Probléme avec trojans win32vundo@dll
jojo97422
Messages postés
76
Statut
Membre
-
fiat500 Messages postés 2681 Statut Membre -
fiat500 Messages postés 2681 Statut Membre -
Bonjour,j'ai un depuis 1 semaine le trojans win32vundo@dll qui est détécté par avast j'ai essayé plusieur scan au démarage et un nettoyage avec spybot mais toujours pas résolu le probléme . j'ai lu quelque réponse sur le forum est j'ai commencé a faire comme le rapport hijackthis et maintenant que faire .
AIDEZ MOI SVP MERCI d'avance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:47, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Calendrier\Cld2000.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Radio Fr Solo\RFScheduler.exe
C:\Program Files\NoBrand\Wireless Network Manager\Monitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\JONATHAN\Mes documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tblive.dll
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA5D696-C6CE-4A2B-BD4A-4AA1992B9F43} - (no file)
O2 - BHO: (no name) - {3E6EB08D-515C-4022-B42D-CABA45BFC7E0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0FCA3A2-34C0-4CA2-A7A4-87A87D4C712C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B5697A77-A299-4DF7-B2B7-EB75629F525D} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\WINDOWS\system32\khfDtRjh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Workflow] E:\Workflow.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [100ef2c1] rundll32.exe "C:\WINDOWS\system32\vnkjokdh.dll",b
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\full_felix.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RFScheduler.lnk = C:\Program Files\Radio Fr Solo\RFScheduler.exe
O4 - Global Startup: Wireless Network Manager.lnk = C:\Program Files\NoBrand\Wireless Network Manager\Monitor.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\Betway\Poker\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Seekmo/ie/bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {EB504BE1-BFA2-41FE-8F49-C4DD2524E246} - http://servicesv4.canalplusactive.com/cabs/msway42.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A4BB8B3-AC32-4A9C-9CF5-E2CEA74D9B7E}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A4BB8B3-AC32-4A9C-9CF5-E2CEA74D9B7E}: NameServer = 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A4BB8B3-AC32-4A9C-9CF5-E2CEA74D9B7E}: NameServer = 213.36.80.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: khfDtRjh - C:\WINDOWS\SYSTEM32\khfDtRjh.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
AIDEZ MOI SVP MERCI d'avance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:47, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Calendrier\Cld2000.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Radio Fr Solo\RFScheduler.exe
C:\Program Files\NoBrand\Wireless Network Manager\Monitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\JONATHAN\Mes documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tblive.dll
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EA5D696-C6CE-4A2B-BD4A-4AA1992B9F43} - (no file)
O2 - BHO: (no name) - {3E6EB08D-515C-4022-B42D-CABA45BFC7E0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0FCA3A2-34C0-4CA2-A7A4-87A87D4C712C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B5697A77-A299-4DF7-B2B7-EB75629F525D} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\WINDOWS\system32\khfDtRjh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Workflow] E:\Workflow.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [100ef2c1] rundll32.exe "C:\WINDOWS\system32\vnkjokdh.dll",b
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\full_felix.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RFScheduler.lnk = C:\Program Files\Radio Fr Solo\RFScheduler.exe
O4 - Global Startup: Wireless Network Manager.lnk = C:\Program Files\NoBrand\Wireless Network Manager\Monitor.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\Betway\Poker\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Seekmo/ie/bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {EB504BE1-BFA2-41FE-8F49-C4DD2524E246} - http://servicesv4.canalplusactive.com/cabs/msway42.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A4BB8B3-AC32-4A9C-9CF5-E2CEA74D9B7E}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A4BB8B3-AC32-4A9C-9CF5-E2CEA74D9B7E}: NameServer = 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A4BB8B3-AC32-4A9C-9CF5-E2CEA74D9B7E}: NameServer = 213.36.80.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: khfDtRjh - C:\WINDOWS\SYSTEM32\khfDtRjh.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
A voir également:
- Probléme avec trojans win32vundo@dll
- Advapi32.dll ccleaner ✓ - Forum Windows
- Logilda dll ✓ - Forum Windows 8 / 8.1
- Cccleaner procédure introuvable dans biblio liens dynamiques - Forum Windows 7
- %Systemroot%\system32\shell32.dll - Forum Windows
- Setdefaultdlldirectories kernel32.dll windows 7 ✓ - Forum Windows 7
37 réponses
bonjour et bienvenu
fais ca en mode sans echec avec prise en charge du réseau
pour supprimer vundo telecharge vundofix ici:
http://www.atribune.org/ccount/click.php?id=4
mettez-le sur votre bureau
Après le téléchargement. Cliquez sur VundoFix.exe
L'outil va s'ouvrir. Cliquez sur Scan for Vundo
Si une infection est détecté. Cliquez sur Remove Vundo cela va éliminer les fichiers infectés trouvés par l’outil, confirmez la suppression des fichiers.
Dans certains cas un redémarrage est requis donc acceptez-le.
Après l'utilisation de VundoFix, un rapport est automatiquement généré. Son emplacement se situe dans la racine de votre Windows C:/ vundofix backups/vundofix
Ouvrez le fichier texte VundoFix puis copier/coller le rapport sur le forum
Supprimez le dossier de sauvgarde VundoFix Backups
puis
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
puis
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
puis tu me recolle un log hijackthis
fais ca en mode sans echec avec prise en charge du réseau
pour supprimer vundo telecharge vundofix ici:
http://www.atribune.org/ccount/click.php?id=4
mettez-le sur votre bureau
Après le téléchargement. Cliquez sur VundoFix.exe
L'outil va s'ouvrir. Cliquez sur Scan for Vundo
Si une infection est détecté. Cliquez sur Remove Vundo cela va éliminer les fichiers infectés trouvés par l’outil, confirmez la suppression des fichiers.
Dans certains cas un redémarrage est requis donc acceptez-le.
Après l'utilisation de VundoFix, un rapport est automatiquement généré. Son emplacement se situe dans la racine de votre Windows C:/ vundofix backups/vundofix
Ouvrez le fichier texte VundoFix puis copier/coller le rapport sur le forum
Supprimez le dossier de sauvgarde VundoFix Backups
puis
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
puis
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
puis tu me recolle un log hijackthis
et maintenat voila le rapport de virtumondebegone
il a fallut redémarré le pc avant ,
[06/01/2008, 15:07:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\JONATHAN\Bureau\VirtumundoBeGone.exe" )
[06/01/2008, 15:07:37] - Detected System Information:
[06/01/2008, 15:07:37] - Windows Version: 5.1.2600, Service Pack 2
[06/01/2008, 15:07:37] - Current Username: JONATHAN (Admin)
[06/01/2008, 15:07:38] - Windows is in NORMAL mode.
[06/01/2008, 15:07:38] - Searching for Browser Helper Objects:
[06/01/2008, 15:07:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 15:07:38] - BHO 2: {2EA5D696-C6CE-4A2B-BD4A-4AA1992B9F43} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 3: {3E6EB08D-515C-4022-B42D-CABA45BFC7E0} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/01/2008, 15:07:38] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 15:07:38] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 15:07:38] - BHO 9: {A0FCA3A2-34C0-4CA2-A7A4-87A87D4C712C} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/01/2008, 15:07:38] - BHO 11: {B5697A77-A299-4DF7-B2B7-EB75629F525D} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 12: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - Checking for HKLM\...\Winlogon\Notify\khfDtRjh
[06/01/2008, 15:07:38] - Found: HKLM\...\Winlogon\Notify\khfDtRjh - This is probably Virtumundo.
[06/01/2008, 15:07:38] - Assigning {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} MSEvents Object
[06/01/2008, 15:07:38] - BHO list has been changed! Starting over...
[06/01/2008, 15:07:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 15:07:38] - BHO 2: {2EA5D696-C6CE-4A2B-BD4A-4AA1992B9F43} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 3: {3E6EB08D-515C-4022-B42D-CABA45BFC7E0} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/01/2008, 15:07:39] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
[06/01/2008, 15:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 15:07:39] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/01/2008, 15:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 15:07:39] - BHO 9: {A0FCA3A2-34C0-4CA2-A7A4-87A87D4C712C} ()
[06/01/2008, 15:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/01/2008, 15:07:39] - BHO 11: {B5697A77-A299-4DF7-B2B7-EB75629F525D} ()
[06/01/2008, 15:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 12: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} (MSEvents Object)
[06/01/2008, 15:07:39] - ALERT: Found MSEvents Object!
[06/01/2008, 15:07:39] - Finished Searching Browser Helper Objects
[06/01/2008, 15:07:39] - *** Detected MSEvents Object
[06/01/2008, 15:07:39] - Trying to remove MSEvents Object...
[06/01/2008, 15:07:40] - Terminating Process: IEXPLORE.EXE
[06/01/2008, 15:07:40] - Terminating Process: RUNDLL32.EXE
[06/01/2008, 15:07:41] - Disabling Automatic Shell Restart
[06/01/2008, 15:07:41] - Terminating Process: EXPLORER.EXE
[06/01/2008, 15:07:41] - Suspending the NT Session Manager System Service
[06/01/2008, 15:07:41] - Terminating Windows NT Logon/Logoff Manager
[06/01/2008, 15:07:41] - Re-enabling Automatic Shell Restart
[06/01/2008, 15:07:41] - File to disable: C:\WINDOWS\system32\khfDtRjh.dll
[06/01/2008, 15:07:42] - Renaming C:\WINDOWS\system32\khfDtRjh.dll -> C:\WINDOWS\system32\khfDtRjh.dll.vir
[06/01/2008, 15:07:42] - File successfully renamed!
[06/01/2008, 15:07:42] - Removing HKLM\...\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[06/01/2008, 15:07:42] - Removing HKCR\CLSID\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[06/01/2008, 15:07:42] - Adding Kill Bit for ActiveX for GUID: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[06/01/2008, 15:07:42] - Deleting ATLEvents/MSEvents Registry entries
[06/01/2008, 15:07:42] - Removing HKLM\...\Winlogon\Notify\khfDtRjh
[06/01/2008, 15:07:42] - Searching for Browser Helper Objects:
[06/01/2008, 15:07:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 15:07:42] - BHO 2: {2EA5D696-C6CE-4A2B-BD4A-4AA1992B9F43} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 3: {3E6EB08D-515C-4022-B42D-CABA45BFC7E0} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/01/2008, 15:07:42] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 15:07:42] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 15:07:42] - BHO 9: {A0FCA3A2-34C0-4CA2-A7A4-87A87D4C712C} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/01/2008, 15:07:42] - BHO 11: {B5697A77-A299-4DF7-B2B7-EB75629F525D} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - Finished Searching Browser Helper Objects
[06/01/2008, 15:07:42] - Finishing up...
[06/01/2008, 15:07:42] - A restart is needed.
[06/01/2008, 15:07:56] - Attempting to Restart via STOP error (Blue Screen!)
[06/01/2008, 15:11:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\JONATHAN\Bureau\VirtumundoBeGone.exe" )
[06/01/2008, 15:11:31] - User choose NOT to continue. Exiting...
il a fallut redémarré le pc avant ,
[06/01/2008, 15:07:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\JONATHAN\Bureau\VirtumundoBeGone.exe" )
[06/01/2008, 15:07:37] - Detected System Information:
[06/01/2008, 15:07:37] - Windows Version: 5.1.2600, Service Pack 2
[06/01/2008, 15:07:37] - Current Username: JONATHAN (Admin)
[06/01/2008, 15:07:38] - Windows is in NORMAL mode.
[06/01/2008, 15:07:38] - Searching for Browser Helper Objects:
[06/01/2008, 15:07:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 15:07:38] - BHO 2: {2EA5D696-C6CE-4A2B-BD4A-4AA1992B9F43} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 3: {3E6EB08D-515C-4022-B42D-CABA45BFC7E0} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/01/2008, 15:07:38] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 15:07:38] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 15:07:38] - BHO 9: {A0FCA3A2-34C0-4CA2-A7A4-87A87D4C712C} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/01/2008, 15:07:38] - BHO 11: {B5697A77-A299-4DF7-B2B7-EB75629F525D} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 12: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - Checking for HKLM\...\Winlogon\Notify\khfDtRjh
[06/01/2008, 15:07:38] - Found: HKLM\...\Winlogon\Notify\khfDtRjh - This is probably Virtumundo.
[06/01/2008, 15:07:38] - Assigning {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} MSEvents Object
[06/01/2008, 15:07:38] - BHO list has been changed! Starting over...
[06/01/2008, 15:07:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 15:07:38] - BHO 2: {2EA5D696-C6CE-4A2B-BD4A-4AA1992B9F43} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:38] - No filename found. Continuing.
[06/01/2008, 15:07:38] - BHO 3: {3E6EB08D-515C-4022-B42D-CABA45BFC7E0} ()
[06/01/2008, 15:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/01/2008, 15:07:39] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
[06/01/2008, 15:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 15:07:39] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/01/2008, 15:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 15:07:39] - BHO 9: {A0FCA3A2-34C0-4CA2-A7A4-87A87D4C712C} ()
[06/01/2008, 15:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/01/2008, 15:07:39] - BHO 11: {B5697A77-A299-4DF7-B2B7-EB75629F525D} ()
[06/01/2008, 15:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:39] - No filename found. Continuing.
[06/01/2008, 15:07:39] - BHO 12: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} (MSEvents Object)
[06/01/2008, 15:07:39] - ALERT: Found MSEvents Object!
[06/01/2008, 15:07:39] - Finished Searching Browser Helper Objects
[06/01/2008, 15:07:39] - *** Detected MSEvents Object
[06/01/2008, 15:07:39] - Trying to remove MSEvents Object...
[06/01/2008, 15:07:40] - Terminating Process: IEXPLORE.EXE
[06/01/2008, 15:07:40] - Terminating Process: RUNDLL32.EXE
[06/01/2008, 15:07:41] - Disabling Automatic Shell Restart
[06/01/2008, 15:07:41] - Terminating Process: EXPLORER.EXE
[06/01/2008, 15:07:41] - Suspending the NT Session Manager System Service
[06/01/2008, 15:07:41] - Terminating Windows NT Logon/Logoff Manager
[06/01/2008, 15:07:41] - Re-enabling Automatic Shell Restart
[06/01/2008, 15:07:41] - File to disable: C:\WINDOWS\system32\khfDtRjh.dll
[06/01/2008, 15:07:42] - Renaming C:\WINDOWS\system32\khfDtRjh.dll -> C:\WINDOWS\system32\khfDtRjh.dll.vir
[06/01/2008, 15:07:42] - File successfully renamed!
[06/01/2008, 15:07:42] - Removing HKLM\...\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[06/01/2008, 15:07:42] - Removing HKCR\CLSID\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[06/01/2008, 15:07:42] - Adding Kill Bit for ActiveX for GUID: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
[06/01/2008, 15:07:42] - Deleting ATLEvents/MSEvents Registry entries
[06/01/2008, 15:07:42] - Removing HKLM\...\Winlogon\Notify\khfDtRjh
[06/01/2008, 15:07:42] - Searching for Browser Helper Objects:
[06/01/2008, 15:07:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/01/2008, 15:07:42] - BHO 2: {2EA5D696-C6CE-4A2B-BD4A-4AA1992B9F43} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 3: {3E6EB08D-515C-4022-B42D-CABA45BFC7E0} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/01/2008, 15:07:42] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/01/2008, 15:07:42] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/01/2008, 15:07:42] - BHO 9: {A0FCA3A2-34C0-4CA2-A7A4-87A87D4C712C} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/01/2008, 15:07:42] - BHO 11: {B5697A77-A299-4DF7-B2B7-EB75629F525D} ()
[06/01/2008, 15:07:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/01/2008, 15:07:42] - No filename found. Continuing.
[06/01/2008, 15:07:42] - Finished Searching Browser Helper Objects
[06/01/2008, 15:07:42] - Finishing up...
[06/01/2008, 15:07:42] - A restart is needed.
[06/01/2008, 15:07:56] - Attempting to Restart via STOP error (Blue Screen!)
[06/01/2008, 15:11:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\JONATHAN\Bureau\VirtumundoBeGone.exe" )
[06/01/2008, 15:11:31] - User choose NOT to continue. Exiting...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila ce qui est écrit sur le navilog1 depuis que j'ai commencé
Creation de la liste des programmes installes
Veuillez patienter
Search Navipromo version 3.5.7 commence le 01/06/2008 a 15:24:55,75
!!! Attention,ce rapport peut indiquer des fichiers/programmes legitimes !!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie desinfection sans l'avis d'un specialiste !!!
*** Recherche programmes installes ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\WINDOWS" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Program Files" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
Veuillez patienter
Recherche terminee
Le chemin d'accès spécifié est introuvable.
*** Recherche dossiers dans "c:\docume~1\alluse~1\menud╔~1\progra~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\applic~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\locals~1\appl
1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\menudm~1\prog
1" ***
Veuillez patienter
Recherche terminee
*** Recherche avec Catchme par gmer ***
pour + d'infos : http://www.gmer.net
Veuillez patienter ... Le scan peut durer une dizaine de minutes ...
Creation de la liste des programmes installes
Veuillez patienter
Search Navipromo version 3.5.7 commence le 01/06/2008 a 15:24:55,75
!!! Attention,ce rapport peut indiquer des fichiers/programmes legitimes !!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie desinfection sans l'avis d'un specialiste !!!
*** Recherche programmes installes ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\WINDOWS" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Program Files" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
Veuillez patienter
Recherche terminee
Le chemin d'accès spécifié est introuvable.
*** Recherche dossiers dans "c:\docume~1\alluse~1\menud╔~1\progra~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\applic~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\locals~1\appl
1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\menudm~1\prog
1" ***
Veuillez patienter
Recherche terminee
*** Recherche avec Catchme par gmer ***
pour + d'infos : http://www.gmer.net
Veuillez patienter ... Le scan peut durer une dizaine de minutes ...
re
Comme demandé par mp ......
1) as tu restaurer le fichier host ??
2) désinstal ces programmes : C:\Program Files\Calendrier\Cld2000.exe et
C:\Program Files\AXPDefender\AXPDefender.exe
ensuite :
Telecharge malwarebytes
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log
Comme demandé par mp ......
1) as tu restaurer le fichier host ??
2) désinstal ces programmes : C:\Program Files\Calendrier\Cld2000.exe et
C:\Program Files\AXPDefender\AXPDefender.exe
ensuite :
Telecharge malwarebytes
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log
j'ai annulé et j'ai réésayé mais c comme tout al'heure
voila c comme sa
Creation de la liste des programmes installes
Veuillez patienter
Search Navipromo version 3.5.7 commence le 01/06/2008 a 15:24:55,75
!!! Attention,ce rapport peut indiquer des fichiers/programmes legitimes !!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie desinfection sans l'avis d'un specialiste !!!
*** Recherche programmes installes ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\WINDOWS" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Program Files" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
Veuillez patienter
Recherche terminee
Le chemin d'accès spécifié est introuvable.
*** Recherche dossiers dans "c:\docume~1\alluse~1\menud╔~1\progra~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\applic~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\locals~1\appl
1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\menudm~1\prog
1" ***
Veuillez patienter
Recherche terminee
*** Recherche avec Catchme par gmer ***
pour + d'infos : http://www.gmer.net
Veuillez patienter ... Le scan peut durer une dizaine de minutes ...
voila c comme sa
Creation de la liste des programmes installes
Veuillez patienter
Search Navipromo version 3.5.7 commence le 01/06/2008 a 15:24:55,75
!!! Attention,ce rapport peut indiquer des fichiers/programmes legitimes !!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie desinfection sans l'avis d'un specialiste !!!
*** Recherche programmes installes ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\WINDOWS" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Program Files" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
Veuillez patienter
Recherche terminee
Le chemin d'accès spécifié est introuvable.
*** Recherche dossiers dans "c:\docume~1\alluse~1\menud╔~1\progra~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\applic~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\locals~1\appl
1" ***
Veuillez patienter
Recherche terminee
*** Recherche dossiers dans "C:\Documents and Settings\JONATHAN\menudm~1\prog
1" ***
Veuillez patienter
Recherche terminee
*** Recherche avec Catchme par gmer ***
pour + d'infos : http://www.gmer.net
Veuillez patienter ... Le scan peut durer une dizaine de minutes ...
VundoFix V7.0.5
Scan started at 14:40:43 01/06/2008
Listing files found while scanning....
VundoFix V7.0.5
Scan started at 14:48:43 01/06/2008
Listing files found while scanning....
No infected files were found.