Probleme virtumonde
ioanson
-
ioanson -
ioanson -
Bonjour,g un probleme avec le virus virtumonde je le detecte avec spybot mais il n arrive pas a reparer. je fais un scan avec virtumondebegon voici le rapport. je ne mis connait pas trop merci pour votre aide.
[07/14/2008, 14:01:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\0XX8MWJZ\VirtumundoBeGone[1].exe" )
[07/14/2008, 14:02:09] - Detected System Information:
[07/14/2008, 14:02:09] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 14:02:09] - Current Username: YoYo (Admin)
[07/14/2008, 14:02:10] - Windows is in NORMAL mode.
[07/14/2008, 14:02:10] - Searching for Browser Helper Objects:
[07/14/2008, 14:02:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/14/2008, 14:02:10] - BHO 2: {07D27ECE-1453-48EC-8965-E745A9CA3F02} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - No filename found. Continuing.
[07/14/2008, 14:02:10] - BHO 3: {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - No filename found. Continuing.
[07/14/2008, 14:02:10] - BHO 4: {21461821-DED9-4D67-BE47-C9800C50B7FE} (QXK Olive)
[07/14/2008, 14:02:10] - BHO 5: {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - Checking for HKLM\...\Winlogon\Notify\fkjkko
[07/14/2008, 14:02:10] - Key not found: HKLM\...\Winlogon\Notify\fkjkko, continuing.
[07/14/2008, 14:02:10] - BHO 6: {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - No filename found. Continuing.
[07/14/2008, 14:02:10] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 14:02:10] - BHO 8: {6F45ED33-752A-417A-A660-622F642AB5C6} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - Checking for HKLM\...\Winlogon\Notify\vtUlLCtR
[07/14/2008, 14:02:11] - Key not found: HKLM\...\Winlogon\Notify\vtUlLCtR, continuing.
[07/14/2008, 14:02:11] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 14:02:11] - BHO 10: {85C91A92-C263-4404-862B-EBCB9A8161B5} ()
[07/14/2008, 14:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:11] - Checking for HKLM\...\Winlogon\Notify\wvUNEUNh
[07/14/2008, 14:02:11] - Key not found: HKLM\...\Winlogon\Notify\wvUNEUNh, continuing.
[07/14/2008, 14:02:11] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 14:02:11] - BHO 12: {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} ()
[07/14/2008, 14:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:11] - No filename found. Continuing.
[07/14/2008, 14:02:11] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 14:02:11] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 14:02:11] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 14:02:11] - BHO 16: {F8AC36D7-F602-4B69-99B5-2A812E05779F} ()
[07/14/2008, 14:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:11] - Checking for HKLM\...\Winlogon\Notify\opnmMgfF
[07/14/2008, 14:02:11] - Found: HKLM\...\Winlogon\Notify\opnmMgfF - This is probably Virtumundo.
[07/14/2008, 14:02:11] - Assigning {F8AC36D7-F602-4B69-99B5-2A812E05779F} MSEvents Object
[07/14/2008, 14:02:11] - BHO list has been changed! Starting over...
[07/14/2008, 14:02:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/14/2008, 14:02:12] - BHO 2: {07D27ECE-1453-48EC-8965-E745A9CA3F02} ()
[07/14/2008, 14:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:12] - No filename found. Continuing.
[07/14/2008, 14:02:12] - BHO 3: {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} ()
[07/14/2008, 14:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:12] - No filename found. Continuing.
[07/14/2008, 14:02:12] - BHO 4: {21461821-DED9-4D67-BE47-C9800C50B7FE} (QXK Olive)
[07/14/2008, 14:02:12] - BHO 5: {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} ()
[07/14/2008, 14:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:12] - Checking for HKLM\...\Winlogon\Notify\fkjkko
[07/14/2008, 14:02:12] - Key not found: HKLM\...\Winlogon\Notify\fkjkko, continuing.
[07/14/2008, 14:02:12] - BHO 6: {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} ()
[07/14/2008, 14:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:12] - No filename found. Continuing.
[07/14/2008, 14:02:12] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 14:02:13] - BHO 8: {6F45ED33-752A-417A-A660-622F642AB5C6} ()
[07/14/2008, 14:02:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:13] - Checking for HKLM\...\Winlogon\Notify\vtUlLCtR
[07/14/2008, 14:02:13] - Key not found: HKLM\...\Winlogon\Notify\vtUlLCtR, continuing.
[07/14/2008, 14:02:13] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 14:02:13] - BHO 10: {85C91A92-C263-4404-862B-EBCB9A8161B5} ()
[07/14/2008, 14:02:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:13] - Checking for HKLM\...\Winlogon\Notify\wvUNEUNh
[07/14/2008, 14:02:13] - Key not found: HKLM\...\Winlogon\Notify\wvUNEUNh, continuing.
[07/14/2008, 14:02:13] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 14:02:13] - BHO 12: {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} ()
[07/14/2008, 14:02:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:13] - No filename found. Continuing.
[07/14/2008, 14:02:13] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 14:02:13] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 14:02:13] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 14:02:13] - BHO 16: {F8AC36D7-F602-4B69-99B5-2A812E05779F} (MSEvents Object)
[07/14/2008, 14:02:13] - ALERT: Found MSEvents Object!
[07/14/2008, 14:02:13] - Finished Searching Browser Helper Objects
[07/14/2008, 14:02:13] - *** Detected MSEvents Object
[07/14/2008, 14:02:14] - Trying to remove MSEvents Object...
[07/14/2008, 14:02:15] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 14:02:15] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 14:02:15] - Disabling Automatic Shell Restart
[07/14/2008, 14:02:15] - Terminating Process: EXPLORER.EXE
[07/14/2008, 14:02:16] - Suspending the NT Session Manager System Service
[07/14/2008, 14:02:16] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 14:02:17] - Re-enabling Automatic Shell Restart
[07/14/2008, 14:02:17] - File to disable: C:\WINDOWS\system32\opnmMgfF.dll
[07/14/2008, 14:02:17] - Renaming C:\WINDOWS\system32\opnmMgfF.dll -> C:\WINDOWS\system32\opnmMgfF.dll.vir
[07/14/2008, 14:02:17] - File successfully renamed!
[07/14/2008, 14:02:17] - Removing HKLM\...\Browser Helper Objects\{F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 14:02:17] - Removing HKCR\CLSID\{F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 14:02:18] - Adding Kill Bit for ActiveX for GUID: {F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 14:02:18] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 14:02:18] - Removing HKLM\...\Winlogon\Notify\opnmMgfF
[07/14/2008, 14:02:18] - Searching for Browser Helper Objects:
[07/14/2008, 14:02:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/14/2008, 14:02:18] - BHO 2: {07D27ECE-1453-48EC-8965-E745A9CA3F02} ()
[07/14/2008, 14:02:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:18] - No filename found. Continuing.
[07/14/2008, 14:02:18] - BHO 3: {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} ()
[07/14/2008, 14:02:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:18] - No filename found. Continuing.
[07/14/2008, 14:02:18] - BHO 4: {21461821-DED9-4D67-BE47-C9800C50B7FE} (QXK Olive)
[07/14/2008, 14:02:18] - BHO 5: {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - Checking for HKLM\...\Winlogon\Notify\fkjkko
[07/14/2008, 14:02:19] - Key not found: HKLM\...\Winlogon\Notify\fkjkko, continuing.
[07/14/2008, 14:02:19] - BHO 6: {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - No filename found. Continuing.
[07/14/2008, 14:02:19] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 14:02:19] - BHO 8: {6F45ED33-752A-417A-A660-622F642AB5C6} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - Checking for HKLM\...\Winlogon\Notify\vtUlLCtR
[07/14/2008, 14:02:19] - Key not found: HKLM\...\Winlogon\Notify\vtUlLCtR, continuing.
[07/14/2008, 14:02:19] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 14:02:19] - BHO 10: {85C91A92-C263-4404-862B-EBCB9A8161B5} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - Checking for HKLM\...\Winlogon\Notify\wvUNEUNh
[07/14/2008, 14:02:19] - Key not found: HKLM\...\Winlogon\Notify\wvUNEUNh, continuing.
[07/14/2008, 14:02:19] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 14:02:19] - BHO 12: {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - No filename found. Continuing.
[07/14/2008, 14:02:19] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 14:02:20] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 14:02:20] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 14:02:20] - Finished Searching Browser Helper Objects
[07/14/2008, 14:02:20] - Finishing up...
[07/14/2008, 14:02:20] - A restart is needed.
[07/14/2008, 14:02:50] - Attempting to Restart via STOP error (Blue Screen!)
[07/14/2008, 14:17:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\0XX8MWJZ\VirtumundoBeGone[1].exe" )
[07/14/2008, 14:17:37] - Detected System Information:
[07/14/2008, 14:17:37] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 14:17:37] - Current Username: YoYo (Admin)
[07/14/2008, 14:17:37] - Windows is in NORMAL mode.
[07/14/2008, 14:17:37] - Searching for Browser Helper Objects:
[07/14/2008, 14:17:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/14/2008, 14:17:37] - BHO 2: {07D27ECE-1453-48EC-8965-E745A9CA3F02} ()
[07/14/2008, 14:17:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:37] - No filename found. Continuing.
[07/14/2008, 14:17:37] - BHO 3: {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} ()
[07/14/2008, 14:17:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:37] - No filename found. Continuing.
[07/14/2008, 14:17:37] - BHO 4: {21461821-DED9-4D67-BE47-C9800C50B7FE} (QXK Olive)
[07/14/2008, 14:17:37] - BHO 5: {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} ()
[07/14/2008, 14:17:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:37] - Checking for HKLM\...\Winlogon\Notify\fkjkko
[07/14/2008, 14:17:37] - Key not found: HKLM\...\Winlogon\Notify\fkjkko, continuing.
[07/14/2008, 14:17:37] - BHO 6: {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} ()
[07/14/2008, 14:17:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:37] - No filename found. Continuing.
[07/14/2008, 14:17:37] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 14:17:37] - BHO 8: {6F45ED33-752A-417A-A660-622F642AB5C6} ()
[07/14/2008, 14:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:38] - No filename found. Continuing.
[07/14/2008, 14:17:38] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 14:17:38] - BHO 10: {85C91A92-C263-4404-862B-EBCB9A8161B5} ()
[07/14/2008, 14:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:38] - Checking for HKLM\...\Winlogon\Notify\wvUNEUNh
[07/14/2008, 14:17:38] - Key not found: HKLM\...\Winlogon\Notify\wvUNEUNh, continuing.
[07/14/2008, 14:17:38] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 14:17:38] - BHO 12: {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} ()
[07/14/2008, 14:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:38] - No filename found. Continuing.
[07/14/2008, 14:17:38] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 14:17:38] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 14:17:38] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 14:17:38] - BHO 16: {DA915181-083C-4310-A481-C6E366AFBF08} ()
[07/14/2008, 14:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:38] - Checking for HKLM\...\Winlogon\Notify\vtUlLCtR
[07/14/2008, 14:17:38] - Key not found: HKLM\...\Winlogon\Notify\vtUlLCtR, continuing.
[07/14/2008, 14:17:38] - Finished Searching Browser Helper Objects
[07/14/2008, 14:17:38] - Finishing up...
[07/14/2008, 14:17:38] - Nothing found! Exiting...
[07/14/2008, 14:01:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\0XX8MWJZ\VirtumundoBeGone[1].exe" )
[07/14/2008, 14:02:09] - Detected System Information:
[07/14/2008, 14:02:09] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 14:02:09] - Current Username: YoYo (Admin)
[07/14/2008, 14:02:10] - Windows is in NORMAL mode.
[07/14/2008, 14:02:10] - Searching for Browser Helper Objects:
[07/14/2008, 14:02:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/14/2008, 14:02:10] - BHO 2: {07D27ECE-1453-48EC-8965-E745A9CA3F02} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - No filename found. Continuing.
[07/14/2008, 14:02:10] - BHO 3: {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - No filename found. Continuing.
[07/14/2008, 14:02:10] - BHO 4: {21461821-DED9-4D67-BE47-C9800C50B7FE} (QXK Olive)
[07/14/2008, 14:02:10] - BHO 5: {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - Checking for HKLM\...\Winlogon\Notify\fkjkko
[07/14/2008, 14:02:10] - Key not found: HKLM\...\Winlogon\Notify\fkjkko, continuing.
[07/14/2008, 14:02:10] - BHO 6: {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - No filename found. Continuing.
[07/14/2008, 14:02:10] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 14:02:10] - BHO 8: {6F45ED33-752A-417A-A660-622F642AB5C6} ()
[07/14/2008, 14:02:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:10] - Checking for HKLM\...\Winlogon\Notify\vtUlLCtR
[07/14/2008, 14:02:11] - Key not found: HKLM\...\Winlogon\Notify\vtUlLCtR, continuing.
[07/14/2008, 14:02:11] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 14:02:11] - BHO 10: {85C91A92-C263-4404-862B-EBCB9A8161B5} ()
[07/14/2008, 14:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:11] - Checking for HKLM\...\Winlogon\Notify\wvUNEUNh
[07/14/2008, 14:02:11] - Key not found: HKLM\...\Winlogon\Notify\wvUNEUNh, continuing.
[07/14/2008, 14:02:11] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 14:02:11] - BHO 12: {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} ()
[07/14/2008, 14:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:11] - No filename found. Continuing.
[07/14/2008, 14:02:11] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 14:02:11] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 14:02:11] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 14:02:11] - BHO 16: {F8AC36D7-F602-4B69-99B5-2A812E05779F} ()
[07/14/2008, 14:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:11] - Checking for HKLM\...\Winlogon\Notify\opnmMgfF
[07/14/2008, 14:02:11] - Found: HKLM\...\Winlogon\Notify\opnmMgfF - This is probably Virtumundo.
[07/14/2008, 14:02:11] - Assigning {F8AC36D7-F602-4B69-99B5-2A812E05779F} MSEvents Object
[07/14/2008, 14:02:11] - BHO list has been changed! Starting over...
[07/14/2008, 14:02:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/14/2008, 14:02:12] - BHO 2: {07D27ECE-1453-48EC-8965-E745A9CA3F02} ()
[07/14/2008, 14:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:12] - No filename found. Continuing.
[07/14/2008, 14:02:12] - BHO 3: {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} ()
[07/14/2008, 14:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:12] - No filename found. Continuing.
[07/14/2008, 14:02:12] - BHO 4: {21461821-DED9-4D67-BE47-C9800C50B7FE} (QXK Olive)
[07/14/2008, 14:02:12] - BHO 5: {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} ()
[07/14/2008, 14:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:12] - Checking for HKLM\...\Winlogon\Notify\fkjkko
[07/14/2008, 14:02:12] - Key not found: HKLM\...\Winlogon\Notify\fkjkko, continuing.
[07/14/2008, 14:02:12] - BHO 6: {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} ()
[07/14/2008, 14:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:12] - No filename found. Continuing.
[07/14/2008, 14:02:12] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 14:02:13] - BHO 8: {6F45ED33-752A-417A-A660-622F642AB5C6} ()
[07/14/2008, 14:02:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:13] - Checking for HKLM\...\Winlogon\Notify\vtUlLCtR
[07/14/2008, 14:02:13] - Key not found: HKLM\...\Winlogon\Notify\vtUlLCtR, continuing.
[07/14/2008, 14:02:13] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 14:02:13] - BHO 10: {85C91A92-C263-4404-862B-EBCB9A8161B5} ()
[07/14/2008, 14:02:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:13] - Checking for HKLM\...\Winlogon\Notify\wvUNEUNh
[07/14/2008, 14:02:13] - Key not found: HKLM\...\Winlogon\Notify\wvUNEUNh, continuing.
[07/14/2008, 14:02:13] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 14:02:13] - BHO 12: {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} ()
[07/14/2008, 14:02:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:13] - No filename found. Continuing.
[07/14/2008, 14:02:13] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 14:02:13] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 14:02:13] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 14:02:13] - BHO 16: {F8AC36D7-F602-4B69-99B5-2A812E05779F} (MSEvents Object)
[07/14/2008, 14:02:13] - ALERT: Found MSEvents Object!
[07/14/2008, 14:02:13] - Finished Searching Browser Helper Objects
[07/14/2008, 14:02:13] - *** Detected MSEvents Object
[07/14/2008, 14:02:14] - Trying to remove MSEvents Object...
[07/14/2008, 14:02:15] - Terminating Process: IEXPLORE.EXE
[07/14/2008, 14:02:15] - Terminating Process: RUNDLL32.EXE
[07/14/2008, 14:02:15] - Disabling Automatic Shell Restart
[07/14/2008, 14:02:15] - Terminating Process: EXPLORER.EXE
[07/14/2008, 14:02:16] - Suspending the NT Session Manager System Service
[07/14/2008, 14:02:16] - Terminating Windows NT Logon/Logoff Manager
[07/14/2008, 14:02:17] - Re-enabling Automatic Shell Restart
[07/14/2008, 14:02:17] - File to disable: C:\WINDOWS\system32\opnmMgfF.dll
[07/14/2008, 14:02:17] - Renaming C:\WINDOWS\system32\opnmMgfF.dll -> C:\WINDOWS\system32\opnmMgfF.dll.vir
[07/14/2008, 14:02:17] - File successfully renamed!
[07/14/2008, 14:02:17] - Removing HKLM\...\Browser Helper Objects\{F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 14:02:17] - Removing HKCR\CLSID\{F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 14:02:18] - Adding Kill Bit for ActiveX for GUID: {F8AC36D7-F602-4B69-99B5-2A812E05779F}
[07/14/2008, 14:02:18] - Deleting ATLEvents/MSEvents Registry entries
[07/14/2008, 14:02:18] - Removing HKLM\...\Winlogon\Notify\opnmMgfF
[07/14/2008, 14:02:18] - Searching for Browser Helper Objects:
[07/14/2008, 14:02:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/14/2008, 14:02:18] - BHO 2: {07D27ECE-1453-48EC-8965-E745A9CA3F02} ()
[07/14/2008, 14:02:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:18] - No filename found. Continuing.
[07/14/2008, 14:02:18] - BHO 3: {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} ()
[07/14/2008, 14:02:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:18] - No filename found. Continuing.
[07/14/2008, 14:02:18] - BHO 4: {21461821-DED9-4D67-BE47-C9800C50B7FE} (QXK Olive)
[07/14/2008, 14:02:18] - BHO 5: {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - Checking for HKLM\...\Winlogon\Notify\fkjkko
[07/14/2008, 14:02:19] - Key not found: HKLM\...\Winlogon\Notify\fkjkko, continuing.
[07/14/2008, 14:02:19] - BHO 6: {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - No filename found. Continuing.
[07/14/2008, 14:02:19] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 14:02:19] - BHO 8: {6F45ED33-752A-417A-A660-622F642AB5C6} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - Checking for HKLM\...\Winlogon\Notify\vtUlLCtR
[07/14/2008, 14:02:19] - Key not found: HKLM\...\Winlogon\Notify\vtUlLCtR, continuing.
[07/14/2008, 14:02:19] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 14:02:19] - BHO 10: {85C91A92-C263-4404-862B-EBCB9A8161B5} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - Checking for HKLM\...\Winlogon\Notify\wvUNEUNh
[07/14/2008, 14:02:19] - Key not found: HKLM\...\Winlogon\Notify\wvUNEUNh, continuing.
[07/14/2008, 14:02:19] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 14:02:19] - BHO 12: {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} ()
[07/14/2008, 14:02:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:02:19] - No filename found. Continuing.
[07/14/2008, 14:02:19] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 14:02:20] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 14:02:20] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 14:02:20] - Finished Searching Browser Helper Objects
[07/14/2008, 14:02:20] - Finishing up...
[07/14/2008, 14:02:20] - A restart is needed.
[07/14/2008, 14:02:50] - Attempting to Restart via STOP error (Blue Screen!)
[07/14/2008, 14:17:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\0XX8MWJZ\VirtumundoBeGone[1].exe" )
[07/14/2008, 14:17:37] - Detected System Information:
[07/14/2008, 14:17:37] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2008, 14:17:37] - Current Username: YoYo (Admin)
[07/14/2008, 14:17:37] - Windows is in NORMAL mode.
[07/14/2008, 14:17:37] - Searching for Browser Helper Objects:
[07/14/2008, 14:17:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/14/2008, 14:17:37] - BHO 2: {07D27ECE-1453-48EC-8965-E745A9CA3F02} ()
[07/14/2008, 14:17:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:37] - No filename found. Continuing.
[07/14/2008, 14:17:37] - BHO 3: {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} ()
[07/14/2008, 14:17:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:37] - No filename found. Continuing.
[07/14/2008, 14:17:37] - BHO 4: {21461821-DED9-4D67-BE47-C9800C50B7FE} (QXK Olive)
[07/14/2008, 14:17:37] - BHO 5: {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} ()
[07/14/2008, 14:17:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:37] - Checking for HKLM\...\Winlogon\Notify\fkjkko
[07/14/2008, 14:17:37] - Key not found: HKLM\...\Winlogon\Notify\fkjkko, continuing.
[07/14/2008, 14:17:37] - BHO 6: {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} ()
[07/14/2008, 14:17:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:37] - No filename found. Continuing.
[07/14/2008, 14:17:37] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 14:17:37] - BHO 8: {6F45ED33-752A-417A-A660-622F642AB5C6} ()
[07/14/2008, 14:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:38] - No filename found. Continuing.
[07/14/2008, 14:17:38] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 14:17:38] - BHO 10: {85C91A92-C263-4404-862B-EBCB9A8161B5} ()
[07/14/2008, 14:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:38] - Checking for HKLM\...\Winlogon\Notify\wvUNEUNh
[07/14/2008, 14:17:38] - Key not found: HKLM\...\Winlogon\Notify\wvUNEUNh, continuing.
[07/14/2008, 14:17:38] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 14:17:38] - BHO 12: {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} ()
[07/14/2008, 14:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:38] - No filename found. Continuing.
[07/14/2008, 14:17:38] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2008, 14:17:38] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2008, 14:17:38] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 14:17:38] - BHO 16: {DA915181-083C-4310-A481-C6E366AFBF08} ()
[07/14/2008, 14:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2008, 14:17:38] - Checking for HKLM\...\Winlogon\Notify\vtUlLCtR
[07/14/2008, 14:17:38] - Key not found: HKLM\...\Winlogon\Notify\vtUlLCtR, continuing.
[07/14/2008, 14:17:38] - Finished Searching Browser Helper Objects
[07/14/2008, 14:17:38] - Finishing up...
[07/14/2008, 14:17:38] - Nothing found! Exiting...
10 réponses
Bonjour,
Peux-tu télécharger hijackthis sur ton bureau pour voir quelles infections sont sur ton ordinateur :
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Installe le à la racine du disque dur (C:\Hijackthis), lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum.
VirtumondeBeGone n'a rien trouvé, si tu as bien Vundo/Virtumonde, on utilisera autre chose ;)
Peux-tu télécharger hijackthis sur ton bureau pour voir quelles infections sont sur ton ordinateur :
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Installe le à la racine du disque dur (C:\Hijackthis), lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum.
VirtumondeBeGone n'a rien trouvé, si tu as bien Vundo/Virtumonde, on utilisera autre chose ;)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:23, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07D27ECE-1453-48EC-8965-E745A9CA3F02} - (no file)
O2 - BHO: (no name) - {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} - (no file)
O2 - BHO: QXK Olive - {21461821-DED9-4D67-BE47-C9800C50B7FE} - C:\WINDOWS\wbxdpgfeovl.dll
O2 - BHO: {29bef5f9-562f-5cb9-4fb4-8b504fd0df32} - {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} - C:\WINDOWS\system32\fkjkko.dll
O2 - BHO: (no name) - {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F45ED33-752A-417A-A660-622F642AB5C6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {85C91A92-C263-4404-862B-EBCB9A8161B5} - C:\WINDOWS\system32\wvUNEUNh.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DA915181-083C-4310-A481-C6E366AFBF08} - C:\WINDOWS\system32\vtUlLCtR.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [c491036f] rundll32.exe "C:\WINDOWS\system32\inljsnhh.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase_fr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O21 - SSODL: fsrpknov - {F77A7B02-CF67-4AFD-BE91-7B77B28801F5} - C:\WINDOWS\fsrpknov.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 15:09:23, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07D27ECE-1453-48EC-8965-E745A9CA3F02} - (no file)
O2 - BHO: (no name) - {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} - (no file)
O2 - BHO: QXK Olive - {21461821-DED9-4D67-BE47-C9800C50B7FE} - C:\WINDOWS\wbxdpgfeovl.dll
O2 - BHO: {29bef5f9-562f-5cb9-4fb4-8b504fd0df32} - {23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} - C:\WINDOWS\system32\fkjkko.dll
O2 - BHO: (no name) - {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F45ED33-752A-417A-A660-622F642AB5C6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {85C91A92-C263-4404-862B-EBCB9A8161B5} - C:\WINDOWS\system32\wvUNEUNh.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DA915181-083C-4310-A481-C6E366AFBF08} - C:\WINDOWS\system32\vtUlLCtR.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [c491036f] rundll32.exe "C:\WINDOWS\system32\inljsnhh.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase_fr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O21 - SSODL: fsrpknov - {F77A7B02-CF67-4AFD-BE91-7B77B28801F5} - C:\WINDOWS\fsrpknov.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ton ordinateur est bien infecté par Vundo/Virtumonde...
Pour t'en débarrasser :
Installe et scanne avec MalwareByte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Télécharge le, installe le, lance le, mets le à jour.
Puis, redémarre ton ordinateur en mode sans échec (redémarre et tapote sur F8 avant l'apparition du logo Windows), fais un scan complet de ton ordinateur et supprime tout ce qui est détecté.
Redémarre en mode normal et poste le rapport ici
Pour t'en débarrasser :
Installe et scanne avec MalwareByte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Télécharge le, installe le, lance le, mets le à jour.
Puis, redémarre ton ordinateur en mode sans échec (redémarre et tapote sur F8 avant l'apparition du logo Windows), fais un scan complet de ton ordinateur et supprime tout ce qui est détecté.
Redémarre en mode normal et poste le rapport ici
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila le rapoort mais g pas supprimer je crois il fo ke je recommence.desoler
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 948
Windows 5.1.2600 Service Pack 2
16:26:42 14/07/2008
mbam-log-7-14-2008 (16-26-32).txt
Type de recherche: Examen rapide
Eléments examinés: 44114
Temps écoulé: 59 minute(s), 36 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{02a385d4-42d1-4d36-b46c-fa12b8cb6adf} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{da066afc-f07b-42ea-a0a2-812b479aa1d6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{fa2c82fe-8844-4239-acdb-969a845cd0d6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21461821-ded9-4d67-be47-c9800c50b7fe} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21461821-ded9-4d67-be47-c9800c50b7fe} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e3a59d79-a14b-4460-98c6-3881e2915116} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7f87ca6f-6c17-42ff-b37e-e91cee6cf677} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16e147c-bccd-4895-bdf6-ff72fd381c93} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingenhancer (Adware.PlayMP3Z-biz) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sqvgnrpx.bsol (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c491036f (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywareexpert (Rogue.AntiSpywareExpert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtullctr -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\BrowsingEnhancer (Adware.PlayMP3Z-biz) -> No action taken.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\inljsnhh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hhnsjlni.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\wbxdpgfeovl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\eavm.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\czakgl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\erdccubq.dll.vzr (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fkjkko.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mlrgkupy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnmMgfF.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uuvdstvb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUlLCtR.dll.vzr (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUkJbxX.dll (Trojan.Vundo) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\0XX8MWJZ\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\HUB1MZUN\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\UFFJW23L\css4[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\WSS4Y9ZP\css4[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\BrowsingEnhancer\BrowsingEnhancer.dat (Adware.PlayMP3Z-biz) -> No action taken.
C:\Program Files\BrowsingEnhancer\pcre3.dll (Adware.PlayMP3Z-biz) -> No action taken.
C:\Program Files\BrowsingEnhancer\uninstall.exe (Adware.PlayMP3Z-biz) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ejdnmyftn_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\ejdnmyftn_nav.dat (Adware.NaviPromo) -> No action taken.
C:\Documents and Settings\YoYo\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> No action taken.
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 948
Windows 5.1.2600 Service Pack 2
16:26:42 14/07/2008
mbam-log-7-14-2008 (16-26-32).txt
Type de recherche: Examen rapide
Eléments examinés: 44114
Temps écoulé: 59 minute(s), 36 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{02a385d4-42d1-4d36-b46c-fa12b8cb6adf} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{da066afc-f07b-42ea-a0a2-812b479aa1d6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{fa2c82fe-8844-4239-acdb-969a845cd0d6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21461821-ded9-4d67-be47-c9800c50b7fe} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21461821-ded9-4d67-be47-c9800c50b7fe} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e3a59d79-a14b-4460-98c6-3881e2915116} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7f87ca6f-6c17-42ff-b37e-e91cee6cf677} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16e147c-bccd-4895-bdf6-ff72fd381c93} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingenhancer (Adware.PlayMP3Z-biz) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sqvgnrpx.bsol (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c491036f (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywareexpert (Rogue.AntiSpywareExpert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtullctr -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\BrowsingEnhancer (Adware.PlayMP3Z-biz) -> No action taken.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\inljsnhh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hhnsjlni.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\wbxdpgfeovl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\eavm.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\czakgl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\erdccubq.dll.vzr (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fkjkko.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mlrgkupy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnmMgfF.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uuvdstvb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUlLCtR.dll.vzr (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUkJbxX.dll (Trojan.Vundo) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\0XX8MWJZ\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\HUB1MZUN\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\UFFJW23L\css4[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\WSS4Y9ZP\css4[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\BrowsingEnhancer\BrowsingEnhancer.dat (Adware.PlayMP3Z-biz) -> No action taken.
C:\Program Files\BrowsingEnhancer\pcre3.dll (Adware.PlayMP3Z-biz) -> No action taken.
C:\Program Files\BrowsingEnhancer\uninstall.exe (Adware.PlayMP3Z-biz) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ejdnmyftn_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\ejdnmyftn_nav.dat (Adware.NaviPromo) -> No action taken.
C:\Documents and Settings\YoYo\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> No action taken.
c ok apparament voici le rapport final. et je te remercie tu a etait vraiment tres efficace. c est un enorme soulagement. merci beaucoup..
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 948
Windows 5.1.2600 Service Pack 2
17:05:47 14/07/2008
mbam-log-7-14-2008 (17-05-47).txt
Type de recherche: Examen rapide
Eléments examinés: 45459
Temps écoulé: 9 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{02a385d4-42d1-4d36-b46c-fa12b8cb6adf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da066afc-f07b-42ea-a0a2-812b479aa1d6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fa2c82fe-8844-4239-acdb-969a845cd0d6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21461821-ded9-4d67-be47-c9800c50b7fe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21461821-ded9-4d67-be47-c9800c50b7fe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e3a59d79-a14b-4460-98c6-3881e2915116} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7f87ca6f-6c17-42ff-b37e-e91cee6cf677} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16e147c-bccd-4895-bdf6-ff72fd381c93} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingenhancer (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bsol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c491036f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywareexpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtullctr -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\BrowsingEnhancer (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\inljsnhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhnsjlni.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\wbxdpgfeovl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\eavm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\czakgl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erdccubq.dll.vzr (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkjkko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlrgkupy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmMgfF.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuvdstvb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlLCtR.dll.vzr (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkJbxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\0XX8MWJZ\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\HUB1MZUN\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\UFFJW23L\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\WSS4Y9ZP\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\BrowsingEnhancer.dat (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\pcre3.dll (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejdnmyftn_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejdnmyftn_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 948
Windows 5.1.2600 Service Pack 2
17:05:47 14/07/2008
mbam-log-7-14-2008 (17-05-47).txt
Type de recherche: Examen rapide
Eléments examinés: 45459
Temps écoulé: 9 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{02a385d4-42d1-4d36-b46c-fa12b8cb6adf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da066afc-f07b-42ea-a0a2-812b479aa1d6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fa2c82fe-8844-4239-acdb-969a845cd0d6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21461821-ded9-4d67-be47-c9800c50b7fe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21461821-ded9-4d67-be47-c9800c50b7fe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e3a59d79-a14b-4460-98c6-3881e2915116} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7f87ca6f-6c17-42ff-b37e-e91cee6cf677} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16e147c-bccd-4895-bdf6-ff72fd381c93} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23fd0df4-05b8-4bf4-9bc5-f2659f5feb92} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingenhancer (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bsol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c491036f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywareexpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtullctr -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\BrowsingEnhancer (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\inljsnhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhnsjlni.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\wbxdpgfeovl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\eavm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\czakgl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erdccubq.dll.vzr (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkjkko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlrgkupy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmMgfF.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuvdstvb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlLCtR.dll.vzr (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkJbxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\0XX8MWJZ\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\HUB1MZUN\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\UFFJW23L\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Local Settings\Temporary Internet Files\Content.IE5\WSS4Y9ZP\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\BrowsingEnhancer.dat (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\pcre3.dll (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejdnmyftn_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejdnmyftn_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\YoYo\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:39, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07D27ECE-1453-48EC-8965-E745A9CA3F02} - (no file)
O2 - BHO: (no name) - {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} - (no file)
O2 - BHO: (no name) - {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F45ED33-752A-417A-A660-622F642AB5C6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {85C91A92-C263-4404-862B-EBCB9A8161B5} - C:\WINDOWS\system32\wvUNEUNh.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DA915181-083C-4310-A481-C6E366AFBF08} - C:\WINDOWS\system32\vtUlLCtR.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 20:02:39, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07D27ECE-1453-48EC-8965-E745A9CA3F02} - (no file)
O2 - BHO: (no name) - {20EAF828-491E-4DF9-9260-1FE3BCEAA1B6} - (no file)
O2 - BHO: (no name) - {365848D2-3656-4EFC-9F6D-F8F46B0CF8E2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F45ED33-752A-417A-A660-622F642AB5C6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {85C91A92-C263-4404-862B-EBCB9A8161B5} - C:\WINDOWS\system32\wvUNEUNh.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AF16103-B02F-4F28-93D3-BA7A4ECEF5AD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DA915181-083C-4310-A481-C6E366AFBF08} - C:\WINDOWS\system32\vtUlLCtR.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Il y a des lignes inutiles à fixer, mais d'abord, je voudrais vérifier quelque chose.
Va sur https://www.virustotal.com/gui/
Clique sur Parcourir, puis navigue jusqu'au fichier suivant SANS l'ouvrir C:\WINDOWS\sysnet32.exe
Analyse ce fichier, et copie ici le résultat du scan.
Va sur https://www.virustotal.com/gui/
Clique sur Parcourir, puis navigue jusqu'au fichier suivant SANS l'ouvrir C:\WINDOWS\sysnet32.exe
Analyse ce fichier, et copie ici le résultat du scan.
