|
|
Auteur
|
Message
|
1
2
|
|
|
|
bonjour a tous mon antivirus ( antivir ) m'ouvre une fenetre a chaque fois que je veut ouvrir un programe
antivir marque ca
C:/WINDOWS/systeme32/khfEUoNh.dll
is the troja horse TR/Mondera.62464.1
voila si vous voulez plus d'info n'hesiter pas
merci d'avance
-->Message édité par nicado le 07/07/2008 18:20:05<--
|
|
|
|
|
bonjour personne pour m'aider
g un rapport de scan antivir si vous voulez que je le mete dite moi
|
|
|
|
|
Salut nicado
Télécharge Hijackthis V 2.02 sur le bureau :
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
- Double clique sur HJTInstall.exe sur le bureau
- Clique sur Install ensuite sur I Accept
- fermer toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).
- lancer HJT et clic sur Do a system scan and save a logfile
- une fenêtre Notepad s'ouvre : Ctrl-A pour sélectionner tout le texte, Ctrl-C pour le copier dans le presse papier.
- mettre le texte dans un post ci-dessous (Ctrl-V) pour analyse
Tutoriel si besoin d’aide : http://www.sosordi.net/Article/Article.125-1.html
@++
|
|
|
|
|
voila le rapport et merci de ta reponce
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:47, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Screen Watcher\watcher.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0E1F6ADF-7C78-407F-99EF-AF288649396E} - (no file)
O2 - BHO: cpmsky browser optimizer - {131e7e60-9b22-0fd3-c873-54e78614397b} - C:\WINDOWS\system32\{e8f7016a-7d46-d4c5-4067-77cea4514571}.dll (file missing)
O2 - BHO: (no name) - {13D64510-A0E3-43BB-81D7-B4E5D207F8FC} - (no file)
O2 - BHO: (no name) - {1AE33729-557B-4688-AE17-35224329440E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58AA2AAB-E945-49E7-B7A2-672AC85367E7} - C:\WINDOWS\system32\khfEUoNh.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\_OTMOV~1\MOVEDF~1\PROGRA~1\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {899BF31A-B98E-4F29-AAA0-5205B2F50024} - (no file)
O2 - BHO: (no name) - {8AB335AB-BF0E-4D05-B63E-956ED44A74C2} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nse16D.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B605E12A-006D-45A5-B5B9-6526AD60BF99} - C:\WINDOWS\system32\xxyYpqOF.dll
O2 - BHO: (no name) - {BA6E1FF8-F6EC-485E-A3F5-8CC0C75F543F} - C:\WINDOWS\system32\hgGvtTkk.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch browser optimizer - {c51649b8-504c-aeec-d0dd-759f46954c38} - C:\WINDOWS\system32\{91c6ca60-cace-9641-920f-3eabcb68439d}.dll (file missing)
O2 - BHO: (no name) - {c75bc2ab-c77f-45bd-9e90-af130ea79fd4} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\_OTMOV~1\MOVEDF~1\PROGRA~1\GamesBar\oberontb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [s-watch] C:\Program Files\Screen Watcher\watcher.exe
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmsky.dll" DllStart
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Compaq_Propriétaire\lsass.exe
O4 - HKLM\..\Run: [BMbf37af78] Rundll32.exe "C:\WINDOWS\system32\ocwvyrrk.dll",s
O4 - HKLM\..\Run: [bc049ce4] rundll32.exe "C:\WINDOWS\system32\bljckpoc.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ee9ddd0e7d4e49d29c1180b9c6d3510f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ee9ddd0e7d4e49d29c1180b9c6d3510f
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\_OTMOV~1\MOVEDF~1\PROGRA~1\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\_OTMOV~1\MOVEDF~1\PROGRA~1\GamesBar\oberontb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: khfEUoNh - C:\WINDOWS\SYSTEM32\khfEUoNh.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11385 bytes
|
|
|
|
|
Salut nicado
Désoler du retard, télécharge et installe MalwareByte's Anti-Malware http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
- Mets le à jour
- Redémarre en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutoriel pour MalwareByte's ici http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
@++
|
|
|
|
|
salut voila le rapport
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 895
22:40:15 27/06/2008
mbam-log-6-27-2008 (22-40-15).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 125460
Temps écoulé: 3 hour(s), 45 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 42
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 46
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\xxyYpqOF.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\khfEUoNh.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a0cc0ba-1fe7-431e-99be-aaf19cdffa63} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1a0cc0ba-1fe7-431e-99be-aaf19cdffa63} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{58aa2aab-e945-49e7-b7a2-672ac85367e7} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58aa2aab-e945-49e7-b7a2-672ac85367e7} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfeuonh (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartenhancer.pornpro_bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd2c0566-f918-c85e-99b1-0507d49f54a6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc4b9545-96f8-682f-a67e-0c2c3e81667d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f608c2d0-846d-4f0e-e47a-88367c887707} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartenhancer.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgaloregames (Adware.Agent) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smartenhancer (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdzgaloreGames (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpmsky (Adware.Agent) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Trojan.Agent) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpmsky (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{58aa2aab-e945-49e7-b7a2-672ac85367e7} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\POSTSETUPCHECK (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bc049ce4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMbf37af78 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyypqof -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyypqof -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer (Trojan.BHO) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\drakgvwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwvgkard.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvkfdrjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hjrdfkvm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtyhjvav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vavjhytq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyYpqOF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\FOqpYyxx.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\FOqpYyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEUoNh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\SmartEnhancer\SmartEnhancer-3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0J2LMN6P\CABM2L7N (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP109\A0011132.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP109\A0011153.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP109\A0011154.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP110\A0011284.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP110\A0011286.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP114\A0011480.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP114\A0011492.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP142\A0023788.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP143\A0023915.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP143\A0023919.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP145\A0024082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adzgalore-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\Lines.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\VideoPool.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{91c6ca60-cace-9641-920f-3eabcb68439d}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{e8f7016a-7d46-d4c5-4067-77cea4514571}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
|
|
|
|
|
Salut nicado
Poste moi un nouveau rapport HijackThis
@++
|
|
|
|
|
voila le rapport et encore merci de ton aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:03, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Screen Watcher\watcher.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0E1F6ADF-7C78-407F-99EF-AF288649396E} - (no file)
O2 - BHO: cpmsky browser optimizer - {131e7e60-9b22-0fd3-c873-54e78614397b} - C:\WINDOWS\system32\{e8f7016a-7d46-d4c5-4067-77cea4514571}.dll (file missing)
O2 - BHO: (no name) - {13D64510-A0E3-43BB-81D7-B4E5D207F8FC} - (no file)
O2 - BHO: (no name) - {1AE33729-557B-4688-AE17-35224329440E} - (no file)
O2 - BHO: {2743b5a2-3076-d829-98c4-2e8d65f07983} - {38970f56-d8e2-4c89-928d-67032a5b3472} - C:\WINDOWS\system32\pzkgjk.dll
O2 - BHO: (no name) - {3C374EF2-8F67-4E74-A4DB-1D661B95C342} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58AA2AAB-E945-49E7-B7A2-672AC85367E7} - C:\WINDOWS\system32\khfEUoNh.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {899BF31A-B98E-4F29-AAA0-5205B2F50024} - (no file)
O2 - BHO: (no name) - {8AB335AB-BF0E-4D05-B63E-956ED44A74C2} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nse16D.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BA6E1FF8-F6EC-485E-A3F5-8CC0C75F543F} - C:\WINDOWS\system32\hgGvtTkk.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch browser optimizer - {c51649b8-504c-aeec-d0dd-759f46954c38} - C:\WINDOWS\system32\{91c6ca60-cace-9641-920f-3eabcb68439d}.dll (file missing)
O2 - BHO: (no name) - {c75bc2ab-c77f-45bd-9e90-af130ea79fd4} - (no file)
O2 - BHO: (no name) - {F77CF70A-86AB-4F7B-8BBF-886FF1005642} - C:\WINDOWS\system32\xxyYpqOF.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [s-watch] C:\Program Files\Screen Watcher\watcher.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Compaq_Propriétaire\lsass.exe
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmsky.dll" DllStart
O4 - HKLM\..\Run: [bc049ce4] rundll32.exe "C:\WINDOWS\system32\otlwjfdo.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ee9ddd0e7d4e49d29c1180b9c6d3510f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ee9ddd0e7d4e49d29c1180b9c6d3510f
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: khfEUoNh - C:\WINDOWS\SYSTEM32\khfEUoNh.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11319 bytes
|
|
|
|
|
Salut nicado
Télécharge VundoFix.exe (par Atribune) sur ton bureau :
http://www.atribune.org/ccount/click.php?id=4
Double-clique sur VundoFix.exe afin de le lancer
--Clique sur le bouton Scan for Vundo
--Lorsque le scan est complété, clique sur le bouton Remove Vundo
--Une invite te demandera si tu veux supprimer les fichiers, clique YES
--Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
--Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
--Copie/colle le contenu du rapport situé dans C:\vundofix.txt.
Note : Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci haut, à partir de "clique sur le bouton Scan for Vundo"
------------
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Note : Ne t'inquiète pas si tu vois un message Écran bleu "Erreur fatale", c'est normal et attendu.
- Au final, tu as trois rapports à poster
@++
|
|
|
|
|
re salut vondofix me mé le message suivant done searching for files
si je mé ok il ne se passe plus rien
st ce que je doit cliquer sur fixvondo ??
d'avance merci
|
|
|
|
|
Salut nicado
Faire l'autre scan avec VirtumundoBegone
@++
|
|
|
|
|
salut g un nouveau message d'erreur avec vitumondobegone
WARNING: this programe may terminate running processes and automatically restart the computer if virtumundo is detected.
please save any files you have open before continuing.
do you wish to continue now?
je clique sur oui ou non ?
g l'impression que rien ne vas et g de plus en plus de fenetre antivir qui souvre !
|
|
|
|
|
Salut nicado
Tu clic sur OUI pour le début du scan
@++
|
|
|
|
|
voila le premier rapport
[06/28/2008, 23:08:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Bureau\VirtumundoBeGone.exe" )
[06/28/2008, 23:08:54] - Detected System Information:
[06/28/2008, 23:08:54] - Windows Version: 5.1.2600, Service Pack 2
[06/28/2008, 23:08:54] - Current Username: Compaq_Propriétaire (Admin)
[06/28/2008, 23:08:54] - Windows is in NORMAL mode.
[06/28/2008, 23:08:54] - Searching for Browser Helper Objects:
[06/28/2008, 23:08:54] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/28/2008, 23:08:54] - BHO 2: {0E1F6ADF-7C78-407F-99EF-AF288649396E} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 3: {131e7e60-9b22-0fd3-c873-54e78614397b} (cpmsky browser optimizer)
[06/28/2008, 23:08:54] - BHO 4: {13D64510-A0E3-43BB-81D7-B4E5D207F8FC} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 5: {1AE33729-557B-4688-AE17-35224329440E} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 6: {38970f56-d8e2-4c89-928d-67032a5b3472} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - Checking for HKLM\...\Winlogon\Notify\pzkgjk
[06/28/2008, 23:08:54] - Key not found: HKLM\...\Winlogon\Notify\pzkgjk, continuing.
[06/28/2008, 23:08:54] - BHO 7: {3C374EF2-8F67-4E74-A4DB-1D661B95C342} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 8: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/28/2008, 23:08:54] - BHO 9: {58AA2AAB-E945-49E7-B7A2-672AC85367E7} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - Checking for HKLM\...\Winlogon\Notify\khfEUoNh
[06/28/2008, 23:08:54] - Found: HKLM\...\Winlogon\Notify\khfEUoNh - This is probably Virtumundo.
[06/28/2008, 23:08:54] - Assigning {58AA2AAB-E945-49E7-B7A2-672AC85367E7} MSEvents Object
[06/28/2008, 23:08:54] - BHO list has been changed! Starting over...
[06/28/2008, 23:08:54] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/28/2008, 23:08:54] - BHO 2: {0E1F6ADF-7C78-407F-99EF-AF288649396E} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 3: {131e7e60-9b22-0fd3-c873-54e78614397b} (cpmsky browser optimizer)
[06/28/2008, 23:08:54] - BHO 4: {13D64510-A0E3-43BB-81D7-B4E5D207F8FC} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 5: {1AE33729-557B-4688-AE17-35224329440E} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 6: {38970f56-d8e2-4c89-928d-67032a5b3472} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - Checking for HKLM\...\Winlogon\Notify\pzkgjk
[06/28/2008, 23:08:54] - Key not found: HKLM\...\Winlogon\Notify\pzkgjk, continuing.
[06/28/2008, 23:08:54] - BHO 7: {3C374EF2-8F67-4E74-A4DB-1D661B95C342} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 8: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/28/2008, 23:08:54] - BHO 9: {58AA2AAB-E945-49E7-B7A2-672AC85367E7} (MSEvents Object)
[06/28/2008, 23:08:54] - ALERT: Found MSEvents Object!
[06/28/2008, 23:08:54] - BHO 10: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/28/2008, 23:08:54] - BHO 11: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2008, 23:08:54] - BHO 13: {899BF31A-B98E-4F29-AAA0-5205B2F50024} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 14: {8AB335AB-BF0E-4D05-B63E-956ED44A74C2} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - BHO 15: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/28/2008, 23:08:54] - BHO 16: {994B5FB4-0103-44A6-B6B3-C73572B362BC} (adzgalore)
[06/28/2008, 23:08:54] - BHO 17: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/28/2008, 23:08:54] - BHO 18: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2008, 23:08:54] - BHO 19: {B9210389-9285-45CA-A351-8A3B30A85CC1} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - Checking for HKLM\...\Winlogon\Notify\xxyYpqOF
[06/28/2008, 23:08:54] - Key not found: HKLM\...\Winlogon\Notify\xxyYpqOF, continuing.
[06/28/2008, 23:08:54] - BHO 20: {BA6E1FF8-F6EC-485E-A3F5-8CC0C75F543F} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - Checking for HKLM\...\Winlogon\Notify\hgGvtTkk
[06/28/2008, 23:08:54] - Key not found: HKLM\...\Winlogon\Notify\hgGvtTkk, continuing.
[06/28/2008, 23:08:54] - BHO 21: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/28/2008, 23:08:54] - BHO 22: {c51649b8-504c-aeec-d0dd-759f46954c38} (mysidesearch browser optimizer)
[06/28/2008, 23:08:54] - BHO 23: {c75bc2ab-c77f-45bd-9e90-af130ea79fd4} ()
[06/28/2008, 23:08:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:08:54] - No filename found. Continuing.
[06/28/2008, 23:08:54] - Finished Searching Browser Helper Objects
[06/28/2008, 23:08:54] - *** Detected MSEvents Object
[06/28/2008, 23:08:54] - Trying to remove MSEvents Object...
[06/28/2008, 23:08:55] - Terminating Process: IEXPLORE.EXE
[06/28/2008, 23:08:56] - Terminating Process: RUNDLL32.EXE
[06/28/2008, 23:08:56] - Disabling Automatic Shell Restart
[06/28/2008, 23:08:56] - Terminating Process: EXPLORER.EXE
[06/28/2008, 23:12:18] - Suspending the NT Session Manager System Service
[06/28/2008, 23:12:19] - Terminating Windows NT Logon/Logoff Manager
[06/28/2008, 23:15:00] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Bureau\VirtumundoBeGone.exe" )
[06/28/2008, 23:25:09] - User choose NOT to continue. Exiting...
[06/28/2008, 23:37:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Bureau\VirtumundoBeGone.exe" )
[06/28/2008, 23:37:07] - Detected System Information:
[06/28/2008, 23:37:07] - Windows Version: 5.1.2600, Service Pack 2
[06/28/2008, 23:37:07] - Current Username: Compaq_Propriétaire (Admin)
[06/28/2008, 23:37:07] - Windows is in NORMAL mode.
[06/28/2008, 23:37:07] - Searching for Browser Helper Objects:
[06/28/2008, 23:37:07] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/28/2008, 23:37:07] - BHO 2: {083BC9CF-824A-4DE2-BA61-C7AF9F450F45} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - Checking for HKLM\...\Winlogon\Notify\xxyYpqOF
[06/28/2008, 23:37:07] - Key not found: HKLM\...\Winlogon\Notify\xxyYpqOF, continuing.
[06/28/2008, 23:37:07] - BHO 3: {0E1F6ADF-7C78-407F-99EF-AF288649396E} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - No filename found. Continuing.
[06/28/2008, 23:37:07] - BHO 4: {131e7e60-9b22-0fd3-c873-54e78614397b} (cpmsky browser optimizer)
[06/28/2008, 23:37:07] - BHO 5: {13D64510-A0E3-43BB-81D7-B4E5D207F8FC} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - No filename found. Continuing.
[06/28/2008, 23:37:07] - BHO 6: {1AE33729-557B-4688-AE17-35224329440E} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - No filename found. Continuing.
[06/28/2008, 23:37:07] - BHO 7: {38970f56-d8e2-4c89-928d-67032a5b3472} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - Checking for HKLM\...\Winlogon\Notify\pzkgjk
[06/28/2008, 23:37:07] - Key not found: HKLM\...\Winlogon\Notify\pzkgjk, continuing.
[06/28/2008, 23:37:07] - BHO 8: {3C374EF2-8F67-4E74-A4DB-1D661B95C342} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - No filename found. Continuing.
[06/28/2008, 23:37:07] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/28/2008, 23:37:07] - BHO 10: {58AA2AAB-E945-49E7-B7A2-672AC85367E7} (MSEvents Object)
[06/28/2008, 23:37:07] - ALERT: Found MSEvents Object!
[06/28/2008, 23:37:07] - BHO 11: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/28/2008, 23:37:07] - BHO 12: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - No filename found. Continuing.
[06/28/2008, 23:37:07] - BHO 13: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2008, 23:37:07] - BHO 14: {899BF31A-B98E-4F29-AAA0-5205B2F50024} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - No filename found. Continuing.
[06/28/2008, 23:37:07] - BHO 15: {8AB335AB-BF0E-4D05-B63E-956ED44A74C2} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - No filename found. Continuing.
[06/28/2008, 23:37:07] - BHO 16: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/28/2008, 23:37:07] - BHO 17: {994B5FB4-0103-44A6-B6B3-C73572B362BC} (adzgalore)
[06/28/2008, 23:37:07] - BHO 18: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/28/2008, 23:37:07] - BHO 19: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2008, 23:37:07] - BHO 20: {BA6E1FF8-F6EC-485E-A3F5-8CC0C75F543F} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - Checking for HKLM\...\Winlogon\Notify\hgGvtTkk
[06/28/2008, 23:37:07] - Key not found: HKLM\...\Winlogon\Notify\hgGvtTkk, continuing.
[06/28/2008, 23:37:07] - BHO 21: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/28/2008, 23:37:07] - BHO 22: {c51649b8-504c-aeec-d0dd-759f46954c38} (mysidesearch browser optimizer)
[06/28/2008, 23:37:07] - BHO 23: {c75bc2ab-c77f-45bd-9e90-af130ea79fd4} ()
[06/28/2008, 23:37:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:07] - No filename found. Continuing.
[06/28/2008, 23:37:07] - Finished Searching Browser Helper Objects
[06/28/2008, 23:37:07] - *** Detected MSEvents Object
[06/28/2008, 23:37:07] - Trying to remove MSEvents Object...
[06/28/2008, 23:37:08] - Terminating Process: IEXPLORE.EXE
[06/28/2008, 23:37:09] - Terminating Process: RUNDLL32.EXE
[06/28/2008, 23:37:10] - Disabling Automatic Shell Restart
[06/28/2008, 23:37:10] - Terminating Process: EXPLORER.EXE
[06/28/2008, 23:37:10] - Suspending the NT Session Manager System Service
[06/28/2008, 23:37:10] - Terminating Windows NT Logon/Logoff Manager
[06/28/2008, 23:37:10] - Re-enabling Automatic Shell Restart
[06/28/2008, 23:37:10] - File to disable: C:\WINDOWS\system32\khfEUoNh.dll
[06/28/2008, 23:37:10] - Renaming C:\WINDOWS\system32\khfEUoNh.dll -> C:\WINDOWS\system32\khfEUoNh.dll.vir
[06/28/2008, 23:37:10] - File successfully renamed!
[06/28/2008, 23:37:10] - Removing HKLM\...\Browser Helper Objects\{58AA2AAB-E945-49E7-B7A2-672AC85367E7}
[06/28/2008, 23:37:10] - Removing HKCR\CLSID\{58AA2AAB-E945-49E7-B7A2-672AC85367E7}
[06/28/2008, 23:37:10] - Adding Kill Bit for ActiveX for GUID: {58AA2AAB-E945-49E7-B7A2-672AC85367E7}
[06/28/2008, 23:37:10] - Deleting ATLEvents/MSEvents Registry entries
[06/28/2008, 23:37:10] - Removing HKLM\...\Winlogon\Notify\khfEUoNh
[06/28/2008, 23:37:10] - Searching for Browser Helper Objects:
[06/28/2008, 23:37:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/28/2008, 23:37:10] - BHO 2: {083BC9CF-824A-4DE2-BA61-C7AF9F450F45} ()
[06/28/2008, 23:37:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:10] - Checking for HKLM\...\Winlogon\Notify\xxyYpqOF
[06/28/2008, 23:37:11] - Key not found: HKLM\...\Winlogon\Notify\xxyYpqOF, continuing.
[06/28/2008, 23:37:11] - BHO 3: {0E1F6ADF-7C78-407F-99EF-AF288649396E} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - No filename found. Continuing.
[06/28/2008, 23:37:11] - BHO 4: {131e7e60-9b22-0fd3-c873-54e78614397b} (cpmsky browser optimizer)
[06/28/2008, 23:37:11] - BHO 5: {13D64510-A0E3-43BB-81D7-B4E5D207F8FC} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - No filename found. Continuing.
[06/28/2008, 23:37:11] - BHO 6: {1AE33729-557B-4688-AE17-35224329440E} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - No filename found. Continuing.
[06/28/2008, 23:37:11] - BHO 7: {38970f56-d8e2-4c89-928d-67032a5b3472} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - Checking for HKLM\...\Winlogon\Notify\pzkgjk
[06/28/2008, 23:37:11] - Key not found: HKLM\...\Winlogon\Notify\pzkgjk, continuing.
[06/28/2008, 23:37:11] - BHO 8: {3C374EF2-8F67-4E74-A4DB-1D661B95C342} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - No filename found. Continuing.
[06/28/2008, 23:37:11] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/28/2008, 23:37:11] - BHO 10: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/28/2008, 23:37:11] - BHO 11: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - No filename found. Continuing.
[06/28/2008, 23:37:11] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2008, 23:37:11] - BHO 13: {899BF31A-B98E-4F29-AAA0-5205B2F50024} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - No filename found. Continuing.
[06/28/2008, 23:37:11] - BHO 14: {8AB335AB-BF0E-4D05-B63E-956ED44A74C2} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - No filename found. Continuing.
[06/28/2008, 23:37:11] - BHO 15: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/28/2008, 23:37:11] - BHO 16: {994B5FB4-0103-44A6-B6B3-C73572B362BC} (adzgalore)
[06/28/2008, 23:37:11] - BHO 17: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/28/2008, 23:37:11] - BHO 18: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2008, 23:37:11] - BHO 19: {BA6E1FF8-F6EC-485E-A3F5-8CC0C75F543F} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - Checking for HKLM\...\Winlogon\Notify\hgGvtTkk
[06/28/2008, 23:37:11] - Key not found: HKLM\...\Winlogon\Notify\hgGvtTkk, continuing.
[06/28/2008, 23:37:11] - BHO 20: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/28/2008, 23:37:11] - BHO 21: {c51649b8-504c-aeec-d0dd-759f46954c38} (mysidesearch browser optimizer)
[06/28/2008, 23:37:11] - BHO 22: {c75bc2ab-c77f-45bd-9e90-af130ea79fd4} ()
[06/28/2008, 23:37:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:37:11] - No filename found. Continuing.
[06/28/2008, 23:37:11] - Finished Searching Browser Helper Objects
[06/28/2008, 23:37:11] - Finishing up...
[06/28/2008, 23:37:11] - A restart is needed.
[06/28/2008, 23:37:19] - Attempting to Restart via STOP error (Blue Screen!)
[06/28/2008, 23:41:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Bureau\VirtumundoBeGone.exe" )
[06/28/2008, 23:41:19] - Detected System Information:
[06/28/2008, 23:41:19] - Windows Version: 5.1.2600, Service Pack 2
[06/28/2008, 23:41:19] - Current Username: Compaq_Propriétaire (Admin)
[06/28/2008, 23:41:19] - Windows is in NORMAL mode.
[06/28/2008, 23:41:19] - Searching for Browser Helper Objects:
[06/28/2008, 23:41:19] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/28/2008, 23:41:19] - BHO 2: {083BC9CF-824A-4DE2-BA61-C7AF9F450F45} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - No filename found. Continuing.
[06/28/2008, 23:41:19] - BHO 3: {0E1F6ADF-7C78-407F-99EF-AF288649396E} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - No filename found. Continuing.
[06/28/2008, 23:41:19] - BHO 4: {131e7e60-9b22-0fd3-c873-54e78614397b} (cpmsky browser optimizer)
[06/28/2008, 23:41:19] - BHO 5: {13D64510-A0E3-43BB-81D7-B4E5D207F8FC} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - No filename found. Continuing.
[06/28/2008, 23:41:19] - BHO 6: {1AE33729-557B-4688-AE17-35224329440E} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - No filename found. Continuing.
[06/28/2008, 23:41:19] - BHO 7: {38970f56-d8e2-4c89-928d-67032a5b3472} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - Checking for HKLM\...\Winlogon\Notify\pzkgjk
[06/28/2008, 23:41:19] - Key not found: HKLM\...\Winlogon\Notify\pzkgjk, continuing.
[06/28/2008, 23:41:19] - BHO 8: {3C374EF2-8F67-4E74-A4DB-1D661B95C342} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - No filename found. Continuing.
[06/28/2008, 23:41:19] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/28/2008, 23:41:19] - BHO 10: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/28/2008, 23:41:19] - BHO 11: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - No filename found. Continuing.
[06/28/2008, 23:41:19] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/28/2008, 23:41:19] - BHO 13: {899BF31A-B98E-4F29-AAA0-5205B2F50024} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - No filename found. Continuing.
[06/28/2008, 23:41:19] - BHO 14: {8AB335AB-BF0E-4D05-B63E-956ED44A74C2} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - No filename found. Continuing.
[06/28/2008, 23:41:19] - BHO 15: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/28/2008, 23:41:19] - BHO 16: {91DA91DF-63EA-4EF2-A528-1D336900A332} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:19] - Checking for HKLM\...\Winlogon\Notify\xxyYpqOF
[06/28/2008, 23:41:19] - Key not found: HKLM\...\Winlogon\Notify\xxyYpqOF, continuing.
[06/28/2008, 23:41:19] - BHO 17: {994B5FB4-0103-44A6-B6B3-C73572B362BC} (adzgalore)
[06/28/2008, 23:41:19] - BHO 18: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/28/2008, 23:41:19] - BHO 19: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/28/2008, 23:41:19] - BHO 20: {BA6E1FF8-F6EC-485E-A3F5-8CC0C75F543F} ()
[06/28/2008, 23:41:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:20] - Checking for HKLM\...\Winlogon\Notify\hgGvtTkk
[06/28/2008, 23:41:20] - Key not found: HKLM\...\Winlogon\Notify\hgGvtTkk, continuing.
[06/28/2008, 23:41:20] - BHO 21: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/28/2008, 23:41:20] - BHO 22: {c51649b8-504c-aeec-d0dd-759f46954c38} (mysidesearch browser optimizer)
[06/28/2008, 23:41:20] - BHO 23: {c75bc2ab-c77f-45bd-9e90-af130ea79fd4} ()
[06/28/2008, 23:41:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/28/2008, 23:41:20] - No filename found. Continuing.
[06/28/2008, 23:41:20] - Finished Searching Browser Helper Objects
[06/28/2008, 23:41:20] - Finishing up...
[06/28/2008, 23:41:20] - Nothing found! Exiting...
et le 2eme
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:16, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Screen Watcher\watcher.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Opera\Opera.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {083BC9CF-824A-4DE2-BA61-C7AF9F450F45} - (no file)
O2 - BHO: (no name) - {0E1F6ADF-7C78-407F-99EF-AF288649396E} - (no file)
O2 - BHO: cpmsky browser optimizer - {131e7e60-9b22-0fd3-c873-54e78614397b} - C:\WINDOWS\system32\{e8f7016a-7d46-d4c5-4067-77cea4514571}.dll (file missing)
O2 - BHO: (no name) - {13D64510-A0E3-43BB-81D7-B4E5D207F8FC} - (no file)
O2 - BHO: (no name) - {1AE33729-557B-4688-AE17-35224329440E} - (no file)
O2 - BHO: {2743b5a2-3076-d829-98c4-2e8d65f07983} - {38970f56-d8e2-4c89-928d-67032a5b3472} - C:\WINDOWS\system32\pzkgjk.dll
O2 - BHO: (no name) - {3C374EF2-8F67-4E74-A4DB-1D661B95C342} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {899BF31A-B98E-4F29-AAA0-5205B2F50024} - (no file)
O2 - BHO: (no name) - {8AB335AB-BF0E-4D05-B63E-956ED44A74C2} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91DA91DF-63EA-4EF2-A528-1D336900A332} - C:\WINDOWS\system32\xxyYpqOF.dll
O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nse16D.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BA6E1FF8-F6EC-485E-A3F5-8CC0C75F543F} - C:\WINDOWS\system32\hgGvtTkk.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch browser optimizer - {c51649b8-504c-aeec-d0dd-759f46954c38} - C:\WINDOWS\system32\{91c6ca60-cace-9641-920f-3eabcb68439d}.dll (file missing)
O2 - BHO: (no name) - {c75bc2ab-c77f-45bd-9e90-af130ea79fd4} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [s-watch] C:\Program Files\Screen Watcher\watcher.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Compaq_Propriétaire\lsass.exe
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmsky.dll" DllStart
O4 - HKLM\..\Run: [bc049ce4] rundll32.exe "C:\WINDOWS\system32\bljckpoc.dll",b
O4 - HKLM\..\Run: [BMbf37af78] Rundll32.exe "C:\WINDOWS\system32\ocwvyrrk.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Compaq_Propriétaire\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ee9ddd0e7d4e49d29c1180b9c6d3510f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ee9ddd0e7d4e49d29c1180b9c6d3510f
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11218 bytes
|
|
|
|
|
Salut nicado
Important Désactive TeaTimer le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO
- Démarre Spybot clique sur Mode coche Mode avancé
- A gauche clique sur Outils ==> Résident
- Décoche la case devant Résident "TeaTimer"
- Quitte Spybot
-----
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe tape 1 valide par Entrée pour lancer le scan
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif
N'en tiens pas compte continue la procédure
@++
-->Message édité par dédétraqué le 29/06/2008 00:04:09<--
|
|
|
| |
