Infecté par Trojan.Vundo.DMAFermé

Question

J'ai fait un scan de mon PC avec BitDefender Plus 10 et j'ai nettoyé plusieurs fichiers infectés par Trojan.Vundo.DMA toutefois un fichier reste récalcitrant car impossible de le supprimer "C:\Windows\System32\gebxxvt.dll", j'ai fait un scan avec Hijack, Vundofix (sans succès) et Combofix que vous trouverez ci-dessous. J'ai essayé Force Brute pour supprimer le fichier sans succès (peut être que le script n'était pas bon, voir ci-joint).

Je vous remercie d'avance pour toute aide que vous puissiez m'apporter.

*************************************************************************************

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:31:15, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\gebxxvt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox	systray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{799FC927-A7D7-4900-819D-354391F9D235}: NameServer = 81.52.165.34 81.52.165.35
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gebxxvt - C:\WINDOWS\SYSTEM32\gebxxvt.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\Imapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

rudyrital · Answer

essais ceci 
Télécharge VirtumundoBegone sur le bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions. 
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis. 
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

clownez · Answer

Voila les résultats de VirtumundoBeGone et HiJackThis.


[06/18/2007, 15:49:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Salim\Bureau\VirtumundoBeGone.exe" )
[06/18/2007, 15:49:41] - Detected System Information:
[06/18/2007, 15:49:41] -  Windows Version: 5.1.2600, Service Pack 2
[06/18/2007, 15:49:41] -  Current Username: Salim (Admin)
[06/18/2007, 15:49:41] -  Windows is in NORMAL mode.
[06/18/2007, 15:49:41] - Searching for Browser Helper Objects:
[06/18/2007, 15:49:41] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/18/2007, 15:49:41] -  BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[06/18/2007, 15:49:41] -  BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/18/2007, 15:49:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:49:41] -  Checking for HKLM\...\Winlogon\Notify\apynjtec
[06/18/2007, 15:49:41] -  Key not found: HKLM\...\Winlogon\Notify\apynjtec, continuing.
[06/18/2007, 15:49:41] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/18/2007, 15:49:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:49:41] -  No filename found. Continuing.
[06/18/2007, 15:49:41] -  BHO 5: {8A61098D-612B-4EF2-943D-64E920684061} ()
[06/18/2007, 15:49:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:49:41] -  Checking for HKLM\...\Winlogon\Notify\gebxxvt
[06/18/2007, 15:49:41] -  Found: HKLM\...\Winlogon\Notify\gebxxvt - This is probably Virtumundo.
[06/18/2007, 15:49:41] -  Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object
[06/18/2007, 15:49:41] - BHO list has been changed! Starting over...
[06/18/2007, 15:49:42] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/18/2007, 15:49:42] -  BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[06/18/2007, 15:49:42] -  BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/18/2007, 15:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:49:42] -  Checking for HKLM\...\Winlogon\Notify\apynjtec
[06/18/2007, 15:49:42] -  Key not found: HKLM\...\Winlogon\Notify\apynjtec, continuing.
[06/18/2007, 15:49:42] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/18/2007, 15:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:49:42] -  No filename found. Continuing.
[06/18/2007, 15:49:42] -  BHO 5: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/18/2007, 15:49:42] - ALERT: Found MSEvents Object!
[06/18/2007, 15:49:42] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/18/2007, 15:49:42] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/18/2007, 15:49:42] -  BHO 8: {F02932E8-43D1-4966-A4DC-4E8B6F252732} ()
[06/18/2007, 15:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:49:42] -  Checking for HKLM\...\Winlogon\Notify\awtsr
[06/18/2007, 15:49:42] -  Found: HKLM\...\Winlogon\Notify\awtsr - This is probably Virtumundo.
[06/18/2007, 15:49:42] -  Assigning {F02932E8-43D1-4966-A4DC-4E8B6F252732} MSEvents Object
[06/18/2007, 15:49:42] - BHO list has been changed! Starting over...
[06/18/2007, 15:49:42] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/18/2007, 15:49:42] -  BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[06/18/2007, 15:49:42] -  BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/18/2007, 15:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:49:42] -  Checking for HKLM\...\Winlogon\Notify\apynjtec
[06/18/2007, 15:49:42] -  Key not found: HKLM\...\Winlogon\Notify\apynjtec, continuing.
[06/18/2007, 15:49:42] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/18/2007, 15:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:49:42] -  No filename found. Continuing.
[06/18/2007, 15:49:42] -  BHO 5: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/18/2007, 15:49:42] - ALERT: Found MSEvents Object!
[06/18/2007, 15:49:42] -  BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/18/2007, 15:49:42] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/18/2007, 15:49:42] -  BHO 8: {F02932E8-43D1-4966-A4DC-4E8B6F252732} (MSEvents Object)
[06/18/2007, 15:49:42] - ALERT: Found MSEvents Object!
[06/18/2007, 15:49:42] - Finished Searching Browser Helper Objects
[06/18/2007, 15:49:42] - *** Detected MSEvents Object
[06/18/2007, 15:49:42] - Trying to remove MSEvents Object...
[06/18/2007, 15:49:43] -    Terminating Process: IEXPLORE.EXE
[06/18/2007, 15:49:44] -    Terminating Process: RUNDLL32.EXE
[06/18/2007, 15:49:45] -    Disabling Automatic Shell Restart
[06/18/2007, 15:49:45] -    Terminating Process: EXPLORER.EXE
[06/18/2007, 15:49:46] -    Suspending the NT Session Manager System Service
[06/18/2007, 15:49:47] -    Terminating Windows NT Logon/Logoff Manager
[06/18/2007, 15:55:16] -    Re-enabling Automatic Shell Restart
[06/18/2007, 15:55:16] -   File to disable: C:\WINDOWS\system32\gebxxvt.dll
[06/18/2007, 15:55:16] -  Renaming C:\WINDOWS\system32\gebxxvt.dll -> C:\WINDOWS\system32\gebxxvt.dll.vir
[06/18/2007, 15:55:16] - ! File rename was unsucessful.
[06/18/2007, 15:55:16] -  Attempting to Deny Access to C:\WINDOWS\system32\gebxxvt.dll
[06/18/2007, 15:55:17] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[06/18/2007, 15:55:17] -  ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[06/18/2007, 15:55:17] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[06/18/2007, 15:55:17] -   Removing HKLM\...\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
[06/18/2007, 15:55:17] -   Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
[06/18/2007, 15:55:17] -   Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061}
[06/18/2007, 15:55:17] -   Deleting ATLEvents/MSEvents Registry entries
[06/18/2007, 15:55:17] -   Removing HKLM\...\Winlogon\Notify\gebxxvt
[06/18/2007, 15:55:17] - Searching for Browser Helper Objects:
[06/18/2007, 15:55:17] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/18/2007, 15:55:17] -  BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[06/18/2007, 15:55:17] -  BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/18/2007, 15:55:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:55:17] -  Checking for HKLM\...\Winlogon\Notify\apynjtec
[06/18/2007, 15:55:17] -  Key not found: HKLM\...\Winlogon\Notify\apynjtec, continuing.
[06/18/2007, 15:55:17] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/18/2007, 15:55:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:55:17] -  No filename found. Continuing.
[06/18/2007, 15:55:17] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/18/2007, 15:55:17] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/18/2007, 15:55:17] -  BHO 7: {F02932E8-43D1-4966-A4DC-4E8B6F252732} (MSEvents Object)
[06/18/2007, 15:55:17] - ALERT: Found MSEvents Object!
[06/18/2007, 15:55:17] - Finished Searching Browser Helper Objects
[06/18/2007, 15:55:17] - *** Detected MSEvents Object
[06/18/2007, 15:55:17] - Trying to remove MSEvents Object...
[06/18/2007, 15:55:18] -    Terminating Process: IEXPLORE.EXE
[06/18/2007, 15:55:18] -    Terminating Process: RUNDLL32.EXE
[06/18/2007, 15:55:18] -    Disabling Automatic Shell Restart
[06/18/2007, 15:55:18] -    Terminating Process: EXPLORER.EXE
[06/18/2007, 15:55:18] -    Suspending the NT Session Manager System Service
[06/18/2007, 15:55:18] -    Terminating Windows NT Logon/Logoff Manager
[06/18/2007, 15:55:18] -    Re-enabling Automatic Shell Restart
[06/18/2007, 15:55:18] -   File to disable: C:\WINDOWS\system32\awtsr.dll
[06/18/2007, 15:55:18] -  Renaming C:\WINDOWS\system32\awtsr.dll -> C:\WINDOWS\system32\awtsr.dll.vir
[06/18/2007, 15:55:19] - ! File rename was unsucessful.
[06/18/2007, 15:55:19] -  Attempting to Deny Access to C:\WINDOWS\system32\awtsr.dll
[06/18/2007, 15:55:20] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[06/18/2007, 15:55:20] -  ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[06/18/2007, 15:55:20] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[06/18/2007, 15:55:20] -   Removing HKLM\...\Browser Helper Objects\{F02932E8-43D1-4966-A4DC-4E8B6F252732}
[06/18/2007, 15:55:20] -   Removing HKCR\CLSID\{F02932E8-43D1-4966-A4DC-4E8B6F252732}
[06/18/2007, 15:55:20] -   Adding Kill Bit for ActiveX for GUID: {F02932E8-43D1-4966-A4DC-4E8B6F252732}
[06/18/2007, 15:55:20] -   Deleting ATLEvents/MSEvents Registry entries
[06/18/2007, 15:55:20] -   Removing HKLM\...\Winlogon\Notify\awtsr
[06/18/2007, 15:55:20] - Searching for Browser Helper Objects:
[06/18/2007, 15:55:20] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/18/2007, 15:55:20] -  BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[06/18/2007, 15:55:20] -  BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/18/2007, 15:55:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:55:20] -  Checking for HKLM\...\Winlogon\Notify\apynjtec
[06/18/2007, 15:55:20] -  Key not found: HKLM\...\Winlogon\Notify\apynjtec, continuing.
[06/18/2007, 15:55:20] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/18/2007, 15:55:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 15:55:20] -  No filename found. Continuing.
[06/18/2007, 15:55:20] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/18/2007, 15:55:20] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/18/2007, 15:55:20] - Finished Searching Browser Helper Objects
[06/18/2007, 15:55:20] - Finishing up...
[06/18/2007, 15:55:20] - A restart is needed.
[06/18/2007, 16:00:15] - Attempting to Restart via STOP error (Blue Screen!)





Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:11:28, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\apynjtec.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox	systray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\wwfvvglw.dll",realset
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{799FC927-A7D7-4900-819D-354391F9D235}: NameServer = 81.52.165.34 81.52.165.35
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\Imapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

rudyrital · Answer

le pc a redemmaré ?

clownez · Answer

Le PC a redémarré et j'ai fait entre un scan du PC. BitDefender 10 a trouvé le fichier infecté et l'a supprimé. ......Le scan est toujours en cours.

rudyrital · Answer

je me suis renseigné car il y as deux fichier recalcitrant ::

Double-clique VundoFix.exe afin de le lancer. 

Fais un clic droit dans la fenêtre blanche et clique "Add more files?" 

Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut): 


C:\WINDOWS\system32\gebxxvt.dll 

Copie/colle le chemin du fichier suivant dans la seconde case (au centre): 


C:\WINDOWS\system32\awtsr.dll 
  
Clique sur le bouton "Add File(s)" 

Clique sur le bouton "Close Window". 

Clique à nouveau sur "Remove Vundo" 

Une invite te demandera si tu veux supprimer les fichiers, clique YES 

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

clownez · Answer

J'ai fait le scan avec VundoFix et voici le log. Le PC a redémarré à la fin du scan


VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 16:57:57 18/06/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Performing Repairs to the registry.
Done!

rudyrital · Answer

relance un scan avec vertimundobegone pour verifier

clownez · Answer

[06/18/2007, 17:31:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Salim\Bureau\VirtumundoBeGone.exe" )
[06/18/2007, 17:31:35] - Detected System Information:
[06/18/2007, 17:31:35] -  Windows Version: 5.1.2600, Service Pack 2
[06/18/2007, 17:31:35] -  Current Username: Salim (Admin)
[06/18/2007, 17:31:35] -  Windows is in NORMAL mode.
[06/18/2007, 17:31:35] - Searching for Browser Helper Objects:
[06/18/2007, 17:31:35] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/18/2007, 17:31:35] -  BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[06/18/2007, 17:31:35] -  BHO 3: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/18/2007, 17:31:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 17:31:36] -  Checking for HKLM\...\Winlogon\Notify\apynjtec
[06/18/2007, 17:31:36] -  Key not found: HKLM\...\Winlogon\Notify\apynjtec, continuing.
[06/18/2007, 17:31:36] -  BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/18/2007, 17:31:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/18/2007, 17:31:36] -  No filename found. Continuing.
[06/18/2007, 17:31:36] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/18/2007, 17:31:36] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/18/2007, 17:31:36] - Finished Searching Browser Helper Objects
[06/18/2007, 17:31:36] - Finishing up...
[06/18/2007, 17:31:36] - Nothing found! Exiting...

rudyrital · Answer

encore deux fichier:

Double-clique VundoFix.exe afin de le lancer. 

Fais un clic droit dans la fenêtre blanche et clique "Add more files?" 

Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut): 


C:\WINDOWS\system32\apynjtec.dll  

Copie/colle le chemin du fichier suivant dans la seconde case (au centre): 

C:\WINDOWS\system32\wwfvvglw.dll


Clique sur le bouton "Add File(s)" 

Clique sur le bouton "Close Window". 

Clique à nouveau sur "Remove Vundo" 

Une invite te demandera si tu veux supprimer les fichiers, clique YES 

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK 

remet un nouveau log hijackthis en plus

Joss · Answer

bitdefender 10 n'est pas super.
Prend le 9 il est mieux
Sinon pour ton probleme dsl je ne peux pas t'aider :s

clownez · Answer

J'ai exécuter le scan avec Vundofix seulement depuis au démarrage j'ai un message d'erreur runtime du fichier c:\windows\system32\wwfvvglw.dll mais le plus grave c que je n'arrive plus à accéder à internet avec ma ligne ADSL (le modem se connecte la session s'ouvre mais pas possible d'ouvrir une page web). J'ai été obligé de tirer mon vieux modem RTC et me connecter à internet avec. Je crois que l'on a touché au système lors du dernier scan.

Sinon voici le log

Beginning removal...

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\apynjtec.dll 
C:\WINDOWS\system32\apynjtec.dll  Has been deleted!

 Attempting to delete C:\WINDOWS\system32\wwfvvglw.dll 
C:\WINDOWS\system32\wwfvvglw.dll  Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:27:43, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\apynjtec.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox	systray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\wwfvvglw.dll",realset
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{799FC927-A7D7-4900-819D-354391F9D235}: NameServer = 10.10.1.202 192.168.20.5
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\Imapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

rudyrital · Answer

je me renseigne ;)

clownez · Answer

J'ai récupéré les fichier en backup de VundoFix, je les ai renommés, scannés et copiés dans leur emplacement d'origine. J'ai redémarré, plus de message d'erreur et ma ligne ADSL fonctionne correctement.

rudyrital · Answer

super bien joué, j'avais pas encore de reponse!!!!

* télécharge AVG Anti-Spyware 

avg antispyware
http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html


Tuto : http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

* tu l'installes 

Démarrer AVG antispyware. Cliquer sur "mise à jour", cliquer sur le bouton "Commencer la mise à jour" et attendre la fin de cette mise à jour puis, fermer le programme. 

si tu n'arrives pas à le mettre à jour prends ici les Mise à jour:

http://downloads.ewido.net/avgas-signatures-full-current.exe 



Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 

 relance AVG AS et cliquer sur l'onglet "scanner" puis sur "Analyse complète du système". 
Une fois le scan terminé, il t'affiche un rapport. Cliquer sur "configurer..." en bas a gauche et choisir "supprimer". Ensuite cliquer sur "Appliquer toutes les actions ", ca va supprimer toutes les infections détectées. 
Ensuite cliquer sur "Enregistrer le rapport d'analyse" -> "enregistrer sous" et enregistrer le rapport où bon te semble, afin de me l'envoyer dans ta prochaine réponse. 


Copie Et colle le rapport ici

clownez · Answer

La situation ne semble pas aussi bonne que je ne le pensais. J'ai eu un arrêt total de Windows, ca s'est manifesté par un message avec compte à rebours m'avertissant de sauvegarder mes fichiers car Windows allait arrêter le système. Au bout d'une minute, l'écran est devenu noir et Windows a redémaré ... puis j'ai eu un message disant en substance:  Pour protégér votre ordi, Windows a arrêté ce programme Applications Sevices et Contrôleur (services.exe)

J'ai l'impression que ca se dégrade de plus en plus :(

rudyrital · Answer

essais le scan si tu peux

Infecté par Trojan.Vundo.DMA

16 réponses

Discussions similaires

Newsletters