Besoin d'aide, Ordinateur au bord del
Résolu
great_one
Messages postés
21
Statut
Membre
-
great_one Messages postés 21 Statut Membre -
great_one Messages postés 21 Statut Membre -
Bonjour, chers forumeurs.
J'ai vraiment besoin d'aide. Mon ordinateur part complètement à la dérive. Un virus s'est invité tout seul dans mon ordinateur, et il est en train de dévaster le PC. Tout d'abord, je ne peux plus avoir accès ni à aucun document, quel qu'il soit, ni au Gestionnaire de Taches, ni au Lecteur [C:] et [D:], c'est à dire là ou se trouvent entre autres les fichiers temporaires, etc...A noter que je ne peux plus les atteindre par tous les moyens, car même le menu "Demarrer" a été dépourvu des "rechercher", "executer", "tous les programmes", "poste de travail", "mes documents", "Panneau de Configuration", entre autres. Pour résume, quand je vais dans "Démarrer", il n'ya que les programms récemment utilisés, dans la colonne de gauche. Enfin, mon ordinateur est très lent, ce qui n'arrive pas en temps normal.
Ensuite, il y'a la pub. Et quelle pub! J'ai eu droit a environ 10 anti-virus, donc le fameux Spy-Shredder, Security Center, des banques, des casinos, des jeux, etc...
Dans la barre ou le "Demarrer" est à gauche (désolé du langage informatique, je suis vraiment une chaussette), il y'a 2 croix rouges, et deux panneaux triangulaires avec un [!] au millieu.
Mozilla est inutilisable. J'ai plusieurs messages de l'ordinateur. Il y'en a qui me parle de [thief], et qui vole les adresses, les codes, etc...Y'en a qui parlent de spyware,...Mais je ne sais pas lequel croire! Quand l'ordi ne fut pas infesté, je recevais souvent des petits messages qui venaient soit-disant de Windows, alors, pour ne pas empirer la situation, je n'ai rien fait, pour le moment. J'attends que quelqu'un qui s'y connaisse m'aide.
Mon antivirus est un AVG 7.5., et j'ai aussi essayé "SmitFraudFix", "Rogue Remover" et "SpyBot S&D", sans réel succès.
Je mets mon rapport HiJackThis (dont je ne connaissais rien jusque ce matin), ça pourrait aider.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:25: VIRUS ALERT!, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: (no name) - {43FCD2CF-5569-4208-97D2-52748E0EF6A0} - C:\WINDOWS\system32\hgGxvtqo.dll
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\yayvvss.dll (file missing)
O2 - BHO: (no name) - {983CEDE8-4100-49BE-A5C7-143155D23332} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O2 - BHO: {de273169-589f-585a-86f4-ed8ac07c889d} - {d988c70c-a8de-4f68-a585-f985961372ed} - C:\WINDOWS\system32\hdfwzt.dll
O2 - BHO: (no name) - {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} - C:\WINDOWS\system32\jkklm.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Instant Messenger] 32\NULL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\yyrrmxgu.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089B-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089B-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: hgGxvtqo - C:\WINDOWS\SYSTEM32\hgGxvtqo.dll
O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll (file missing)
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O20 - Winlogon Notify: yayvvss - yayvvss.dll (file missing)
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
J'ai vraiment besoin d'aide. Mon ordinateur part complètement à la dérive. Un virus s'est invité tout seul dans mon ordinateur, et il est en train de dévaster le PC. Tout d'abord, je ne peux plus avoir accès ni à aucun document, quel qu'il soit, ni au Gestionnaire de Taches, ni au Lecteur [C:] et [D:], c'est à dire là ou se trouvent entre autres les fichiers temporaires, etc...A noter que je ne peux plus les atteindre par tous les moyens, car même le menu "Demarrer" a été dépourvu des "rechercher", "executer", "tous les programmes", "poste de travail", "mes documents", "Panneau de Configuration", entre autres. Pour résume, quand je vais dans "Démarrer", il n'ya que les programms récemment utilisés, dans la colonne de gauche. Enfin, mon ordinateur est très lent, ce qui n'arrive pas en temps normal.
Ensuite, il y'a la pub. Et quelle pub! J'ai eu droit a environ 10 anti-virus, donc le fameux Spy-Shredder, Security Center, des banques, des casinos, des jeux, etc...
Dans la barre ou le "Demarrer" est à gauche (désolé du langage informatique, je suis vraiment une chaussette), il y'a 2 croix rouges, et deux panneaux triangulaires avec un [!] au millieu.
Mozilla est inutilisable. J'ai plusieurs messages de l'ordinateur. Il y'en a qui me parle de [thief], et qui vole les adresses, les codes, etc...Y'en a qui parlent de spyware,...Mais je ne sais pas lequel croire! Quand l'ordi ne fut pas infesté, je recevais souvent des petits messages qui venaient soit-disant de Windows, alors, pour ne pas empirer la situation, je n'ai rien fait, pour le moment. J'attends que quelqu'un qui s'y connaisse m'aide.
Mon antivirus est un AVG 7.5., et j'ai aussi essayé "SmitFraudFix", "Rogue Remover" et "SpyBot S&D", sans réel succès.
Je mets mon rapport HiJackThis (dont je ne connaissais rien jusque ce matin), ça pourrait aider.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:25: VIRUS ALERT!, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: (no name) - {43FCD2CF-5569-4208-97D2-52748E0EF6A0} - C:\WINDOWS\system32\hgGxvtqo.dll
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\yayvvss.dll (file missing)
O2 - BHO: (no name) - {983CEDE8-4100-49BE-A5C7-143155D23332} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O2 - BHO: {de273169-589f-585a-86f4-ed8ac07c889d} - {d988c70c-a8de-4f68-a585-f985961372ed} - C:\WINDOWS\system32\hdfwzt.dll
O2 - BHO: (no name) - {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} - C:\WINDOWS\system32\jkklm.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Instant Messenger] 32\NULL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\yyrrmxgu.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089B-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089B-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: hgGxvtqo - C:\WINDOWS\SYSTEM32\hgGxvtqo.dll
O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll (file missing)
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O20 - Winlogon Notify: yayvvss - yayvvss.dll (file missing)
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:
- Besoin d'aide, Ordinateur au bord del
- Ordinateur lent au démarrage - Guide
- Comment réinitialiser un ordinateur - Guide
- Clavier de l'ordinateur - Guide
- Qu'est ce qui se lance au démarrage de l'ordinateur - Guide
- # Sur ordinateur - Guide
21 réponses
Salut,
T'es infecté par Vundo/Virtumonde.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
T'es infecté par Vundo/Virtumonde.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Salut,
Merci de bien vouloir m'aider, Destrio5, en premier lieu.
Avant d'expliquer, je dois dire que j'ai téléchargé ComboFix d'un ordinateur extérieur pour ensuite le transférer via clé USB dans mon ordinateur, pour la bonne et simple raison qu'a chaque fois que je clique de mon ordinateur vers le lien que tu m'a donné, il me renvoie dans de la publicité pour un anti-virus. Constamment.
Revenons à ComboFix: J'ai encore un souci. J'ai beau cliquer, double-cliquer des dizaines de fois, l'application ne s'exécute pas. J'ai eu le même problème avec SmitFraudFix, mais pas avec RogueRemover, qui, au passage, me dit qu'il n'y a aucune infection dans mon ordinateur (ce qui à priori faux, j'ai encore ces fameux messages et différantes parties de l'ordinateur sont injoignables).
Au passage: J'avais oublié de dire, mais à côté de l'heure, il est écrit "VIRUS ALERT!"
Que me conseilles-tu (ou que me conseillez-vous) de faire?
Merci.
Merci de bien vouloir m'aider, Destrio5, en premier lieu.
Avant d'expliquer, je dois dire que j'ai téléchargé ComboFix d'un ordinateur extérieur pour ensuite le transférer via clé USB dans mon ordinateur, pour la bonne et simple raison qu'a chaque fois que je clique de mon ordinateur vers le lien que tu m'a donné, il me renvoie dans de la publicité pour un anti-virus. Constamment.
Revenons à ComboFix: J'ai encore un souci. J'ai beau cliquer, double-cliquer des dizaines de fois, l'application ne s'exécute pas. J'ai eu le même problème avec SmitFraudFix, mais pas avec RogueRemover, qui, au passage, me dit qu'il n'y a aucune infection dans mon ordinateur (ce qui à priori faux, j'ai encore ces fameux messages et différantes parties de l'ordinateur sont injoignables).
Au passage: J'avais oublié de dire, mais à côté de l'heure, il est écrit "VIRUS ALERT!"
Que me conseilles-tu (ou que me conseillez-vous) de faire?
Merci.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Euh. Je vois pas comment ça peut t'afficher ça.
Tu transfères ComboFix sur le bureau du PC infecté. Tu lances le PC infecté en mode sans échec. Puis tu lances ComboFix.
Tu transfères ComboFix sur le bureau du PC infecté. Tu lances le PC infecté en mode sans échec. Puis tu lances ComboFix.
Tu peux faire ceci :
- Télécharge et installe Malwarebyte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec Malwarebyte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
- Télécharge et installe Malwarebyte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec Malwarebyte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
C'est une catastrophe, j'ai l'impression. En effet, il y'a bien le pop-up qui me demande si je veux bien ouvrir le fichier, et que c'est à mes risques et périls. Mais une fois que j'accepte, l'application ne démarre pas.
J'ai réussi à me dépâter, et j'ai 2 choses à te (vous, les autres aussi qui peuvent m'aider, vous gênez pas) montrer:
J'ai passé 2 scans, avec "VirtumondoBeGone" et "VundoFix". Le premier semble avoir détecté le virus, il a donc demandé a redémarrer l'ordinateur. J'ai donc dit oui, mais l'ordinateur ne semblait pas pouvoir s'éteindre, alors je l'ai éteint manuelement, en appuyant 5 secondes sur le bouton. J'ai redémarré l'ordinateur, et j'ai refait un scan avec "VirtumondoBeGone". Il n'a cette fois -à priori- rien détecté, comme le témoigne le test que je vais te diffuser à l'instant.
J'ai ensuite téléchargé le logiciel "VundoFix". Une fois téléchargé (Dieu Merci), j'ai fait un scan détaillé. A la fin du scan, "VundoFix" me dit qu'il n'ya aucune menace.
Voilà les 2 Scans de "VirtumondoBeGone".
Le premier Test, qui semble avoir détecté le virus, et qui m'a demandé à le fin de redémarrer. (et que j'ai effectué en mode "Sans Echec"
[07/14/2008, 0:34:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 0:34:09] - Detected System Information:
[07/14/2008, 0:34:09] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 0:34:09] - Current Username: HP_Administrateur (Admin)
[07/14/2008, 0:34:09] - Windows is in SAFE mode.
[07/14/2008, 0:34:09] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\hgGxvtqo
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\hgGxvtqo - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {43FCD2CF-5569-4208-97D2-52748E0EF6A0} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\yayvvss
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\yayvvss - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {941508F8-CCD9-44E0-AC29-4F1E141373F7} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 7: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:09] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:09] - BHO 11: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\jkklm
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\jkklm - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 7: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:09] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:09] - BHO 11: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:09] - *** Detected MSEvents Object
[07/14/2008, 0:34:09] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:10] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:11] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:11] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:11] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:11] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:11] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:11] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:11] - File to disable: C:\WINDOWS\system32\hgGxvtqo.dll
[07/14/2008, 0:34:11] - Renaming C:\WINDOWS\system32\hgGxvtqo.dll -> C:\WINDOWS\system32\hgGxvtqo.dll.vir
[07/14/2008, 0:34:11] - File successfully renamed!
[07/14/2008, 0:34:11] - Removing HKLM\...\Browser Helper Objects\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Removing HKCR\CLSID\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Adding Kill Bit for ActiveX for GUID: {43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:11] - Removing HKLM\...\Winlogon\Notify\hgGxvtqo
[07/14/2008, 0:34:11] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:11] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:11] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:11] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:11] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:11] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:11] - BHO 5: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:11] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:11] - BHO 6: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:11] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:12] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:12] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:12] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:12] - BHO 9: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:12] - BHO 10: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:12] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:12] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:12] - *** Detected MSEvents Object
[07/14/2008, 0:34:12] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:13] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:13] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:13] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:13] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:13] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:13] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:13] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:13] - File to disable: C:\WINDOWS\system32\yayvvss.dll
[07/14/2008, 0:34:13] - Removing HKLM\...\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Removing HKCR\CLSID\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Adding Kill Bit for ActiveX for GUID: {941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:13] - Removing HKLM\...\Winlogon\Notify\yayvvss
[07/14/2008, 0:34:13] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:13] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:13] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:13] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:13] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:13] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:13] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:13] - BHO 5: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:13] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:13] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:13] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:13] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:13] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:13] - BHO 9: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:13] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:13] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:13] - *** Detected MSEvents Object
[07/14/2008, 0:34:13] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:14] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:14] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:14] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:14] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:14] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:15] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:15] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:15] - File to disable: C:\WINDOWS\system32\jkklm.dll
[07/14/2008, 0:34:15] - Removing HKLM\...\Browser Helper Objects\{F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Removing HKCR\CLSID\{F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Adding Kill Bit for ActiveX for GUID: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:15] - Removing HKLM\...\Winlogon\Notify\jkklm
[07/14/2008, 0:34:15] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:15] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:15] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:15] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:15] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:15] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:15] - BHO 5: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:15] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:15] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:15] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:15] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:15] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:15] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:15] - Finishing up...
[07/14/2008, 0:34:15] - A restart is needed.
[07/14/2008, 0:34:25] - Attempting to Restart via STOP error (Blue Screen!)
Le deuxième, qui semble ne rien avoir détecté. (Et que j'ai effectué en mode "Normal")
[07/14/2008, 0:39:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 0:39:11] - Detected System Information:
[07/14/2008, 0:39:11] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 0:39:11] - Current Username: HP_Administrateur (Admin)
[07/14/2008, 0:39:11] - Windows is in NORMAL mode.
[07/14/2008, 0:39:11] - Searching for Browser Helper Objects:
[07/14/2008, 0:39:11] - BHO 1: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:39:11] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:39:11] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:39:11] - BHO 4: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:39:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:39:11] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:39:11] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:39:11] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:39:11] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:39:11] - BHO 7: {C1AEB398-385D-48EB-A525-22728E4CA8A2} ()
[07/14/2008, 0:39:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:39:11] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:39:11] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:39:11] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:39:11] - Finished Searching Browser Helper Objects
[07/14/2008, 0:39:11] - Finishing up...
[07/14/2008, 0:39:11] - Nothing found! Exiting...
Je vais maintenant montrer le rapport HiJackThis que j'ai effectué à la suite de ces tests:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:14: VIRUS ALERT!, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d77d3a2f-11ac-bc79-16f4-09f5d0ff818a} - {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} - C:\WINDOWS\system32\nmoeuw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C1AEB398-385D-48EB-A525-22728E4CA8A2} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Instant Messenger] 32\NULL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\daenwtci.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089B-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089B-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
J'ai passé 2 scans, avec "VirtumondoBeGone" et "VundoFix". Le premier semble avoir détecté le virus, il a donc demandé a redémarrer l'ordinateur. J'ai donc dit oui, mais l'ordinateur ne semblait pas pouvoir s'éteindre, alors je l'ai éteint manuelement, en appuyant 5 secondes sur le bouton. J'ai redémarré l'ordinateur, et j'ai refait un scan avec "VirtumondoBeGone". Il n'a cette fois -à priori- rien détecté, comme le témoigne le test que je vais te diffuser à l'instant.
J'ai ensuite téléchargé le logiciel "VundoFix". Une fois téléchargé (Dieu Merci), j'ai fait un scan détaillé. A la fin du scan, "VundoFix" me dit qu'il n'ya aucune menace.
Voilà les 2 Scans de "VirtumondoBeGone".
Le premier Test, qui semble avoir détecté le virus, et qui m'a demandé à le fin de redémarrer. (et que j'ai effectué en mode "Sans Echec"
[07/14/2008, 0:34:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 0:34:09] - Detected System Information:
[07/14/2008, 0:34:09] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 0:34:09] - Current Username: HP_Administrateur (Admin)
[07/14/2008, 0:34:09] - Windows is in SAFE mode.
[07/14/2008, 0:34:09] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\hgGxvtqo
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\hgGxvtqo - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {43FCD2CF-5569-4208-97D2-52748E0EF6A0} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\yayvvss
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\yayvvss - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {941508F8-CCD9-44E0-AC29-4F1E141373F7} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 7: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:09] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:09] - BHO 11: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\jkklm
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\jkklm - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 7: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:09] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:09] - BHO 11: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:09] - *** Detected MSEvents Object
[07/14/2008, 0:34:09] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:10] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:11] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:11] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:11] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:11] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:11] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:11] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:11] - File to disable: C:\WINDOWS\system32\hgGxvtqo.dll
[07/14/2008, 0:34:11] - Renaming C:\WINDOWS\system32\hgGxvtqo.dll -> C:\WINDOWS\system32\hgGxvtqo.dll.vir
[07/14/2008, 0:34:11] - File successfully renamed!
[07/14/2008, 0:34:11] - Removing HKLM\...\Browser Helper Objects\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Removing HKCR\CLSID\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Adding Kill Bit for ActiveX for GUID: {43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:11] - Removing HKLM\...\Winlogon\Notify\hgGxvtqo
[07/14/2008, 0:34:11] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:11] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:11] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:11] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:11] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:11] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:11] - BHO 5: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:11] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:11] - BHO 6: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:11] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:12] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:12] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:12] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:12] - BHO 9: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:12] - BHO 10: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:12] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:12] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:12] - *** Detected MSEvents Object
[07/14/2008, 0:34:12] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:13] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:13] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:13] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:13] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:13] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:13] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:13] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:13] - File to disable: C:\WINDOWS\system32\yayvvss.dll
[07/14/2008, 0:34:13] - Removing HKLM\...\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Removing HKCR\CLSID\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Adding Kill Bit for ActiveX for GUID: {941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:13] - Removing HKLM\...\Winlogon\Notify\yayvvss
[07/14/2008, 0:34:13] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:13] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:13] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:13] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:13] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:13] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:13] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:13] - BHO 5: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:13] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:13] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:13] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:13] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:13] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:13] - BHO 9: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:13] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:13] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:13] - *** Detected MSEvents Object
[07/14/2008, 0:34:13] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:14] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:14] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:14] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:14] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:14] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:15] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:15] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:15] - File to disable: C:\WINDOWS\system32\jkklm.dll
[07/14/2008, 0:34:15] - Removing HKLM\...\Browser Helper Objects\{F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Removing HKCR\CLSID\{F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Adding Kill Bit for ActiveX for GUID: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:15] - Removing HKLM\...\Winlogon\Notify\jkklm
[07/14/2008, 0:34:15] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:15] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:15] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:15] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:15] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:15] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:15] - BHO 5: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:15] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:15] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:15] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:15] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:15] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:15] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:15] - Finishing up...
[07/14/2008, 0:34:15] - A restart is needed.
[07/14/2008, 0:34:25] - Attempting to Restart via STOP error (Blue Screen!)
Le deuxième, qui semble ne rien avoir détecté. (Et que j'ai effectué en mode "Normal")
[07/14/2008, 0:39:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 0:39:11] - Detected System Information:
[07/14/2008, 0:39:11] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 0:39:11] - Current Username: HP_Administrateur (Admin)
[07/14/2008, 0:39:11] - Windows is in NORMAL mode.
[07/14/2008, 0:39:11] - Searching for Browser Helper Objects:
[07/14/2008, 0:39:11] - BHO 1: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:39:11] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:39:11] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:39:11] - BHO 4: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:39:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:39:11] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:39:11] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:39:11] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:39:11] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:39:11] - BHO 7: {C1AEB398-385D-48EB-A525-22728E4CA8A2} ()
[07/14/2008, 0:39:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:39:11] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:39:11] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:39:11] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:39:11] - Finished Searching Browser Helper Objects
[07/14/2008, 0:39:11] - Finishing up...
[07/14/2008, 0:39:11] - Nothing found! Exiting...
Je vais maintenant montrer le rapport HiJackThis que j'ai effectué à la suite de ces tests:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:14: VIRUS ALERT!, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d77d3a2f-11ac-bc79-16f4-09f5d0ff818a} - {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} - C:\WINDOWS\system32\nmoeuw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C1AEB398-385D-48EB-A525-22728E4CA8A2} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Instant Messenger] 32\NULL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\daenwtci.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089B-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089B-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
J'ai réussi à me dépâter, et j'ai 2 choses à te (vous, les autres aussi qui peuvent m'aider, vous gênez pas) montrer:
J'ai passé 2 scans, avec "VirtumondoBeGone" et "VundoFix". Le premier semble avoir détecté le virus, il a donc demandé a redémarrer l'ordinateur. J'ai donc dit oui, mais l'ordinateur ne semblait pas pouvoir s'éteindre, alors je l'ai éteint manuelement, en appuyant 5 secondes sur le bouton. J'ai redémarré l'ordinateur, et j'ai refait un scan avec "VirtumondoBeGone". Il n'a cette fois -à priori- rien détecté, comme le témoigne le test que je vais te diffuser à l'instant.
J'ai ensuite téléchargé le logiciel "VundoFix". Une fois téléchargé (Dieu Merci), j'ai fait un scan détaillé. A la fin du scan, "VundoFix" me dit qu'il n'ya aucune menace.
Voilà les 2 Scans de "VirtumondoBeGone".
Le premier Test, qui semble avoir détecté le virus, et qui m'a demandé à le fin de redémarrer. (et que j'ai effectué en mode "Sans Echec"
[07/14/2008, 0:34:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 0:34:09] - Detected System Information:
[07/14/2008, 0:34:09] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 0:34:09] - Current Username: HP_Administrateur (Admin)
[07/14/2008, 0:34:09] - Windows is in SAFE mode.
[07/14/2008, 0:34:09] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\hgGxvtqo
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\hgGxvtqo - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {43FCD2CF-5569-4208-97D2-52748E0EF6A0} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\yayvvss
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\yayvvss - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {941508F8-CCD9-44E0-AC29-4F1E141373F7} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 7: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:09] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:09] - BHO 11: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\jkklm
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\jkklm - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 7: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:09] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:09] - BHO 11: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:09] - *** Detected MSEvents Object
[07/14/2008, 0:34:09] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:10] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:11] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:11] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:11] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:11] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:11] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:11] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:11] - File to disable: C:\WINDOWS\system32\hgGxvtqo.dll
[07/14/2008, 0:34:11] - Renaming C:\WINDOWS\system32\hgGxvtqo.dll -> C:\WINDOWS\system32\hgGxvtqo.dll.vir
[07/14/2008, 0:34:11] - File successfully renamed!
[07/14/2008, 0:34:11] - Removing HKLM\...\Browser Helper Objects\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Removing HKCR\CLSID\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Adding Kill Bit for ActiveX for GUID: {43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:11] - Removing HKLM\...\Winlogon\Notify\hgGxvtqo
[07/14/2008, 0:34:11] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:11] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:11] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:11] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:11] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:11] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:11] - BHO 5: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:11] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:11] - BHO 6: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:11] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:12] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:12] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:12] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:12] - BHO 9: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:12] - BHO 10: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:12] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:12] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:12] - *** Detected MSEvents Object
[07/14/2008, 0:34:12] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:13] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:13] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:13] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:13] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:13] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:13] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:13] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:13] - File to disable: C:\WINDOWS\system32\yayvvss.dll
[07/14/2008, 0:34:13] - Removing HKLM\...\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Removing HKCR\CLSID\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Adding Kill Bit for ActiveX for GUID: {941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:13] - Removing HKLM\...\Winlogon\Notify\yayvvss
[07/14/2008, 0:34:13] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:13] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:13] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:13] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:13] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:13] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:13] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:13] - BHO 5: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:13] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:13] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:13] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:13] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:13] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:13] - BHO 9: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:13] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:13] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:13] - *** Detected MSEvents Object
[07/14/2008, 0:34:13] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:14] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:14] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:14] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:14] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:14] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:15] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:15] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:15] - File to disable: C:\WINDOWS\system32\jkklm.dll
[07/14/2008, 0:34:15] - Removing HKLM\...\Browser Helper Objects\{F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Removing HKCR\CLSID\{F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Adding Kill Bit for ActiveX for GUID: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:15] - Removing HKLM\...\Winlogon\Notify\jkklm
[07/14/2008, 0:34:15] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:15] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:15] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:15] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:15] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:15] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:15] - BHO 5: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:15] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:15] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:15] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:15] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:15] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:15] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:15] - Finishing up...
[07/14/2008, 0:34:15] - A restart is needed.
[07/14/2008, 0:34:25] - Attempting to Restart via STOP error (Blue Screen!)
Le deuxième, qui semble ne rien avoir détecté. (Et que j'ai effectué en mode "Normal")
[07/14/2008, 0:39:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 0:39:11] - Detected System Information:
[07/14/2008, 0:39:11] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 0:39:11] - Current Username: HP_Administrateur (Admin)
[07/14/2008, 0:39:11] - Windows is in NORMAL mode.
[07/14/2008, 0:39:11] - Searching for Browser Helper Objects:
[07/14/2008, 0:39:11] - BHO 1: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:39:11] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:39:11] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:39:11] - BHO 4: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:39:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:39:11] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:39:11] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:39:11] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:39:11] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:39:11] - BHO 7: {C1AEB398-385D-48EB-A525-22728E4CA8A2} ()
[07/14/2008, 0:39:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:39:11] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:39:11] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:39:11] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:39:11] - Finished Searching Browser Helper Objects
[07/14/2008, 0:39:11] - Finishing up...
[07/14/2008, 0:39:11] - Nothing found! Exiting...
Je vais maintenant montrer le rapport HiJackThis que j'ai effectué à la suite de ces tests:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:14: VIRUS ALERT!, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d77d3a2f-11ac-bc79-16f4-09f5d0ff818a} - {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} - C:\WINDOWS\system32\nmoeuw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C1AEB398-385D-48EB-A525-22728E4CA8A2} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Instant Messenger] 32\NULL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\daenwtci.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089B-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089B-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
J'ai passé 2 scans, avec "VirtumondoBeGone" et "VundoFix". Le premier semble avoir détecté le virus, il a donc demandé a redémarrer l'ordinateur. J'ai donc dit oui, mais l'ordinateur ne semblait pas pouvoir s'éteindre, alors je l'ai éteint manuelement, en appuyant 5 secondes sur le bouton. J'ai redémarré l'ordinateur, et j'ai refait un scan avec "VirtumondoBeGone". Il n'a cette fois -à priori- rien détecté, comme le témoigne le test que je vais te diffuser à l'instant.
J'ai ensuite téléchargé le logiciel "VundoFix". Une fois téléchargé (Dieu Merci), j'ai fait un scan détaillé. A la fin du scan, "VundoFix" me dit qu'il n'ya aucune menace.
Voilà les 2 Scans de "VirtumondoBeGone".
Le premier Test, qui semble avoir détecté le virus, et qui m'a demandé à le fin de redémarrer. (et que j'ai effectué en mode "Sans Echec"
[07/14/2008, 0:34:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 0:34:09] - Detected System Information:
[07/14/2008, 0:34:09] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 0:34:09] - Current Username: HP_Administrateur (Admin)
[07/14/2008, 0:34:09] - Windows is in SAFE mode.
[07/14/2008, 0:34:09] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\hgGxvtqo
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\hgGxvtqo - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {43FCD2CF-5569-4208-97D2-52748E0EF6A0} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\yayvvss
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\yayvvss - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {941508F8-CCD9-44E0-AC29-4F1E141373F7} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 7: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:09] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:09] - BHO 11: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\jkklm
[07/14/2008, 0:34:09] - Found: HKLM\...\Winlogon\Notify\jkklm - This is probably Virtumundo.
[07/14/2008, 0:34:09] - Assigning {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} MSEvents Object
[07/14/2008, 0:34:09] - BHO list has been changed! Starting over...
[07/14/2008, 0:34:09] - BHO 1: {43FCD2CF-5569-4208-97D2-52748E0EF6A0} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 2: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:09] - BHO 3: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:09] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:09] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - BHO 7: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:09] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:09] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:09] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:09] - BHO 11: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:09] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:09] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:09] - *** Detected MSEvents Object
[07/14/2008, 0:34:09] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:10] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:11] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:11] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:11] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:11] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:11] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:11] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:11] - File to disable: C:\WINDOWS\system32\hgGxvtqo.dll
[07/14/2008, 0:34:11] - Renaming C:\WINDOWS\system32\hgGxvtqo.dll -> C:\WINDOWS\system32\hgGxvtqo.dll.vir
[07/14/2008, 0:34:11] - File successfully renamed!
[07/14/2008, 0:34:11] - Removing HKLM\...\Browser Helper Objects\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Removing HKCR\CLSID\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Adding Kill Bit for ActiveX for GUID: {43FCD2CF-5569-4208-97D2-52748E0EF6A0}
[07/14/2008, 0:34:11] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:11] - Removing HKLM\...\Winlogon\Notify\hgGxvtqo
[07/14/2008, 0:34:11] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:11] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:11] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:11] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:11] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:11] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:11] - BHO 5: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/14/2008, 0:34:11] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:11] - BHO 6: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:11] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:12] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:12] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:12] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:12] - BHO 9: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:12] - BHO 10: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:12] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:12] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:12] - *** Detected MSEvents Object
[07/14/2008, 0:34:12] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:13] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:13] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:13] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:13] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:13] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:13] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:13] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:13] - File to disable: C:\WINDOWS\system32\yayvvss.dll
[07/14/2008, 0:34:13] - Removing HKLM\...\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Removing HKCR\CLSID\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Adding Kill Bit for ActiveX for GUID: {941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/14/2008, 0:34:13] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:13] - Removing HKLM\...\Winlogon\Notify\yayvvss
[07/14/2008, 0:34:13] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:13] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:13] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:13] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:13] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:13] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:13] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:13] - BHO 5: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:13] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:13] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:13] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:13] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:13] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:13] - BHO 9: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9} (MSEvents Object)
[07/14/2008, 0:34:13] - ALERT: Found MSEvents Object!
[07/14/2008, 0:34:13] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:13] - *** Detected MSEvents Object
[07/14/2008, 0:34:13] - Trying to remove MSEvents Object...
[07/14/2008, 0:34:14] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 0:34:14] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 0:34:14] - Disabling Automatic Shell Restart
[07/14/2008, 0:34:14] - Terminating Process: EXPLORER.EXE
[07/14/2008, 0:34:14] - Suspending the NT Session Manager System Service
[07/14/2008, 0:34:15] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 0:34:15] - Re-enabling Automatic Shell Restart
[07/14/2008, 0:34:15] - File to disable: C:\WINDOWS\system32\jkklm.dll
[07/14/2008, 0:34:15] - Removing HKLM\...\Browser Helper Objects\{F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Removing HKCR\CLSID\{F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Adding Kill Bit for ActiveX for GUID: {F7DEB4AB-22C1-44FD-AB05-50F2CFA714D9}
[07/14/2008, 0:34:15] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 0:34:15] - Removing HKLM\...\Winlogon\Notify\jkklm
[07/14/2008, 0:34:15] - Searching for Browser Helper Objects:
[07/14/2008, 0:34:15] - BHO 1: {5BDD8E62-7AF2-4FF7-BF9C-C1FD30E8B279} ()
[07/14/2008, 0:34:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:15] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:34:15] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:34:15] - BHO 2: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:34:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:34:15] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:34:15] - BHO 5: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:34:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:34:15] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:34:15] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:34:15] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:34:15] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:34:15] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:34:15] - Finished Searching Browser Helper Objects
[07/14/2008, 0:34:15] - Finishing up...
[07/14/2008, 0:34:15] - A restart is needed.
[07/14/2008, 0:34:25] - Attempting to Restart via STOP error (Blue Screen!)
Le deuxième, qui semble ne rien avoir détecté. (Et que j'ai effectué en mode "Normal")
[07/14/2008, 0:39:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/14/2008, 0:39:11] - Detected System Information:
[07/14/2008, 0:39:11] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 0:39:11] - Current Username: HP_Administrateur (Admin)
[07/14/2008, 0:39:11] - Windows is in NORMAL mode.
[07/14/2008, 0:39:11] - Searching for Browser Helper Objects:
[07/14/2008, 0:39:11] - BHO 1: {66CFE262-41EC-4398-9D49-698CEAF9C1D9} (QXK Olive)
[07/14/2008, 0:39:11] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 0:39:11] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/14/2008, 0:39:11] - BHO 4: {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} ()
[07/14/2008, 0:39:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:39:11] - Checking for HKLM\...\Winlogon\Notify\nmoeuw
[07/14/2008, 0:39:11] - Key not found: HKLM\...\Winlogon\Notify\nmoeuw, continuing.
[07/14/2008, 0:39:11] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 0:39:11] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 0:39:11] - BHO 7: {C1AEB398-385D-48EB-A525-22728E4CA8A2} ()
[07/14/2008, 0:39:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 0:39:11] - Checking for HKLM\...\Winlogon\Notify\vtUkkifE
[07/14/2008, 0:39:11] - Key not found: HKLM\...\Winlogon\Notify\vtUkkifE, continuing.
[07/14/2008, 0:39:11] - BHO 8: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[07/14/2008, 0:39:11] - Finished Searching Browser Helper Objects
[07/14/2008, 0:39:11] - Finishing up...
[07/14/2008, 0:39:11] - Nothing found! Exiting...
Je vais maintenant montrer le rapport HiJackThis que j'ai effectué à la suite de ces tests:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:14: VIRUS ALERT!, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d77d3a2f-11ac-bc79-16f4-09f5d0ff818a} - {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} - C:\WINDOWS\system32\nmoeuw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C1AEB398-385D-48EB-A525-22728E4CA8A2} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Instant Messenger] 32\NULL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\daenwtci.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKCU\..\Policies\Explorer\Run: [{BC455228-089B-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089B-1036-0802-060719060021}\Update.exe" mc-110-12-0002522
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
J'ai ComboFix dans mon bureau, je clique autant de fois que je peux dessus, l'application ne veut pas s'ouvrir...
Ok, fais ceci :
- Télécharge Deckard's System Scanner (DSS) sur ton bureau :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
- Ferme toutes les applications en cours antivirus y compris
- Double-clique sur dss.exe pour lancer le soft
- S'il ne trouve pas HijackThis, clique sur Oui
- Clique sur OK à chaque fois que cela sera demandé
- L'analyse finie, un fichier texte s'affichera. Enregistre-le et poste-le ici.
- Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt
- Télécharge Deckard's System Scanner (DSS) sur ton bureau :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
- Ferme toutes les applications en cours antivirus y compris
- Double-clique sur dss.exe pour lancer le soft
- S'il ne trouve pas HijackThis, clique sur Oui
- Clique sur OK à chaque fois que cela sera demandé
- L'analyse finie, un fichier texte s'affichera. Enregistre-le et poste-le ici.
- Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt
Bon, je crois que je suis coincé.
Quand j'essaie de télécharger le fichier en mode normal, la page qui est censé démarrer le téléchargement est immédiatement doublée par la pub "AntiSpywareExpert". Toujours.
Et quand j'essaye de télécharger les fichiers en mode "sans échec", il me renvoie à "Internet Explorer ne peut pas afficher cette page web". Toujours.
A l'aide, s'il vous plaît!
Quand j'essaie de télécharger le fichier en mode normal, la page qui est censé démarrer le téléchargement est immédiatement doublée par la pub "AntiSpywareExpert". Toujours.
Et quand j'essaye de télécharger les fichiers en mode "sans échec", il me renvoie à "Internet Explorer ne peut pas afficher cette page web". Toujours.
A l'aide, s'il vous plaît!
J'ai passé plusieurs tests, dont "Spyware Terminator", qui m'a décelé 68 menaces (que j'ai supprimé), et Hitman Pro 2, qui semble s'arrêter à un moment du test. Je poste mon rapport HiJackThis actuel:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:41: VIRUS ALERT!, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hitman Pro\hitmanpro2.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: (no name) - {430F73A5-C9D7-452F-BB80-6A7893F6390B} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d77d3a2f-11ac-bc79-16f4-09f5d0ff818a} - {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} - C:\WINDOWS\system32\nmoeuw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\daenwtci.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:41: VIRUS ALERT!, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hitman Pro\hitmanpro2.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: (no name) - {430F73A5-C9D7-452F-BB80-6A7893F6390B} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d77d3a2f-11ac-bc79-16f4-09f5d0ff818a} - {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} - C:\WINDOWS\system32\nmoeuw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\daenwtci.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
J'ai passé plusieurs tests, dont "Spyware Terminator", qui m'a décelé 68 menaces (que j'ai supprimé), et Hitman Pro 2, qui semble s'arrêter à un moment du test. Je poste mon rapport HiJackThis actuel:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:41: VIRUS ALERT!, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hitman Pro\hitmanpro2.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: (no name) - {430F73A5-C9D7-452F-BB80-6A7893F6390B} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d77d3a2f-11ac-bc79-16f4-09f5d0ff818a} - {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} - C:\WINDOWS\system32\nmoeuw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\daenwtci.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:41: VIRUS ALERT!, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hitman Pro\hitmanpro2.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: (no name) - {430F73A5-C9D7-452F-BB80-6A7893F6390B} - C:\WINDOWS\system32\vtUkkifE.dll
O2 - BHO: QXK Olive - {66CFE262-41EC-4398-9D49-698CEAF9C1D9} - C:\WINDOWS\wbxdpgfefse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d77d3a2f-11ac-bc79-16f4-09f5d0ff818a} - {a818ff0d-5f90-4f61-97cb-ca11f2a3d77d} - C:\WINDOWS\system32\nmoeuw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C455~1\Bar888.dll (file missing)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bc455287] rundll32.exe "C:\WINDOWS\system32\daenwtci.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows System Maintain] BUILDERS.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{BC455228-089C-1036-0802-060719060021}] "C:\Program Files\Fichiers communs\{BC455228-089C-1036-0802-060719060021}\Update.exe" mc-110-12-0002522 (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: fsrpknov - {DEB0AE7B-2C58-4429-9ACB-AEFE1E8DF083} - C:\WINDOWS\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {55CE55D9-938E-4D7B-8576-1751718CE8F0} - C:\WINDOWS\fdxbameg.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Au fait: Depuis ces derniers tests, le Gestionnaire de tâches de Windows est revenu. Mais il est toujours absent du menu "Démarrer".
Installe Antivir, fais un scan complet puis poste le rapport :
https://www.clubic.com/telecharger-fiche10821-avira-antivir-personal-free-antivirus.html
Tuto :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.clubic.com/telecharger-fiche10821-avira-antivir-personal-free-antivirus.html
Tuto :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
