Attaque de virus
Yass
-
Yass -
Yass -
bonjour à tous,
j'ai depuis quelques semaines des problèmes avec mon ordinateur :
attaques fréquentes de virus (au moins 3 à 4 fois par jour).
des fenètres internet (pub sur la sécurité) qui souvrent très fréquement
et une lenteur constante dans tous ce que je fais !!
je crains que ca soit un trojan ou un truc du genre mais pas moyen de le trouver !
pouvez-vous m'aider avec mon fichier log hijack,
merci d'avance !
log :
Logfile of HijackThis v1.99.1
Scan saved at 14:12:32, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\winctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Microsoft] soundvol32.exe
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Microsoft Driver Database] winctrl.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\orgoxglu.dll",realset
O4 - HKLM\..\RunServices: [Microsoft] soundvol32.exe
O4 - HKLM\..\RunServices: [Microsoft Driver Database] winctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
j'ai depuis quelques semaines des problèmes avec mon ordinateur :
attaques fréquentes de virus (au moins 3 à 4 fois par jour).
des fenètres internet (pub sur la sécurité) qui souvrent très fréquement
et une lenteur constante dans tous ce que je fais !!
je crains que ca soit un trojan ou un truc du genre mais pas moyen de le trouver !
pouvez-vous m'aider avec mon fichier log hijack,
merci d'avance !
log :
Logfile of HijackThis v1.99.1
Scan saved at 14:12:32, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\winctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Microsoft] soundvol32.exe
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Microsoft Driver Database] winctrl.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\orgoxglu.dll",realset
O4 - HKLM\..\RunServices: [Microsoft] soundvol32.exe
O4 - HKLM\..\RunServices: [Microsoft Driver Database] winctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:
- Attaque de virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
17 réponses
Utile ? Votez !
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8, jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît
= Redémarre en mode normal et colle le contenu du rapport de navilog (qui est en option 2)
------------------------------
CWSHREDDER faire fix et non scan only
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
--------------------------
et BHO DEMON
https://www.01net.com/
dans la fenetre qui s'affiche, il y a indiqueé tous les barres d'outils et autres logiciles gréfés sur ton ordi. les lignes vertes sont jugées saines, les rouges et jaunes sont estimées comme dangereuses: dans ce cas il faut les desactiver en decochant la case situé a gauche de chaque ligne.
si la ligne n'est pas colorée et comporte la mention unknown, double clique dessus , des explication apparaitrons, si il y a un doute desactiv ces ligne aussi.
--------------------------------------
CCLEANER: (lance un netoyage et repare les clés) sans installer la barre yahoo
https://www.01net.com/
---------------------
smit fraud fix
http://telechargement.zebulon.fr/smitfraudfix.html
1/ double clique sur smitfraudfix.cmd. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)
2/ puis refaire comme en 2/ mais selectionne l'option 2 et appuyer sur entrée pour commencer la desinfection. lorsque le programme demande si tu veut nettoyer le registre metsoui en tapant 0 et entrée
------------------------------
ensuite:
scan avec des antiespions(en mode sans echec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
AD AWARE
https://www.01net.com/
------------------------
si tout c'est bien passer redemarre en mode normal et desactive la restauration syteme pour purger les virus qui seraient dedans puis reactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)
------------------------
scan en ligne sur bitdefender et colle le rapport:
https://www.bitdefender.com/toolbox/
ou Panda en ligne :
http://pandasoftware.fr
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8, jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît
= Redémarre en mode normal et colle le contenu du rapport de navilog (qui est en option 2)
------------------------------
CWSHREDDER faire fix et non scan only
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
--------------------------
et BHO DEMON
https://www.01net.com/
dans la fenetre qui s'affiche, il y a indiqueé tous les barres d'outils et autres logiciles gréfés sur ton ordi. les lignes vertes sont jugées saines, les rouges et jaunes sont estimées comme dangereuses: dans ce cas il faut les desactiver en decochant la case situé a gauche de chaque ligne.
si la ligne n'est pas colorée et comporte la mention unknown, double clique dessus , des explication apparaitrons, si il y a un doute desactiv ces ligne aussi.
--------------------------------------
CCLEANER: (lance un netoyage et repare les clés) sans installer la barre yahoo
https://www.01net.com/
---------------------
smit fraud fix
http://telechargement.zebulon.fr/smitfraudfix.html
1/ double clique sur smitfraudfix.cmd. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)
2/ puis refaire comme en 2/ mais selectionne l'option 2 et appuyer sur entrée pour commencer la desinfection. lorsque le programme demande si tu veut nettoyer le registre metsoui en tapant 0 et entrée
------------------------------
ensuite:
scan avec des antiespions(en mode sans echec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
AD AWARE
https://www.01net.com/
------------------------
si tout c'est bien passer redemarre en mode normal et desactive la restauration syteme pour purger les virus qui seraient dedans puis reactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)
------------------------
scan en ligne sur bitdefender et colle le rapport:
https://www.bitdefender.com/toolbox/
ou Panda en ligne :
http://pandasoftware.fr
merci jlpjlp pour ton aide, petite question : dois je tous faire ou ce sont des options possible?
voilà le 1er rapport de navilog :
Search Navipromo version 2.0.3 commencé le dim. 17/06/2007 à 1:36:56,18
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 06/17/07 at 01:37:01.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/17/07 at 01:39:08 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\vycdd.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\vycdd.bak2 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
*** Analyse Terminé le dim. 17/06/2007 à 1:39:35,15 ***
voilà le 1er rapport de navilog :
Search Navipromo version 2.0.3 commencé le dim. 17/06/2007 à 1:36:56,18
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 06/17/07 at 01:37:01.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/17/07 at 01:39:08 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\vycdd.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\vycdd.bak2 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
*** Analyse Terminé le dim. 17/06/2007 à 1:39:35,15 ***
le mieux est de tout faire!!!
deja on voit que tu est infecté par vundo
donc en plus fait çà AVANT le scan en ligne:
scan avec vundo
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
puis Symantec Vundo Remove Tool
https://www.broadcom.com/support/security-center
si tout c'est bien passé redemarre en mode normal et desactive la restauration syteme pour purger les virus qui seraient dedans puis reactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)
deja on voit que tu est infecté par vundo
donc en plus fait çà AVANT le scan en ligne:
scan avec vundo
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
puis Symantec Vundo Remove Tool
https://www.broadcom.com/support/security-center
si tout c'est bien passé redemarre en mode normal et desactive la restauration syteme pour purger les virus qui seraient dedans puis reactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le 2ème rapport de Navilog, je vois qu'il y a peut être encore une infection par vundo!
je viens de l'enlever, bizarre non?
dois-je recommencer la procédure pour vundo?
Clean Navipromo version 2.0.3 commencé le dim. 17/06/2007 à 13:50:38,20
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\Administrateur\Application Data ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\Local Settings\Temp effectué !
*** Sauvegarde du registre vers dossier Backupnavi***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Nettoyage registre Ok
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\hhkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
3)Contrôle présence clés Rootkit dans le registre :
Aucune autre clés présente dans le registre !
*** Nettoyage termine le dim. 17/06/2007 à 13:57:00,95 ***
je viens de l'enlever, bizarre non?
dois-je recommencer la procédure pour vundo?
Clean Navipromo version 2.0.3 commencé le dim. 17/06/2007 à 13:50:38,20
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\Administrateur\Application Data ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\Local Settings\Temp effectué !
*** Sauvegarde du registre vers dossier Backupnavi***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Nettoyage registre Ok
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\hhkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
3)Contrôle présence clés Rootkit dans le registre :
Aucune autre clés présente dans le registre !
*** Nettoyage termine le dim. 17/06/2007 à 13:57:00,95 ***
desactive la restauration systeme puis redemmarre en mode sans echec ( en demarrant avec F8) refait les manip pour vundo
vundo fix
puis
virtumunodobegone
puis
vundo symantec remove tool
a la fin des manip redemarre et reactive la restauration systeme
------------------
puis fait les autres manip et colle le rapport en ligne
---------------
si ca persiste regarde là
http://www.malekal.com/Trojan.vundo.php
vundo fix
puis
virtumunodobegone
puis
vundo symantec remove tool
a la fin des manip redemarre et reactive la restauration systeme
------------------
puis fait les autres manip et colle le rapport en ligne
---------------
si ca persiste regarde là
http://www.malekal.com/Trojan.vundo.php
voilà, j'ai refait la procédure comme indiqué puis j'ai terminé la liste,
voici le rapport :
[06/17/2007, 15:10:38] - VirtumundoBeGone v1.5 ( "C:\Documents and
Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[06/17/2007, 15:10:41] - Detected System Information:
[06/17/2007, 15:10:41] - Windows Version: 5.1.2600, Service Pack 2
[06/17/2007, 15:10:41] - Current Username: Administrateur (Admin)
[06/17/2007, 15:10:41] - Windows is in SAFE mode with Networking.
[06/17/2007, 15:10:41] - Searching for Browser Helper Objects:
[06/17/2007, 15:10:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:41] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:41] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:41] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:41] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 8: {C2ADFFCB-C620-4374-90D9-8EE7704F714A} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\pmkhh
[06/17/2007, 15:10:41] - Found: HKLM\...\Winlogon\Notify\pmkhh - This is probably Virtumundo.
[06/17/2007, 15:10:41] - Assigning {C2ADFFCB-C620-4374-90D9-8EE7704F714A} MSEvents Object
[06/17/2007, 15:10:41] - BHO list has been changed! Starting over...
[06/17/2007, 15:10:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:41] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:41] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:41] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:41] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 8: {C2ADFFCB-C620-4374-90D9-8EE7704F714A} (MSEvents Object)
[06/17/2007, 15:10:41] - ALERT: Found MSEvents Object!
[06/17/2007, 15:10:41] - BHO 9: {F4002052-AB29-4B33-8C8D-0E99084564EC} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\hggfcab
[06/17/2007, 15:10:41] - Found: HKLM\...\Winlogon\Notify\hggfcab - This is probably Virtumundo.
[06/17/2007, 15:10:41] - Assigning {F4002052-AB29-4B33-8C8D-0E99084564EC} MSEvents Object
[06/17/2007, 15:10:41] - BHO list has been changed! Starting over...
[06/17/2007, 15:10:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:41] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:41] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:41] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:41] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 8: {C2ADFFCB-C620-4374-90D9-8EE7704F714A} (MSEvents Object)
[06/17/2007, 15:10:41] - ALERT: Found MSEvents Object!
[06/17/2007, 15:10:41] - BHO 9: {F4002052-AB29-4B33-8C8D-0E99084564EC} (MSEvents Object)
[06/17/2007, 15:10:41] - ALERT: Found MSEvents Object!
[06/17/2007, 15:10:41] - Finished Searching Browser Helper Objects
[06/17/2007, 15:10:41] - *** Detected MSEvents Object
[06/17/2007, 15:10:41] - Trying to remove MSEvents Object...
[06/17/2007, 15:10:42] - Terminating Process: IEXPLORE.EXE
[06/17/2007, 15:10:42] - Terminating Process: RUNDLL32.EXE
[06/17/2007, 15:10:42] - Disabling Automatic Shell Restart
[06/17/2007, 15:10:42] - Terminating Process: EXPLORER.EXE
[06/17/2007, 15:10:42] - Suspending the NT Session Manager System Service
[06/17/2007, 15:10:42] - Terminating Windows NT Logon/Logoff Manager
[06/17/2007, 15:10:43] - Re-enabling Automatic Shell Restart
[06/17/2007, 15:10:43] - File to disable: C:\WINDOWS\system32\pmkhh.dll
[06/17/2007, 15:10:43] - Renaming C:\WINDOWS\system32\pmkhh.dll -> C:\WINDOWS\system32\pmkhh.dll.vir
[06/17/2007, 15:10:43] - File successfully renamed!
[06/17/2007, 15:10:43] - Removing HKLM\...\Browser Helper Objects\{C2ADFFCB-C620-4374-90D9-8EE7704F714A}
[06/17/2007, 15:10:43] - Removing HKCR\CLSID\{C2ADFFCB-C620-4374-90D9-8EE7704F714A}
[06/17/2007, 15:10:43] - Adding Kill Bit for ActiveX for GUID: {C2ADFFCB-C620-4374-90D9-8EE7704F714A}
[06/17/2007, 15:10:43] - Deleting ATLEvents/MSEvents Registry entries
[06/17/2007, 15:10:43] - Removing HKLM\...\Winlogon\Notify\pmkhh
[06/17/2007, 15:10:43] - Searching for Browser Helper Objects:
[06/17/2007, 15:10:43] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:43] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:43] - No filename found. Continuing.
[06/17/2007, 15:10:43] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:43] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:43] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:43] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:43] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:43] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:43] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:43] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:43] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:43] - No filename found. Continuing.
[06/17/2007, 15:10:43] - BHO 8: {F4002052-AB29-4B33-8C8D-0E99084564EC} (MSEvents Object)
[06/17/2007, 15:10:43] - ALERT: Found MSEvents Object!
[06/17/2007, 15:10:43] - Finished Searching Browser Helper Objects
[06/17/2007, 15:10:43] - *** Detected MSEvents Object
[06/17/2007, 15:10:43] - Trying to remove MSEvents Object...
[06/17/2007, 15:10:44] - Terminating Process: IEXPLORE.EXE
[06/17/2007, 15:10:44] - Terminating Process: RUNDLL32.EXE
[06/17/2007, 15:10:44] - Disabling Automatic Shell Restart
[06/17/2007, 15:10:44] - Terminating Process: EXPLORER.EXE
[06/17/2007, 15:10:44] - Suspending the NT Session Manager System Service
[06/17/2007, 15:10:44] - Terminating Windows NT Logon/Logoff Manager
[06/17/2007, 15:10:44] - Re-enabling Automatic Shell Restart
[06/17/2007, 15:10:44] - File to disable: C:\WINDOWS\system32\hggfcab.dll
[06/17/2007, 15:10:44] - Renaming C:\WINDOWS\system32\hggfcab.dll -> C:\WINDOWS\system32\hggfcab.dll.vir
[06/17/2007, 15:10:44] - File successfully renamed!
[06/17/2007, 15:10:44] - Removing HKLM\...\Browser Helper Objects\{F4002052-AB29-4B33-8C8D-0E99084564EC}
[06/17/2007, 15:10:44] - Removing HKCR\CLSID\{F4002052-AB29-4B33-8C8D-0E99084564EC}
[06/17/2007, 15:10:44] - Adding Kill Bit for ActiveX for GUID: {F4002052-AB29-4B33-8C8D-0E99084564EC}
[06/17/2007, 15:10:44] - Deleting ATLEvents/MSEvents Registry entries
[06/17/2007, 15:10:44] - Removing HKLM\...\Winlogon\Notify\hggfcab
[06/17/2007, 15:10:44] - Searching for Browser Helper Objects:
[06/17/2007, 15:10:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:44] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:44] - No filename found. Continuing.
[06/17/2007, 15:10:44] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:44] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:44] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:44] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:44] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:44] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:44] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:44] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:44] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:44] - No filename found. Continuing.
[06/17/2007, 15:10:44] - Finished Searching Browser Helper Objects
[06/17/2007, 15:10:44] - Finishing up...
[06/17/2007, 15:10:44] - A restart is needed.
[06/17/2007, 15:10:44] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/17/2007, 15:10:49] - Attempting to Restart via STOP error (Blue Screen!)
voici le rapport :
[06/17/2007, 15:10:38] - VirtumundoBeGone v1.5 ( "C:\Documents and
Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[06/17/2007, 15:10:41] - Detected System Information:
[06/17/2007, 15:10:41] - Windows Version: 5.1.2600, Service Pack 2
[06/17/2007, 15:10:41] - Current Username: Administrateur (Admin)
[06/17/2007, 15:10:41] - Windows is in SAFE mode with Networking.
[06/17/2007, 15:10:41] - Searching for Browser Helper Objects:
[06/17/2007, 15:10:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:41] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:41] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:41] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:41] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 8: {C2ADFFCB-C620-4374-90D9-8EE7704F714A} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\pmkhh
[06/17/2007, 15:10:41] - Found: HKLM\...\Winlogon\Notify\pmkhh - This is probably Virtumundo.
[06/17/2007, 15:10:41] - Assigning {C2ADFFCB-C620-4374-90D9-8EE7704F714A} MSEvents Object
[06/17/2007, 15:10:41] - BHO list has been changed! Starting over...
[06/17/2007, 15:10:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:41] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:41] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:41] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:41] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 8: {C2ADFFCB-C620-4374-90D9-8EE7704F714A} (MSEvents Object)
[06/17/2007, 15:10:41] - ALERT: Found MSEvents Object!
[06/17/2007, 15:10:41] - BHO 9: {F4002052-AB29-4B33-8C8D-0E99084564EC} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\hggfcab
[06/17/2007, 15:10:41] - Found: HKLM\...\Winlogon\Notify\hggfcab - This is probably Virtumundo.
[06/17/2007, 15:10:41] - Assigning {F4002052-AB29-4B33-8C8D-0E99084564EC} MSEvents Object
[06/17/2007, 15:10:41] - BHO list has been changed! Starting over...
[06/17/2007, 15:10:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:41] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:41] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:41] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:41] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:41] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:41] - No filename found. Continuing.
[06/17/2007, 15:10:41] - BHO 8: {C2ADFFCB-C620-4374-90D9-8EE7704F714A} (MSEvents Object)
[06/17/2007, 15:10:41] - ALERT: Found MSEvents Object!
[06/17/2007, 15:10:41] - BHO 9: {F4002052-AB29-4B33-8C8D-0E99084564EC} (MSEvents Object)
[06/17/2007, 15:10:41] - ALERT: Found MSEvents Object!
[06/17/2007, 15:10:41] - Finished Searching Browser Helper Objects
[06/17/2007, 15:10:41] - *** Detected MSEvents Object
[06/17/2007, 15:10:41] - Trying to remove MSEvents Object...
[06/17/2007, 15:10:42] - Terminating Process: IEXPLORE.EXE
[06/17/2007, 15:10:42] - Terminating Process: RUNDLL32.EXE
[06/17/2007, 15:10:42] - Disabling Automatic Shell Restart
[06/17/2007, 15:10:42] - Terminating Process: EXPLORER.EXE
[06/17/2007, 15:10:42] - Suspending the NT Session Manager System Service
[06/17/2007, 15:10:42] - Terminating Windows NT Logon/Logoff Manager
[06/17/2007, 15:10:43] - Re-enabling Automatic Shell Restart
[06/17/2007, 15:10:43] - File to disable: C:\WINDOWS\system32\pmkhh.dll
[06/17/2007, 15:10:43] - Renaming C:\WINDOWS\system32\pmkhh.dll -> C:\WINDOWS\system32\pmkhh.dll.vir
[06/17/2007, 15:10:43] - File successfully renamed!
[06/17/2007, 15:10:43] - Removing HKLM\...\Browser Helper Objects\{C2ADFFCB-C620-4374-90D9-8EE7704F714A}
[06/17/2007, 15:10:43] - Removing HKCR\CLSID\{C2ADFFCB-C620-4374-90D9-8EE7704F714A}
[06/17/2007, 15:10:43] - Adding Kill Bit for ActiveX for GUID: {C2ADFFCB-C620-4374-90D9-8EE7704F714A}
[06/17/2007, 15:10:43] - Deleting ATLEvents/MSEvents Registry entries
[06/17/2007, 15:10:43] - Removing HKLM\...\Winlogon\Notify\pmkhh
[06/17/2007, 15:10:43] - Searching for Browser Helper Objects:
[06/17/2007, 15:10:43] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:43] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:43] - No filename found. Continuing.
[06/17/2007, 15:10:43] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:43] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:43] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:43] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:43] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:43] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:43] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:43] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:43] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:43] - No filename found. Continuing.
[06/17/2007, 15:10:43] - BHO 8: {F4002052-AB29-4B33-8C8D-0E99084564EC} (MSEvents Object)
[06/17/2007, 15:10:43] - ALERT: Found MSEvents Object!
[06/17/2007, 15:10:43] - Finished Searching Browser Helper Objects
[06/17/2007, 15:10:43] - *** Detected MSEvents Object
[06/17/2007, 15:10:43] - Trying to remove MSEvents Object...
[06/17/2007, 15:10:44] - Terminating Process: IEXPLORE.EXE
[06/17/2007, 15:10:44] - Terminating Process: RUNDLL32.EXE
[06/17/2007, 15:10:44] - Disabling Automatic Shell Restart
[06/17/2007, 15:10:44] - Terminating Process: EXPLORER.EXE
[06/17/2007, 15:10:44] - Suspending the NT Session Manager System Service
[06/17/2007, 15:10:44] - Terminating Windows NT Logon/Logoff Manager
[06/17/2007, 15:10:44] - Re-enabling Automatic Shell Restart
[06/17/2007, 15:10:44] - File to disable: C:\WINDOWS\system32\hggfcab.dll
[06/17/2007, 15:10:44] - Renaming C:\WINDOWS\system32\hggfcab.dll -> C:\WINDOWS\system32\hggfcab.dll.vir
[06/17/2007, 15:10:44] - File successfully renamed!
[06/17/2007, 15:10:44] - Removing HKLM\...\Browser Helper Objects\{F4002052-AB29-4B33-8C8D-0E99084564EC}
[06/17/2007, 15:10:44] - Removing HKCR\CLSID\{F4002052-AB29-4B33-8C8D-0E99084564EC}
[06/17/2007, 15:10:44] - Adding Kill Bit for ActiveX for GUID: {F4002052-AB29-4B33-8C8D-0E99084564EC}
[06/17/2007, 15:10:44] - Deleting ATLEvents/MSEvents Registry entries
[06/17/2007, 15:10:44] - Removing HKLM\...\Winlogon\Notify\hggfcab
[06/17/2007, 15:10:44] - Searching for Browser Helper Objects:
[06/17/2007, 15:10:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/17/2007, 15:10:44] - BHO 2: {26C90985-BE0D-4719-A326-AFF767A34A0A} ()
[06/17/2007, 15:10:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:44] - No filename found. Continuing.
[06/17/2007, 15:10:44] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/17/2007, 15:10:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:44] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/17/2007, 15:10:44] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/17/2007, 15:10:44] - BHO 4: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/17/2007, 15:10:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:44] - Checking for HKLM\...\Winlogon\Notify\vphtnlon
[06/17/2007, 15:10:44] - Key not found: HKLM\...\Winlogon\Notify\vphtnlon, continuing.
[06/17/2007, 15:10:44] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2007, 15:10:44] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/17/2007, 15:10:44] - BHO 7: {BCC4E80C-E6C1-47B1-91BF-7426A665C790} ()
[06/17/2007, 15:10:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/17/2007, 15:10:44] - No filename found. Continuing.
[06/17/2007, 15:10:44] - Finished Searching Browser Helper Objects
[06/17/2007, 15:10:44] - Finishing up...
[06/17/2007, 15:10:44] - A restart is needed.
[06/17/2007, 15:10:44] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/17/2007, 15:10:49] - Attempting to Restart via STOP error (Blue Screen!)
refait navilog pour voir si vundo toujours present
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
--------------------------
puis le reste et colle le rapport du scan en ligne bitdefender
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
--------------------------
puis le reste et colle le rapport du scan en ligne bitdefender
je pense que ce n'est pas encore réglé :(
rapport de navilog :
Search Navipromo version 2.0.3 commencé le dim. 17/06/2007 à 18:56:40,04
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 06/17/07 at 18:56:46.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..........................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/17/07 at 18:58:34 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\oqtss.bak1 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
*** Analyse Terminé le dim. 17/06/2007 à 18:59:01,73 ***
rapport de bitdefender :
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\012LDWOP\is67507[1].exe1
Infected with: MemScan:Trojan.Virtumonde.IC
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\012LDWOP\is67507[1].exe1
Disinfection failed
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\012LDWOP\is67507[1].exe1
Deleted
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8RJ2LMEO\lo1[1]
Infected with: MemScan:Trojan.Virtumod.ALX
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8RJ2LMEO\lo1[1]
Disinfection failed
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8RJ2LMEO\lo1[1]
Deleted
C:\VundoFix Backups\cbxwtus.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\cbxwtus.dll.bad
Disinfection failed
C:\VundoFix Backups\cbxwtus.dll.bad
Deleted
C:\VundoFix Backups\ddccbyw.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\ddccbyw.dll.bad
Disinfection failed
C:\VundoFix Backups\ddccbyw.dll.bad
Deleted
C:\VundoFix Backups\ddcyv.dll.bad
Infected with: MemScan:Trojan.Virtumod.ALX
C:\VundoFix Backups\ddcyv.dll.bad
Disinfection failed
C:\VundoFix Backups\ddcyv.dll.bad
Deleted
C:\VundoFix Backups\efcdcbb.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\efcdcbb.dll.bad
Disinfection failed
C:\VundoFix Backups\efcdcbb.dll.bad
Deleted
C:\VundoFix Backups\efcdefc.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\efcdefc.dll.bad
Disinfection failed
C:\VundoFix Backups\efcdefc.dll.bad
Deleted
C:\VundoFix Backups\fccaxxv.dll.bad
Infected with: MemScan:Trojan.Virtumonde.IC
C:\VundoFix Backups\fccaxxv.dll.bad
Disinfection failed
C:\VundoFix Backups\fccaxxv.dll.bad
Deleted
C:\VundoFix Backups\gebabax.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\gebabax.dll.bad
Disinfection failed
C:\VundoFix Backups\gebabax.dll.bad
Deleted
C:\VundoFix Backups\gebabbc.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\gebabbc.dll.bad
Disinfection failed
C:\VundoFix Backups\gebabbc.dll.bad
Deleted
C:\VundoFix Backups\hggfcab.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\hggfcab.dll.bad
Disinfection failed
C:\VundoFix Backups\hggfcab.dll.bad
Deleted
C:\VundoFix Backups\iivgcsjh.dll.bad
Infected with: MemScan:Trojan.BHO.BM
C:\VundoFix Backups\iivgcsjh.dll.bad
Disinfection failed
C:\VundoFix Backups\iivgcsjh.dll.bad
Deleted
C:\VundoFix Backups\khfedab.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\khfedab.dll.bad
Disinfection failed
C:\VundoFix Backups\khfedab.dll.bad
Deleted
C:\VundoFix Backups\ljjjkkk.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\ljjjkkk.dll.bad
Disinfection failed
C:\VundoFix Backups\ljjjkkk.dll.bad
Deleted
C:\VundoFix Backups\nnnnnll.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\nnnnnll.dll.bad
Disinfection failed
C:\VundoFix Backups\nnnnnll.dll.bad
Deleted
C:\VundoFix Backups\oboxmujv.dll.bad
Infected with: MemScan:Trojan.BHO.BG
C:\VundoFix Backups\oboxmujv.dll.bad
Disinfection failed
C:\VundoFix Backups\oboxmujv.dll.bad
Deleted
C:\VundoFix Backups\opnnllm.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\opnnllm.dll.bad
Disinfection failed
C:\VundoFix Backups\opnnllm.dll.bad
Deleted
C:\VundoFix Backups\pmkhh.dll.bad
Infected with: MemScan:Trojan.Virtumod.ALX
C:\VundoFix Backups\pmkhh.dll.bad
Disinfection failed
C:\VundoFix Backups\pmkhh.dll.bad
Deleted
C:\VundoFix Backups\pmnkiig.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\pmnkiig.dll.bad
Disinfection failed
C:\VundoFix Backups\pmnkiig.dll.bad
Deleted
C:\VundoFix Backups\pmnklig.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\pmnklig.dll.bad
Disinfection failed
C:\VundoFix Backups\pmnklig.dll.bad
Deleted
C:\VundoFix Backups\pmnollm.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\pmnollm.dll.bad
Disinfection failed
C:\VundoFix Backups\pmnollm.dll.bad
Deleted
C:\VundoFix Backups\ssqpqom.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\ssqpqom.dll.bad
Disinfection failed
C:\VundoFix Backups\ssqpqom.dll.bad
Deleted
C:\VundoFix Backups\tuvursp.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\tuvursp.dll.bad
Disinfection failed
C:\VundoFix Backups\tuvursp.dll.bad
Deleted
C:\VundoFix Backups\tuvutuv.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\tuvutuv.dll.bad
Disinfection failed
C:\VundoFix Backups\tuvutuv.dll.bad
Deleted
C:\VundoFix Backups\tuvwvww.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\tuvwvww.dll.bad
Disinfection failed
C:\VundoFix Backups\tuvwvww.dll.bad
Deleted
C:\VundoFix Backups\uwimtlnu.dll.bad
Infected with: Trojan.Vundo.DLV
C:\VundoFix Backups\uwimtlnu.dll.bad
Disinfection failed
C:\VundoFix Backups\uwimtlnu.dll.bad
Deleted
C:\VundoFix Backups\vtutrsq.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\vtutrsq.dll.bad
Disinfection failed
C:\VundoFix Backups\vtutrsq.dll.bad
Deleted
C:\VundoFix Backups\vyopivjd.dll.bad
Infected with: Trojan.Virtumod.ALZ
C:\VundoFix Backups\vyopivjd.dll.bad
Disinfection failed
C:\VundoFix Backups\vyopivjd.dll.bad
Deleted
C:\VundoFix Backups\wvurqqn.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\wvurqqn.dll.bad
Disinfection failed
C:\VundoFix Backups\wvurqqn.dll.bad
Deleted
C:\WINDOWS\system32\fccbayx.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\fccbayx.dll
Disinfection failed
C:\WINDOWS\system32\fccbayx.dll
Delete failed
C:\WINDOWS\system32\hggfcab.dll.vir
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\hggfcab.dll.vir
Disinfection failed
C:\WINDOWS\system32\hggfcab.dll.vir
Deleted
C:\WINDOWS\system32\pmkhh.dll.vir
Infected with: MemScan:Trojan.Virtumod.ALX
C:\WINDOWS\system32\pmkhh.dll.vir
Disinfection failed
C:\WINDOWS\system32\pmkhh.dll.vir
Deleted
C:\WINDOWS\system32\sstqo.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\WINDOWS\system32\sstqo.dll
Disinfection failed
C:\WINDOWS\system32\sstqo.dll
Delete failed
C:\WINDOWS\WinBots32\15-6-2007.21-40-1.bot
Infected with: Backdoor.Spybot.DLN
C:\WINDOWS\WinBots32\15-6-2007.21-40-1.bot
Deleted
rapport de navilog :
Search Navipromo version 2.0.3 commencé le dim. 17/06/2007 à 18:56:40,04
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 06/17/07 at 18:56:46.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..........................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/17/07 at 18:58:34 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\oqtss.bak1 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
*** Analyse Terminé le dim. 17/06/2007 à 18:59:01,73 ***
rapport de bitdefender :
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\012LDWOP\is67507[1].exe1
Infected with: MemScan:Trojan.Virtumonde.IC
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\012LDWOP\is67507[1].exe1
Disinfection failed
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\012LDWOP\is67507[1].exe1
Deleted
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8RJ2LMEO\lo1[1]
Infected with: MemScan:Trojan.Virtumod.ALX
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8RJ2LMEO\lo1[1]
Disinfection failed
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8RJ2LMEO\lo1[1]
Deleted
C:\VundoFix Backups\cbxwtus.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\cbxwtus.dll.bad
Disinfection failed
C:\VundoFix Backups\cbxwtus.dll.bad
Deleted
C:\VundoFix Backups\ddccbyw.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\ddccbyw.dll.bad
Disinfection failed
C:\VundoFix Backups\ddccbyw.dll.bad
Deleted
C:\VundoFix Backups\ddcyv.dll.bad
Infected with: MemScan:Trojan.Virtumod.ALX
C:\VundoFix Backups\ddcyv.dll.bad
Disinfection failed
C:\VundoFix Backups\ddcyv.dll.bad
Deleted
C:\VundoFix Backups\efcdcbb.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\efcdcbb.dll.bad
Disinfection failed
C:\VundoFix Backups\efcdcbb.dll.bad
Deleted
C:\VundoFix Backups\efcdefc.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\efcdefc.dll.bad
Disinfection failed
C:\VundoFix Backups\efcdefc.dll.bad
Deleted
C:\VundoFix Backups\fccaxxv.dll.bad
Infected with: MemScan:Trojan.Virtumonde.IC
C:\VundoFix Backups\fccaxxv.dll.bad
Disinfection failed
C:\VundoFix Backups\fccaxxv.dll.bad
Deleted
C:\VundoFix Backups\gebabax.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\gebabax.dll.bad
Disinfection failed
C:\VundoFix Backups\gebabax.dll.bad
Deleted
C:\VundoFix Backups\gebabbc.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\gebabbc.dll.bad
Disinfection failed
C:\VundoFix Backups\gebabbc.dll.bad
Deleted
C:\VundoFix Backups\hggfcab.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\hggfcab.dll.bad
Disinfection failed
C:\VundoFix Backups\hggfcab.dll.bad
Deleted
C:\VundoFix Backups\iivgcsjh.dll.bad
Infected with: MemScan:Trojan.BHO.BM
C:\VundoFix Backups\iivgcsjh.dll.bad
Disinfection failed
C:\VundoFix Backups\iivgcsjh.dll.bad
Deleted
C:\VundoFix Backups\khfedab.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\khfedab.dll.bad
Disinfection failed
C:\VundoFix Backups\khfedab.dll.bad
Deleted
C:\VundoFix Backups\ljjjkkk.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\ljjjkkk.dll.bad
Disinfection failed
C:\VundoFix Backups\ljjjkkk.dll.bad
Deleted
C:\VundoFix Backups\nnnnnll.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\nnnnnll.dll.bad
Disinfection failed
C:\VundoFix Backups\nnnnnll.dll.bad
Deleted
C:\VundoFix Backups\oboxmujv.dll.bad
Infected with: MemScan:Trojan.BHO.BG
C:\VundoFix Backups\oboxmujv.dll.bad
Disinfection failed
C:\VundoFix Backups\oboxmujv.dll.bad
Deleted
C:\VundoFix Backups\opnnllm.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\opnnllm.dll.bad
Disinfection failed
C:\VundoFix Backups\opnnllm.dll.bad
Deleted
C:\VundoFix Backups\pmkhh.dll.bad
Infected with: MemScan:Trojan.Virtumod.ALX
C:\VundoFix Backups\pmkhh.dll.bad
Disinfection failed
C:\VundoFix Backups\pmkhh.dll.bad
Deleted
C:\VundoFix Backups\pmnkiig.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\pmnkiig.dll.bad
Disinfection failed
C:\VundoFix Backups\pmnkiig.dll.bad
Deleted
C:\VundoFix Backups\pmnklig.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\pmnklig.dll.bad
Disinfection failed
C:\VundoFix Backups\pmnklig.dll.bad
Deleted
C:\VundoFix Backups\pmnollm.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\pmnollm.dll.bad
Disinfection failed
C:\VundoFix Backups\pmnollm.dll.bad
Deleted
C:\VundoFix Backups\ssqpqom.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\ssqpqom.dll.bad
Disinfection failed
C:\VundoFix Backups\ssqpqom.dll.bad
Deleted
C:\VundoFix Backups\tuvursp.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\tuvursp.dll.bad
Disinfection failed
C:\VundoFix Backups\tuvursp.dll.bad
Deleted
C:\VundoFix Backups\tuvutuv.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\tuvutuv.dll.bad
Disinfection failed
C:\VundoFix Backups\tuvutuv.dll.bad
Deleted
C:\VundoFix Backups\tuvwvww.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\tuvwvww.dll.bad
Disinfection failed
C:\VundoFix Backups\tuvwvww.dll.bad
Deleted
C:\VundoFix Backups\uwimtlnu.dll.bad
Infected with: Trojan.Vundo.DLV
C:\VundoFix Backups\uwimtlnu.dll.bad
Disinfection failed
C:\VundoFix Backups\uwimtlnu.dll.bad
Deleted
C:\VundoFix Backups\vtutrsq.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\vtutrsq.dll.bad
Disinfection failed
C:\VundoFix Backups\vtutrsq.dll.bad
Deleted
C:\VundoFix Backups\vyopivjd.dll.bad
Infected with: Trojan.Virtumod.ALZ
C:\VundoFix Backups\vyopivjd.dll.bad
Disinfection failed
C:\VundoFix Backups\vyopivjd.dll.bad
Deleted
C:\VundoFix Backups\wvurqqn.dll.bad
Infected with: MemScan:Trojan.Virtumod.AMA
C:\VundoFix Backups\wvurqqn.dll.bad
Disinfection failed
C:\VundoFix Backups\wvurqqn.dll.bad
Deleted
C:\WINDOWS\system32\fccbayx.dll
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\fccbayx.dll
Disinfection failed
C:\WINDOWS\system32\fccbayx.dll
Delete failed
C:\WINDOWS\system32\hggfcab.dll.vir
Infected with: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\hggfcab.dll.vir
Disinfection failed
C:\WINDOWS\system32\hggfcab.dll.vir
Deleted
C:\WINDOWS\system32\pmkhh.dll.vir
Infected with: MemScan:Trojan.Virtumod.ALX
C:\WINDOWS\system32\pmkhh.dll.vir
Disinfection failed
C:\WINDOWS\system32\pmkhh.dll.vir
Deleted
C:\WINDOWS\system32\sstqo.dll
Infected with: MemScan:Trojan.Virtumod.ALX
C:\WINDOWS\system32\sstqo.dll
Disinfection failed
C:\WINDOWS\system32\sstqo.dll
Delete failed
C:\WINDOWS\WinBots32\15-6-2007.21-40-1.bot
Infected with: Backdoor.Spybot.DLN
C:\WINDOWS\WinBots32\15-6-2007.21-40-1.bot
Deleted
oui si pb n'hesite pas je repondrais quand je peux mais pas ce soir.
-------------------------------
scan avec ROGUE REMOVER
http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover
-----------------------
tu peux utiliser AVG ANTISPYWARE
https://www.01net.com/telecharger/
---------------------
si pb colle un rapport hijackthis et du scan en ligne
avec hijackthis fix les lignes contenant
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro
wvutrsr.dll
awvtr.dll
ufsumpvl.dll
-------------------------------
scan avec ROGUE REMOVER
http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover
-----------------------
tu peux utiliser AVG ANTISPYWARE
https://www.01net.com/telecharger/
---------------------
si pb colle un rapport hijackthis et du scan en ligne
avec hijackthis fix les lignes contenant
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro
wvutrsr.dll
awvtr.dll
ufsumpvl.dll
voici le denrier rapport Hijak :
Logfile of HijackThis v1.99.1
Scan saved at 21:39:05, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\winctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
F:\Downloads\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26C90985-BE0D-4719-A326-AFF767A34A0A} - (no file)
O2 - BHO: (no name) - {27F63097-ADD8-421D-ABF6-FB0F7D313CE0} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\cbxvuvv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\mpntlekp.dll",realset
O4 - HKLM\..\Run: [Microsoft Driver Database] winctrl.exe
O4 - HKLM\..\RunServices: [Microsoft Driver Database] winctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: cbxvuvv - C:\WINDOWS\SYSTEM32\cbxvuvv.dll
O20 - Winlogon Notify: nnnnmmj - nnnnmmj.dll (file missing)
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xohyiked.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:39:05, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\winctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
F:\Downloads\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26C90985-BE0D-4719-A326-AFF767A34A0A} - (no file)
O2 - BHO: (no name) - {27F63097-ADD8-421D-ABF6-FB0F7D313CE0} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\cbxvuvv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\mpntlekp.dll",realset
O4 - HKLM\..\Run: [Microsoft Driver Database] winctrl.exe
O4 - HKLM\..\RunServices: [Microsoft Driver Database] winctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: cbxvuvv - C:\WINDOWS\SYSTEM32\cbxvuvv.dll
O20 - Winlogon Notify: nnnnmmj - nnnnmmj.dll (file missing)
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xohyiked.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
