing.
[11/08/2007, 18:23:14] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:23:14] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/08/2007, 18:23:14] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/08/2007, 18:23:14] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
[11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:23:14] - Checking for HKLM\...\Winlogon\Notify\
[11/08/2007, 18:23:14] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/08/2007, 18:23:14] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/08/2007, 18:23:14] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
[11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:23:14] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
[11/08/2007, 18:23:14] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
[11/08/2007, 18:23:14] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:23:14] - No filename found. Continuing.
[11/08/2007, 18:23:14] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/08/2007, 18:23:14] - BHO 9: {E610F987-88B6-4839-818B-ED43F1256A36} ()
[11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 18:23:14] - Checking for HKLM\...\Winlogon\Notify\
[11/08/2007, 18:23:14] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[11/08/2007, 18:23:14] - Finished Searching Browser Helper Objects
[11/08/2007, 18:23:14] - Finishing up...
[11/08/2007, 18:23:14] - Nothing found! Exiting...
0
Réponse 12 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
Symantec Trojan.Vundo Removal Tool 1.5.0

C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.



VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 18:27:03 08/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...
0
Réponse 13 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
ComboFix 07-11-06.4 - donat 2007-11-08 18:17:12.3 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\donat\Mes documents\remy\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-08 to 2007-11-08 ))))))))))))))))))))))))))))))))))))
.

2007-11-07 22:34 2,430 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-07 22:33 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 22:33 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 22:33 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 22:33 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 22:33 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 21:33 12,416,780 --------- C:\AVG7QT.DAT
2007-11-07 21:27 <REP> d-------- C:\Documents and Settings\donat\Application Data\AVG7
2007-11-07 21:26 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-07 21:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-07 19:11 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-07 17:58 <REP> d-------- C:\Program Files\Yahoo!
2007-11-07 17:57 <REP> d-------- C:\Program Files\CCleaner
2007-11-07 17:34 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-11-07 17:34 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-11-07 16:32 <REP> d-------- C:\Program Files\Panda Security
2007-11-07 15:43 <REP> d-------- C:\Program Files\Lavasoft
2007-11-07 10:00 79,936 --a------ C:\WINDOWS\system32\nepwpsmq.dll
2007-11-07 09:57 86,080 --a------ C:\WINDOWS\system32\vnjsjwim.dll
2007-11-06 21:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 21:20 <REP> d-------- C:\Documents and Settings\donat\Application Data\Grisoft
2007-11-06 21:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-06 20:34 <REP> d-------- C:\VundoFix Backups
2007-11-06 20:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-06 07:46 81,472 --a------ C:\WINDOWS\system32\ecwqyvof.dll
2007-11-05 14:46 <REP> d-------- C:\Program Files\Incomplete
2007-11-05 14:42 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-05 14:39 82 --a------ C:\n.bat
2007-11-05 14:39 0 --a------ C:\z.dat
2007-11-05 14:38 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-05 14:38 <REP> d-------- C:\TEMP\mZOr
2007-11-05 12:26 <REP> d-------- C:\Documents and Settings\donat\Application Data\RTPlayer
2007-11-05 12:22 <REP> d-------- C:\WINDOWS\system32\Logs
2007-11-05 12:22 <REP> d-------- C:\Documents and Settings\donat\Application Data\tunebite
2007-11-04 23:40 <REP> d-------- C:\Documents and Settings\donat\Application Data\AccurateRip
2007-11-04 23:40 167,936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-10 07:01 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-10 07:00 <REP> d--h----- C:\WINDOWS\$hf_mig$

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 20:10 --------- d-----w C:\Documents and Settings\donat\Application Data\LimeWire
2007-11-07 16:42 43,008 -c--a-w C:\WINDOWS\BPMNT.dll
2007-11-07 16:42 1,036,800 -c--a-w C:\WINDOWS\vsapi32.dll
2007-11-07 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 16:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-06 18:44 71,749 -c--a-w C:\WINDOWS\hcextoutput.dll
2007-11-06 18:44 267,845 -c--a-w C:\WINDOWS\tsc.exe
2007-10-13 08:12 --------- d-----w C:\Program Files\Cedelia
2007-10-07 13:15 --------- d-----w C:\Program Files\SopCast
2007-10-07 13:12 --------- d-----w C:\Documents and Settings\donat\Application Data\SopCast
2007-09-16 09:49 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 18:46 --------- d-----w C:\Program Files\TVAnts
2007-09-10 16:04 2,322,176 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-08-27 17:26 132,096 ------w C:\WINDOWS\combatfs.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-11 20:31 47,360 ----a-w C:\Documents and Settings\donat\Application Data\pcouffin.sys
2003-05-21 17:58 253,672 -c--a-w C:\WINDOWS\inf\windrvr6.sys
2005-09-23 18:55:59 56 -csh--r C:\WINDOWS\system32\97159F3928.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_ 0.34.19.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 20:31:44 775,680 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-11-08 08:26:57 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2007-11-07 20:31:45 19,392 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-11-08 08:26:57 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7a05da82-71fd-4fad-ab43-59d24c273944}]
2007-11-07 10:00 79936 --a------ C:\WINDOWS\system32\nepwpsmq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E610F987-88B6-4839-818B-ED43F1256A36}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-14 18:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-12 16:11]
"dc21ca9b"="C:\WINDOWS\system32\vnjsjwim.dll" [2007-11-07 09:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-11-08 09:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImInstaller_IncrediMail]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"dc21ca9b"=rundll32.exe "C:\WINDOWS\system32\fkqixluy.dll",b

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e02652-40b6-11da-8893-4d6564696130}]
\Shell\AutoRun\command - G:\ReadMe.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-26 15:38:07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 18:20:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 18:21:46
.
--- E O F ---
0
Réponse 14 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
je fais toutes ces opérations en mode sans échec et en ayant enlever la resto système

j'ai passé spybot et apparemment il n'y a plus vitumonde , mais il reste doubleclick et bluestreak

j'attends l'avis d'un pro

merci
0
Réponse 15 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
il est 21h16, je redonne un ptit coup de spybot et qu'est ce que je vois

virtumonde est à nouveau là!!!!

je jette l'éponge
0
Utilisateur anonyme
 
http://www.secuser.com/outils/antivirus.htm
0
Réponse 16 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
merci

j'ai fait sauter avast et pour le moment je teste AVG, il a l'air de me trouver pas mal de fichiers infectés

j'ai aussi virer spybot pour AVG Anti-Spyware
on va voir comme ça en attendant que quelqu'un se penche sur mes rapports
0
Réponse 17 / 18
remijio Messages postés 39 Date d'inscription   Statut Membre Dernière intervention  
 
bon, j'ai tout formaté et réinstaller et tout est redevenu normal

merci à lovedivine pour ses conseils
0
Réponse 18 / 18
Utilisateur anonyme
 
hello,

Bin de rien ^^ :)
0

Discussions similaires

Virus détecté
Koony -
MisteryBean -

6 réponses
mustapha
mustapha -
Ainillia -

1 réponse
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses