Infecté par vitumonde

Résolu
remijio Messages postés 39 Date d'inscription   Statut Membre -  
 Utilisateur anonyme -
Bonjour,

J'ai besion de quelques conseils pour me débarrasser de ce virus qui m'empoisonne la vie

J'ai essayé pas mal de choses, sans succés :vindo fix, combo fix, virtumundo, j'ai changé mon antivirus (avast) pour AVG (qui me trouve des milliers de fichiers infectés), j'ai essayé le mode sans échec, enlever la restauration système et spybot me trouve toujours cette saleté
Si un "pro" pouvait me donner un coup de pouce ce serait super sympa
merci d'avance
Configuration: Windows XP
Internet Explorer 6.0

18 réponses

  2.
    remijio Messages postés 39 Date d'inscription   Statut Membre
     
    je vais essayer, mais je suis septique sur le résultat, en ce moment je suis au boulot et dés que je rentre à la maison je fais un essai
    je te tiens au courant
    merci
    0
  3. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    hello, en réfléchissant (ça m'arrive parfois) je me demandais si lorsque spybot me trouve virtumonde (en même temps il m'indique les clés qui correspondent) est il possible d'aller supprimer ces fameuses clés dans le registre??
    Ceci afin de se débarrasser de cette saleté (ce qui me semble bizarre c'est que j'ai jamais vu cette solution sur un forum?!?)
    0
  4. Utilisateur anonyme
     
    oui c est possible, mais ce n est pas recommandé de le faire manuellement, car il peut se "cacher" sous d autres noms et laisser son empreinte! éssaie ce que je t ai dis tu verras, tu ne seras pas déçu!
    0

  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    ok, je te tiens au courant

    merci
    0
  7. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    de retour de la maison ou j'en ai profité pour suivre tes conseils, résultats:
    Symantec Trojan.Vundo Removal Tool 1.5.0
    The process "iexplore.exe" might be affected by the threat. It has been suspended.
    The process "iexplore.exe" might be affected by the threat. It has been terminated.

    C:\System Volume Information: (not scanned)
    D:\System Volume Information: (not scanned)

    Trojan.Vundo has been successfully removed from your computer!

    Here is the report:

    The total number of the scanned files: 64267
    The number of deleted files: 0
    The number of viral processes terminated: 1
    The number of viral processes suspended: 1
    The number of viral threads terminated: 0
    The number of registry entries fixed: 0

    un petit coup de spybot pour voir un peu et il y a toujours, win 32 BHO df,virtumonde,bluestreak et tradedoubler (la totale)!!
    Comment s'en sortir???
    0
  8. Utilisateur anonyme
     
    ok, tu as le détail de chaQ virus ! bin ton anti virus t en débarrasse pas? alors autre solution : Kapersky
    Il est super performant et m a aidé à enlever à logiciels espions installés au chaud tranquilou alors que mon ancien : avast me jurait mordicus que j avais plus rien !

    --https://www.kaspersky.fr/downloads

    je l ai fais : cette fois je pars tranquille, je le sais en train de "bosser" (j en avais 4 en sous marin)...

    tant que je trouve pas de solution, je suis têtue !!
    0
  9. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    apparement quand je scanne mon pc avec AVG, il me trouve au moins 3000 fichiers infectés qu'il détruit , mais c'est un truc installé qui revient à chaque fois, la preuve spybot les trouve te dit qu'il les détruit et ils sont toujours là.
    en tous cas c'est un truc hyper tenace qui va me faire galérer un bon moment
    0
  10. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    ce soir je recommence les procédures "Astuces Supprimer le trojan Vundo/Virtumonde" qui sont données dans le forum, peut être n'ai je pas tout suivi correctement

    je croise les doigts !!
    0
  11. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    bon aprés avoir suivi à la lettre toutes les opérations voici le verdict

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:52:54, on 08/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\donat\Mes documents\remy\maxvir.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.77.192.61:21
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} - \
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7a05da82-71fd-4fad-ab43-59d24c273944} - C:\WINDOWS\system32\nepwpsmq.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {E610F987-88B6-4839-818B-ED43F1256A36} - \
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dc21ca9b] rundll32.exe "C:\WINDOWS\system32\vnjsjwim.dll",b
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://remvalmimivalou.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108021619857
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll
    O18 - Protocol: bw+0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {BD955686-6737-4ED8-85DA-87AED820C9E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    0
  12. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    la suite

    [11/07/2007, 20:36:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
    [11/07/2007, 20:36:30] - Detected System Information:
    [11/07/2007, 20:36:30] - Windows Version: 5.1.2600, Service Pack 2
    [11/07/2007, 20:36:30] - Current Username: donat (Admin)
    [11/07/2007, 20:36:30] - Windows is in SAFE mode.
    [11/07/2007, 20:36:30] - Searching for Browser Helper Objects:
    [11/07/2007, 20:36:30] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [11/07/2007, 20:36:30] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
    [11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:36:30] - No filename found. Continuing.
    [11/07/2007, 20:36:30] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
    [11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [11/07/2007, 20:36:30] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
    [11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\
    [11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/07/2007, 20:36:30] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/07/2007, 20:36:30] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
    [11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
    [11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
    [11/07/2007, 20:36:30] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:36:30] - No filename found. Continuing.
    [11/07/2007, 20:36:30] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/07/2007, 20:36:30] - BHO 9: {93A27144-6B30-4198-B0BC-93C26512A8FE} ()
    [11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\pmnnk
    [11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\pmnnk, continuing.
    [11/07/2007, 20:36:30] - BHO 10: {E610F987-88B6-4839-818B-ED43F1256A36} ()
    [11/07/2007, 20:36:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:36:30] - Checking for HKLM\...\Winlogon\Notify\
    [11/07/2007, 20:36:30] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/07/2007, 20:36:30] - Finished Searching Browser Helper Objects
    [11/07/2007, 20:36:30] - Finishing up...
    [11/07/2007, 20:36:30] - Nothing found! Exiting...

    [11/07/2007, 20:38:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
    [11/07/2007, 20:38:32] - Detected System Information:
    [11/07/2007, 20:38:32] - Windows Version: 5.1.2600, Service Pack 2
    [11/07/2007, 20:38:32] - Current Username: donat (Admin)
    [11/07/2007, 20:38:32] - Windows is in SAFE mode.
    [11/07/2007, 20:38:32] - Searching for Browser Helper Objects:
    [11/07/2007, 20:38:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [11/07/2007, 20:38:32] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
    [11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:38:32] - No filename found. Continuing.
    [11/07/2007, 20:38:32] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
    [11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [11/07/2007, 20:38:32] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
    [11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\
    [11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/07/2007, 20:38:32] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/07/2007, 20:38:32] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
    [11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
    [11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
    [11/07/2007, 20:38:32] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:38:32] - No filename found. Continuing.
    [11/07/2007, 20:38:32] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/07/2007, 20:38:32] - BHO 9: {93A27144-6B30-4198-B0BC-93C26512A8FE} ()
    [11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\pmnnk
    [11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\pmnnk, continuing.
    [11/07/2007, 20:38:32] - BHO 10: {E610F987-88B6-4839-818B-ED43F1256A36} ()
    [11/07/2007, 20:38:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/07/2007, 20:38:32] - Checking for HKLM\...\Winlogon\Notify\
    [11/07/2007, 20:38:32] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/07/2007, 20:38:32] - Finished Searching Browser Helper Objects
    [11/07/2007, 20:38:32] - Finishing up...
    [11/07/2007, 20:38:32] - Nothing found! Exiting...

    [11/08/2007, 0:12:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
    [11/08/2007, 0:12:30] - Detected System Information:
    [11/08/2007, 0:12:30] - Windows Version: 5.1.2600, Service Pack 2
    [11/08/2007, 0:12:30] - Current Username: donat (Admin)
    [11/08/2007, 0:12:30] - Windows is in NORMAL mode.
    [11/08/2007, 0:12:30] - Searching for Browser Helper Objects:
    [11/08/2007, 0:12:30] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [11/08/2007, 0:12:30] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
    [11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 0:12:30] - No filename found. Continuing.
    [11/08/2007, 0:12:30] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
    [11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [11/08/2007, 0:12:30] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
    [11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\
    [11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/08/2007, 0:12:30] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/08/2007, 0:12:30] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
    [11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
    [11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
    [11/08/2007, 0:12:30] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 0:12:30] - No filename found. Continuing.
    [11/08/2007, 0:12:30] - BHO 8: {8B984DF6-8E59-4AE0-B6C6-CBB2F2DE0265} ()
    [11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\pmnnk
    [11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\pmnnk, continuing.
    [11/08/2007, 0:12:30] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/08/2007, 0:12:30] - BHO 10: {E610F987-88B6-4839-818B-ED43F1256A36} ()
    [11/08/2007, 0:12:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 0:12:30] - Checking for HKLM\...\Winlogon\Notify\
    [11/08/2007, 0:12:30] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/08/2007, 0:12:30] - Finished Searching Browser Helper Objects
    [11/08/2007, 0:12:30] - Finishing up...
    [11/08/2007, 0:12:30] - Nothing found! Exiting...

    [11/08/2007, 18:22:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
    [11/08/2007, 18:22:48] - Detected System Information:
    [11/08/2007, 18:22:48] - Windows Version: 5.1.2600, Service Pack 2
    [11/08/2007, 18:22:48] - Current Username: donat (Admin)
    [11/08/2007, 18:22:48] - Windows is in SAFE mode with Networking.
    [11/08/2007, 18:22:48] - Searching for Browser Helper Objects:
    [11/08/2007, 18:22:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [11/08/2007, 18:22:48] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
    [11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:22:48] - No filename found. Continuing.
    [11/08/2007, 18:22:48] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
    [11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:22:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [11/08/2007, 18:22:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [11/08/2007, 18:22:48] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
    [11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:22:48] - Checking for HKLM\...\Winlogon\Notify\
    [11/08/2007, 18:22:48] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/08/2007, 18:22:48] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/08/2007, 18:22:48] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
    [11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:22:48] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
    [11/08/2007, 18:22:48] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
    [11/08/2007, 18:22:48] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:22:48] - No filename found. Continuing.
    [11/08/2007, 18:22:48] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/08/2007, 18:22:48] - BHO 9: {E610F987-88B6-4839-818B-ED43F1256A36} ()
    [11/08/2007, 18:22:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:22:48] - Checking for HKLM\...\Winlogon\Notify\
    [11/08/2007, 18:22:48] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/08/2007, 18:22:48] - Finished Searching Browser Helper Objects
    [11/08/2007, 18:22:48] - Finishing up...
    [11/08/2007, 18:22:48] - Nothing found! Exiting...

    [11/08/2007, 18:23:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\donat\Mes documents\remy\VirtumundoBeGone.exe" )
    [11/08/2007, 18:23:14] - Detected System Information:
    [11/08/2007, 18:23:14] - Windows Version: 5.1.2600, Service Pack 2
    [11/08/2007, 18:23:14] - Current Username: donat (Admin)
    [11/08/2007, 18:23:14] - Windows is in SAFE mode with Networking.
    [11/08/2007, 18:23:14] - Searching for Browser Helper Objects:
    [11/08/2007, 18:23:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [11/08/2007, 18:23:14] - BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
    [11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:23:14] - No filename found. Continuing.
    [11/08/2007, 18:23:14] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
    [11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:23:14] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [11/08/2007, 18:23:14] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [11/08/2007, 18:23:14] - BHO 4: {656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA} ()
    [11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:23:14] - Checking for HKLM\...\Winlogon\Notify\
    [11/08/2007, 18:23:14] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/08/2007, 18:23:14] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/08/2007, 18:23:14] - BHO 6: {7a05da82-71fd-4fad-ab43-59d24c273944} ()
    [11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:23:14] - Checking for HKLM\...\Winlogon\Notify\nepwpsmq
    [11/08/2007, 18:23:14] - Key not found: HKLM\...\Winlogon\Notify\nepwpsmq, continuing.
    [11/08/2007, 18:23:14] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:23:14] - No filename found. Continuing.
    [11/08/2007, 18:23:14] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/08/2007, 18:23:14] - BHO 9: {E610F987-88B6-4839-818B-ED43F1256A36} ()
    [11/08/2007, 18:23:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/08/2007, 18:23:14] - Checking for HKLM\...\Winlogon\Notify\
    [11/08/2007, 18:23:14] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
    [11/08/2007, 18:23:14] - Finished Searching Browser Helper Objects
    [11/08/2007, 18:23:14] - Finishing up...
    [11/08/2007, 18:23:14] - Nothing found! Exiting...
    0
  13. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    Symantec Trojan.Vundo Removal Tool 1.5.0

    C:\System Volume Information: (not scanned)
    D:\System Volume Information: (not scanned)
    Trojan.Vundo has not been found on your computer.

    VundoFix V6.5.11

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 18:27:03 08/11/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...
    0
  14. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    ComboFix 07-11-06.4 - donat 2007-11-08 18:17:12.3 - NTFSx86 MINIMAL
    Running from: C:\Documents and Settings\donat\Mes documents\remy\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-08 to 2007-11-08 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-07 22:34 2,430 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-07 22:33 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-07 22:33 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-07 22:33 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-07 22:33 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-07 22:33 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-07 21:33 12,416,780 --------- C:\AVG7QT.DAT
    2007-11-07 21:27 <REP> d-------- C:\Documents and Settings\donat\Application Data\AVG7
    2007-11-07 21:26 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-11-07 21:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-11-07 19:11 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-11-07 17:58 <REP> d-------- C:\Program Files\Yahoo!
    2007-11-07 17:57 <REP> d-------- C:\Program Files\CCleaner
    2007-11-07 17:34 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2007-11-07 17:34 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2007-11-07 16:32 <REP> d-------- C:\Program Files\Panda Security
    2007-11-07 15:43 <REP> d-------- C:\Program Files\Lavasoft
    2007-11-07 10:00 79,936 --a------ C:\WINDOWS\system32\nepwpsmq.dll
    2007-11-07 09:57 86,080 --a------ C:\WINDOWS\system32\vnjsjwim.dll
    2007-11-06 21:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-06 21:20 <REP> d-------- C:\Documents and Settings\donat\Application Data\Grisoft
    2007-11-06 21:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-06 20:34 <REP> d-------- C:\VundoFix Backups
    2007-11-06 20:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-11-06 07:46 81,472 --a------ C:\WINDOWS\system32\ecwqyvof.dll
    2007-11-05 14:46 <REP> d-------- C:\Program Files\Incomplete
    2007-11-05 14:42 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-11-05 14:39 82 --a------ C:\n.bat
    2007-11-05 14:39 0 --a------ C:\z.dat
    2007-11-05 14:38 <REP> d-------- C:\WINDOWS\system32\Mz18r
    2007-11-05 14:38 <REP> d-------- C:\TEMP\mZOr
    2007-11-05 12:26 <REP> d-------- C:\Documents and Settings\donat\Application Data\RTPlayer
    2007-11-05 12:22 <REP> d-------- C:\WINDOWS\system32\Logs
    2007-11-05 12:22 <REP> d-------- C:\Documents and Settings\donat\Application Data\tunebite
    2007-11-04 23:40 <REP> d-------- C:\Documents and Settings\donat\Application Data\AccurateRip
    2007-11-04 23:40 167,936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
    2007-10-10 07:01 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-10 07:00 <REP> d--h----- C:\WINDOWS\$hf_mig$

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-07 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-07 20:10 --------- d-----w C:\Documents and Settings\donat\Application Data\LimeWire
    2007-11-07 16:42 43,008 -c--a-w C:\WINDOWS\BPMNT.dll
    2007-11-07 16:42 1,036,800 -c--a-w C:\WINDOWS\vsapi32.dll
    2007-11-07 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-07 16:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-11-06 18:44 71,749 -c--a-w C:\WINDOWS\hcextoutput.dll
    2007-11-06 18:44 267,845 -c--a-w C:\WINDOWS\tsc.exe
    2007-10-13 08:12 --------- d-----w C:\Program Files\Cedelia
    2007-10-07 13:15 --------- d-----w C:\Program Files\SopCast
    2007-10-07 13:12 --------- d-----w C:\Documents and Settings\donat\Application Data\SopCast
    2007-09-16 09:49 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-15 18:46 --------- d-----w C:\Program Files\TVAnts
    2007-09-10 16:04 2,322,176 ----a-w C:\WINDOWS\system32\TUKernel.exe
    2007-08-27 17:26 132,096 ------w C:\WINDOWS\combatfs.exe
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-11 20:31 47,360 ----a-w C:\Documents and Settings\donat\Application Data\pcouffin.sys
    2003-05-21 17:58 253,672 -c--a-w C:\WINDOWS\inf\windrvr6.sys
    2005-09-23 18:55:59 56 -csh--r C:\WINDOWS\system32\97159F3928.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-08_ 0.34.19.76 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-11-07 20:31:44 775,680 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
    + 2007-11-08 08:26:57 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
    - 2007-11-07 20:31:45 19,392 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    + 2007-11-08 08:26:57 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{656BAEE9-C8A1-46A7-BBF9-82BA12B99CAA}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7a05da82-71fd-4fad-ab43-59d24c273944}]
    2007-11-07 10:00 79936 --a------ C:\WINDOWS\system32\nepwpsmq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E610F987-88B6-4839-818B-ED43F1256A36}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-14 18:20]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-12 16:11]
    "dc21ca9b"="C:\WINDOWS\system32\vnjsjwim.dll" [2007-11-07 09:57]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-11-08 09:27]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImInstaller_IncrediMail]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    C:\Program Files\Logitech\iTouch\iTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    "dc21ca9b"=rundll32.exe "C:\WINDOWS\system32\fkqixluy.dll",b

    R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
    S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
    S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e02652-40b6-11da-8893-4d6564696130}]
    \Shell\AutoRun\command - G:\ReadMe.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-26 15:38:07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-08 18:20:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-08 18:21:46
    .
    --- E O F ---
    0
  15. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    je fais toutes ces opérations en mode sans échec et en ayant enlever la resto système

    j'ai passé spybot et apparemment il n'y a plus vitumonde , mais il reste doubleclick et bluestreak

    j'attends l'avis d'un pro

    merci
    0
  16. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    il est 21h16, je redonne un ptit coup de spybot et qu'est ce que je vois

    virtumonde est à nouveau là!!!!

    je jette l'éponge
    0
  17. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    merci

    j'ai fait sauter avast et pour le moment je teste AVG, il a l'air de me trouver pas mal de fichiers infectés

    j'ai aussi virer spybot pour AVG Anti-Spyware
    on va voir comme ça en attendant que quelqu'un se penche sur mes rapports
    0
  18. remijio Messages postés 39 Date d'inscription   Statut Membre
     
    bon, j'ai tout formaté et réinstaller et tout est redevenu normal

    merci à lovedivine pour ses conseils
    0

Discussions similaires

Infecte par un virus
sapard -
seb77150 -

3 réponses
Mon ordinateur a été infecté par un virus ou
henry4002 -
jorginho67 -

6 réponses
infecté par InstantAccess
mimi22 -
Utilisateur anonyme -

22 réponses
infecté par brontok
yannick -
lili -

27 réponses
infecté par trojan.generic
blocage -
billmaxime -

29 réponses