V iris msn

Brittany -  
Brittany_4 Messages postés 82 Statut Membre -
j,espere wu e cas va fonctionne la et scuse moi encore
je te mets les logs
merci a l,aavance

Logfile of HijackThis v1.99.1
Scan saved at 16:15:16, on 2007-06-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Propriétaire\Mes documents\scan\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ici.radio-canada.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\cbwlyule.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rosybestangel.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

MSN_Fix 1.327

C:\Documents and Settings\Propri‚taire\Bureau\MSNFix\MSNFix
Fix exécuté le 2007-06-26 - 16:29:00,45 By Propri‚taire
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

... C:\Temp\

************************ Suppression des dossiers

.. OK ... C:\Temp\

************************ Nettoyage du registre

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2007-06-26_16295018.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.aceboard.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
Configuration: Windows XP
Internet Explorer 6.0

74 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Une machine Windows XP est infectée selon le log HijackThis, présentant une infection multiple avec des entrées de démarrage, des barres d’outils et des composants réseau suspects.
Plusieurs éléments repérés incluent des services et processus légitimes associés à Norton, Symantec, Apple Bonjour, ainsi que des entrées suspectes liées à ALCXMNTR.EXE et des barres d’outils Yahoo et Google.
Des solutions proposées impliquent de lancer OTMoveIt puis ComboFix en mode sans échec, de déplacer puis supprimer les éléments suspects et de consulter les rapports générés, éventuellement après redémarrage.
En cas de doutes, certains participants notent que des composants tels que des modules LSSrvc, ccApp et des pilotes VPN peuvent masquer leur activité, d’où la prudence lors des suppressions.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

    pour cette ligne essaye ca:

    "Salut,
    Pour supprimer ce genre de fichier/service actf sur ton pc, il te suffit de demarrer ton pc en mode sans echec, en appuyant plusieurs fois sur la touche f8 jusqu'a l'obtention d'un ecran ou tu pourra choisir le mode sans echec et ensuite và supprimer le fichier que tu desires."
    J'ajoute que le dossier "bonjour" se trouve dans C:\program files.

    -----------
    scan avec spybot
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    ------------------
    et bit defender en ligne et colle le rapport
    https://www.bitdefender.com/toolbox/
    0
  2. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    désolé de m'immiscer, mais Castlecops considère la 010 comme légitime :
    http://www.castlecops.com/lsp-183.html

    par contre, il y a une infection vundo à traiter.

    Bonne suite
    0
  3. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Up
    Merci de cette double correction.
    Juste pour suivre l'épilogue.
    Al.
    0
    1. Brittany_4 Messages postés 82 Statut Membre 3
       
      bonjour Afiged
      j,espère que tu va bien ?
      moi boff
      j,ai un trojan win32.StartPage.aor
      pis j,ai fais hijackthis qui a donné ca

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:21:37, on 2007-09-09
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\ALCXMNTR.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\system32\VTTimer.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Microsoft Office\Office\OSA.EXE
      C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\System32\dllhost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Répertoire temporaire 5 pour HiJackThis.zip\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ici.radio-canada.ca/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
      O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.04\MediaManager\grab.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
      1. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602 > Brittany_4 Messages postés 82 Statut Membre
         
        Bonjour Brittany_4,

        Deux choses avant de commencer :

        1°- À partir de quel lien peux-tu obtenir cette "pré- analyse" du log HijackThis, et comment fais-tu pour la mettre en "flou" sur le forum ?

        2°- Es-tu bien Brittany qui est l'initiateur de ce topic ?
        Parce que je trouve que tu es déjà pas mal investi sur d'autres topics ==> à preuve ICI


        Merci
        Absent cette journée
        Al.
        0
      2. Brittany_4 Messages postés 82 Statut Membre 3 > afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention  
         
        bonjour Afiged
        je vais répondre a tes questions
        1. le lien pour la pré-analyse du log Hijackthis je me souviens plus ou je l,ai trouvé mais l,adresse c,est
        http://www.hijackthis.de/fr#anl
        que la pré-analyse sois flou je sais pas. j,ai fais copier - coller et ca a donné ca

        2.oui je suis Brittany j,ai changer pour Brittany_4 c,est que je recevais jamais les reponses automatique et ca me disais que j,etais inscrites
        alors je me suis inscrit dans CCM avec Brittany_4 et la ca fonctionne

        je m,excuse pour les topics . je sais j,en ai ouvert 2 pour le meme sujet
        je vais resté sur trojan win32.StartPage.aor

        je m,excuse encore
        bye et merci de ta compréhension
        Brittany_4
        0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    http://www.malekal.com/Trojan.vundo.php

    pour vundo cf le lien ci joint
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. beushtar
     
    kel est la pour m aider sil vous plait pour le virus msn photo.zip
    0
  7. beushtar77 Messages postés 21 Statut Membre
     
    please
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      CREER SON PROPRE TOPIK

      Il serait préférable que tu crées ton propre « topik » message personnel. Cela rendra le poste (ici) plus compréhensible, et nous pourrons traiter ton soucis avec plus d’efficacité.
      Donc
      Fais ce qui suit, SVP
      Merci
      http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
      A++
      http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm

      0
    2. Brittany
       
      j,ai fait tout le processus pour le trojan vundo et dans mon log hi jackthis y me reste des .dll je joint mon log . stp dites moi si mon ordi es ok ? merci bcp

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 20:06:27, on 2007-06-27
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\Winamp\Winampa.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
      C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\System32\HPZipm12.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Propriétaire\Bureau\HiJackThis_v2.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ici.radio-canada.ca/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\ubitnpay.dll
      O2 - BHO: (no name) - {741D2E5C-340B-4129-AA58-A0557189A0B8} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
      O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
      O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
      O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\kuegkpca.dll",forkonce
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rosybestangel.spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
      O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
      O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
      O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
      0
      1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280 > Brittany
         
        Reste sur ce topik
        STP
        MERCI


        Télécharge SmitfraudFix
        Ouvre ce lien (merci a S!RI pour ce programme)
        http://siri.urz.free.fr/Fix/SmitfraudFix.php
        et télécharge SmitfraudFix.exe.

        Regarde le tuto

        Exécute le en choisissant l’option 1,
        il va générer un rapport
        Copie/colle le sur le poste stp.



        0
      2. Brittany > Brittany
         
        merci voila le rapport

        SmitFraudFix v2.197

        Rapport fait à 16:15:06,07, 2007-06-28
        Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
        OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
        Le type du système de fichiers est NTFS
        Fix executé en mode normal

        »»»»»»»»»»»»»»»»»»»»»»»» Process

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Windows Defender\MsMpEng.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
        C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
        C:\WINDOWS\system32\spoolsv.exe
        c:\program files\a-squared free\a2service.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        C:\WINDOWS\System32\HPZipm12.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
        C:\Program Files\Winamp\Winampa.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
        C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\system32\cmd.exe

        »»»»»»»»»»»»»»»»»»»»»»»» hosts


        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


        »»»»»»»»»»»»»»»»»»»»»»»» Bureau


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


        »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


        »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Ma page d'accueil"


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""
        "LoadAppInit_DLLs"=dword:00000001


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Rustock



        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
        DNS Server Search Order: 205.151.69.200
        DNS Server Search Order: 205.151.68.200

        Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
        DNS Server Search Order: 192.168.0.1

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{041F7222-FCCE-4C8F-8B4E-EC3568D8AA45}: DhcpNameServer=192.168.0.1
        HKLM\SYSTEM\CCS\Services\Tcpip\..\{E4210201-B9B4-4609-81F4-07E17DF9352A}: DhcpNameServer=205.151.69.200 205.151.68.200
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{041F7222-FCCE-4C8F-8B4E-EC3568D8AA45}: DhcpNameServer=192.168.0.1
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{E4210201-B9B4-4609-81F4-07E17DF9352A}: DhcpNameServer=205.151.69.200 205.151.68.200
        HKLM\SYSTEM\CS3\Services\Tcpip\..\{041F7222-FCCE-4C8F-8B4E-EC3568D8AA45}: DhcpNameServer=192.168.0.1
        HKLM\SYSTEM\CS3\Services\Tcpip\..\{E4210201-B9B4-4609-81F4-07E17DF9352A}: DhcpNameServer=205.151.69.200 205.151.68.200
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200
        HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200


        »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


        »»»»»»»»»»»»»»»»»»»»»»»» Fin

        Merci de m,aider j,attend le diagnostic
        0
  8. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 ((Si F8 ne marche pas utilise la touche F5)).
    dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2,
    répond oui à tous ;
    Sauvegarde le rapport,
    Redémarre en mode normal,
    Copie/colle le rapport sauvegardé sur le forum

    Refais un log Hitjackthis
    0
  9. Brittany
     
    SmitFraudFix v2.197

    Rapport fait à 16:29:06,51, 2007-06-28
    Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{041F7222-FCCE-4C8F-8B4E-EC3568D8AA45}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E4210201-B9B4-4609-81F4-07E17DF9352A}: DhcpNameServer=205.151.69.200 205.151.68.200
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{041F7222-FCCE-4C8F-8B4E-EC3568D8AA45}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E4210201-B9B4-4609-81F4-07E17DF9352A}: DhcpNameServer=205.151.69.200 205.151.68.200
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{041F7222-FCCE-4C8F-8B4E-EC3568D8AA45}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{E4210201-B9B4-4609-81F4-07E17DF9352A}: DhcpNameServer=205.151.69.200 205.151.68.200
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:43:00, on 2007-06-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\a-squared free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Propriétaire\Bureau\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\ubitnpay.dll
    O2 - BHO: (no name) - {741D2E5C-340B-4129-AA58-A0557189A0B8} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\kuegkpca.dll",forkonce
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rosybestangel.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    0
  10. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Je décroche
    Je sature

    A demain

    A moins qu'un autre helpers passe

    Bizz
    0
  11. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Bonsoir TLM

    Marie, fais-lui relancer 2 fois VundoFix version 6.5.0.1
    Et poster les deux rapports l'un après l'autre SVP

    Pourrait-il détailler à nouveau et exactement son souci SVP ?

    Merci
    Al.
    0
  12. Brittany
     
    6.5.1 es tu le meme que 6.5.0.1
    j,ai fais 2 fois le 6.5.1 et y a rien de detecte
    je fais quoi svp
    0
  13. Brittany
     
    je renvoi le log de hijackkthis
    mon anti-virus a supprimer le virus vundo
    dites-moi stp si mon ordi est ok ?? merci

    Logfile of HijackThis v1.99.1
    Scan saved at 18:48:34, on 2007-06-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    c:\program files\a-squared free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Propriétaire\Mes documents\scan\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ici.radio-canada.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\ubitnpay.dll
    O2 - BHO: (no name) - {741D2E5C-340B-4129-AA58-A0557189A0B8} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\kuegkpca.dll",forkonce
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rosybestangel.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  14. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Bonsoir Brittany,

    Donc, j'écrivais ceci : « Marie, fais-lui relancer 2 fois VundoFix version 6.5.0.1
    Et poster les deux rapports l'un après l'autre SVP

    Pourrait-il détailler à nouveau et exactement son souci SVP ? »

    CIT. « mon anti-virus a supprimer le virus vundo » ==> Pourrais-tu être plus précis ?
    Quel anti virus? Quels étaient les fichiers infectés ? Pas de rapport ?

    Je ne vois rien venir.
    Je ne demande pourtant pas beaucoup.
    Merci
    Al.
    0
    1. Brittany
       
      allo j,ai fais 2 fois v undofix et y detecte rien et j,ai fais un analyse avec northon anti virus qui a detecte le virus vundo comme y m,avais ete dis que mon ordi avais
      mais hier vundo avais detecte des chose et pas mis le rapp j,ai spprimer .

      comment je faiss en passant stp pour voir quand j,ai une reponse, la je ferme et reouvre le site a toute les fois merci
      0
  15. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Re,

    A)- Oui, ces soucis proviennent du fait que tu ne sois pas inscrit.

    Voici pour comprendre et faire :

    1°- Guide du forum < ccmforum >

    2°- Inscription CCM < inscription >

    3°- Pour contacter personnellement les seuls membres inscrits sur ce ForumCCM, il faut être également soi-même inscrit !

    J'espère une amélioration pour toi avec ça.

    B)- Je ne sais toujours pas quel sont tes soucis avec le PC ?

    C)- Fais ceci SVP ( après je vais au lit )

    1)- Télécharge Combofix.exe (par sUBs) sur ton Bureau
    < http://download.bleepingcomputer.com/sUBs/ComboFix.exe >
    Double clique combofix.exe et suis les invites.
    Lorsque le scan sera complété, un rapport apparaîtra.
    Poste-le sur le forum ici
    ( copier/coller )

    2)- Télécharge le script "Silent Runners"

    clic droit > sur le lien suivant :
    https://www.silentrunners.org/Silent%20Runners.vbs
    "enregistrer la cible sous" choisir le « bureau
    Double clic gauche sur l’icône "SilentRunners.vbs" du bureau
    [ouvrir] clic sur "Yes" puis sur "OK"
    ( clique ensuite 2 fois sur "yes" )
    Laisse-lui le temps de faire son analyse (compte une minute, montre en main)

    À la fin, tu obtiens ce message < http://img130.imageshack.us/img130/1323/screenshot247yd1.gif >
    poste le rapport généré " Startup Programs " qui se trouve dans le même dossier que Silent Runners... ( mais il est déjà sur ton bureau ainsi < http://img266.imageshack.us/img266/6684/screenshot248hr2.gif > )

    Si ton antivirus s'affole, autorise ce script. Ou au pire, désactive-le juste le temps du téléchargement et du scan. Ce script n'est pas dangereux.

    à demain
    Al.
    0
    1. Brittany
       
      merci je fai le scan la et pour mon nick y va changer pour m,inscrire je peux pas reprendrr celui la je te dis quel nick je vais avoir merci bcp
      0
  16. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    (suite)

    1°- Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.

    Une fois terminé, redémarre le PC
    et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse

    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.

    Poste un nouveau rapport HijackThis.

    2°- Télécharge DrWeb
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    La version est automatiquement à jour.
    Installe le.
    Lance le.
    Une analyse des processus se lance.
    Ensuite, choisis le lecteur à scanner ( C ) et lance l'analyse.
    Choisis de supprimer ce qu’il trouve
    Poste le rapport.

    Courage et à demain fin de journée.
    Je compte sur toi pour exécuter les instructions à la lettre.
    Merci
    Al.
    0
  17. Brittany
     
    "Propri‚taire" - 2007-06-28 19:50:39 - ComboFix 07-06-27.7 - Service Pack 2 NTFS

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\cbxwvtt.dll
    C:\WINDOWS\system32\cbxwxwx.dll
    C:\WINDOWS\system32\cbxxvuu.dll
    C:\WINDOWS\system32\fccbawx.dll
    C:\WINDOWS\system32\gebaxya.dll
    C:\WINDOWS\system32\hgggdec.dll
    C:\WINDOWS\system32\jkkhihf.dll
    C:\WINDOWS\system32\jkkiffg.dll
    C:\WINDOWS\system32\khfggdb.dll
    C:\WINDOWS\system32\khfggdc.dll
    C:\WINDOWS\system32\ljjhijg.dll
    C:\WINDOWS\system32\mljgggh.dll
    C:\WINDOWS\system32\nnnnnno.dll
    C:\WINDOWS\system32\opnlljj.dll
    C:\WINDOWS\system32\opnmlih.dll
    C:\WINDOWS\system32\opnomnk.dll
    C:\WINDOWS\system32\pmnmlkl.dll
    C:\WINDOWS\system32\pmnmmjj.dll
    C:\WINDOWS\system32\rqroonn.dll
    C:\WINDOWS\system32\rqrpnkl.dll
    C:\WINDOWS\system32\rqrpqqn.dll
    C:\WINDOWS\system32\rqrsqqr.dll
    C:\WINDOWS\system32\ssqqqro.dll
    C:\WINDOWS\system32\tuvuuvs.dll
    C:\WINDOWS\system32\tuvwuss.dll
    C:\WINDOWS\system32\urqnnon.dll
    C:\WINDOWS\system32\urqoppo.dll
    C:\WINDOWS\system32\urqpnnn.dll
    C:\WINDOWS\system32\vtuuspq.dll
    C:\WINDOWS\system32\wvurrss.dll
    C:\WINDOWS\system32\wvutstt.dll
    C:\WINDOWS\system32\xxyvwwu.dll
    C:\WINDOWS\system32\xxywvst.dll
    C:\WINDOWS\system32\yayvssq.dll
    C:\WINDOWS\system32\yaywxyx.dll

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\nm

    ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))

    2007-06-28 19:49 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-28 16:15 2,406 --a------ C:\WINDOWS\system32\tmp.reg
    2007-06-28 16:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-06-28 16:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-06-28 16:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-06-27 20:19 75,512 --a------ C:\WINDOWS\zllsputility.exe
    2007-06-27 20:19 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-06-27 20:19 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2007-06-27 20:19 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-06-27 20:19 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-06-27 20:18 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
    2007-06-27 20:18 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-06-27 20:00 <REP> d-------- C:\Program Files\RegCleaner
    2007-06-27 16:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-06-27 15:07 <REP> d-------- C:\VundoFix Backups
    2007-06-27 14:09 128,576 --a------ C:\WINDOWS\system32\kuegkpca.dll
    2007-06-26 14:14 66,112 --a------ C:\WINDOWS\system32\ubitnpay.dll
    2007-06-25 20:16 178,688 --a------ C:\WINDOWS\system32\gold.exe
    2007-06-25 20:00 31,254 --a------ C:\WINDOWS\system32\tuvspqn.dll.vir
    2007-06-01 19:51 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
    2007-06-01 19:51 57,344 --a------ C:\WINDOWS\system32\MTXSYNCICON.dll
    2007-06-01 19:51 57,344 --a------ C:\WINDOWS\system32\MK_Lyric.dll
    2007-06-01 19:51 49,152 --a------ C:\WINDOWS\system32\MaJGUILib.dll
    2007-06-01 19:51 471,040 --a------ C:\WINDOWS\system32\muzapp.dll
    2007-06-01 19:51 45,056 --a------ C:\WINDOWS\system32\MaXMLProto.dll
    2007-06-01 19:51 45,056 --a------ C:\WINDOWS\system32\MACXMLProto.dll
    2007-06-01 19:51 40,960 --a------ C:\WINDOWS\system32\MTTELECHIP.dll
    2007-06-01 19:51 40,960 --a------ C:\WINDOWS\system32\MAMACExtract.dll
    2007-06-01 19:51 364,544 --a------ C:\WINDOWS\system32\MASetupWizard.dll
    2007-06-01 19:51 245,760 --a------ C:\WINDOWS\system32\MSCLib.dll
    2007-06-01 19:51 245,408 --a------ C:\WINDOWS\system32\unicows.dll
    2007-06-01 19:51 24,576 --a------ C:\WINDOWS\system32\MASetupCleaner.exe
    2007-06-01 19:51 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
    2007-06-01 19:51 200,704 --a------ C:\WINDOWS\system32\muzwmts.dll
    2007-06-01 19:51 163,840 --a------ C:\WINDOWS\system32\muzapp.exe
    2007-06-01 19:51 155,648 --a------ C:\WINDOWS\system32\MSFLib.dll
    2007-06-01 19:51 135,168 --a------ C:\WINDOWS\system32\muzaf1.dll
    2007-06-01 19:51 118,784 --a------ C:\WINDOWS\system32\MaDRM.dll
    2007-06-01 19:51 110,592 --a------ C:\WINDOWS\system32\tg_dump.dll
    2007-06-01 19:51 106,609 --a------ C:\WINDOWS\system32\MaJUtilLib.dll
    2007-06-01 19:51 <REP> d-------- C:\Program Files\Samsung
    2007-06-01 19:51 <REP> d-------- C:\Program Files\MarkAny
    2007-06-01 19:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-28 23:46:25 -------- d-----w C:\Program Files\a-squared Free
    2007-06-28 21:18:45 -------- d-----w C:\Program Files\Yahoo!
    2007-06-28 00:55:29 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-28 00:21:35 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
    2007-06-27 23:55:11 -------- d-----w C:\Program Files\Macrogaming
    2007-06-27 20:22:39 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-06-06 18:49:51 -------- d-----w C:\DOCUME~1\PROPRI~1\APPLIC~1\Image Zone Express
    2007-06-04 18:48:13 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-06-01 23:51:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-10 02:00:24 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-05-01 19:13:26 -------- d-----w C:\Program Files\Bonjour
    2007-04-29 04:03:11 -------- d-----w C:\Program Files\Symantec
    2007-04-29 04:03:07 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-04-29 04:03:07 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-04-29 03:36:30 -------- d-----w C:\Program Files\Norton AntiVirus
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll [2007-04-16 17:47]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-23 00:40]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 22:20]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 13:22]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
    "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32]
    "MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoControlPanel"=0 (0x0)
    "NoClose"=0 (0x0)
    "StartMenuLogOff"=0 (0x0)
    "HideClock"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"="C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eXcentrix Startup.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eXcentrix Startup.lnk
    backup=C:\WINDOWS\pss\eXcentrix Startup.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\WINDOWS\pss\Démarrage d'Office.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    C:\HP\KBD\KBD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogProtect]
    "C:\Program Files\LogProtect\LogProtect.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
    rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\System32\\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Protect]
    SHVRTF.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "C:\Program Files\Winamp\Winampa.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    Contents of the 'Scheduled Tasks' folder
    2007-06-29 00:06:10 C:\WINDOWS\tasks\MP Scheduled Scan.job
    2007-06-23 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Analyse système complète - Propriétaire.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-28 20:04:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-28 20:09:55 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-28 20:09

    --- E O F ---
    merci Bonne nuit
    0
  18. Brittany
     
    la suite

    "Silent Runners.vbs", revision R50, https://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
    "WinampAgent" = ""C:\Program Files\Winamp\Winampa.exe"" [null data]
    "HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Development Company, L.P."]
    "Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -masquer" [MS]
    "ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
    "osCheck" = ""C:\Program Files\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"]
    "Symantec PIF AlertEng" = ""C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"]
    "SMSTray" = "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" ["SAMSUNG ELECTRONICS"]
    "MAAgent" = "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" ["(*)****" (unwritable string)]
    "ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"
    \StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
    \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
    -> {HKLM...CLSID} = "SampleView"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\SHVRTF.dll" ["XSS"]
    "{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"
    -> {HKLM...CLSID} = "Séparateur du Classeur Microsoft Office"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]
    "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
    -> {HKLM...CLSID} = "ZLAVShExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
    -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
    \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
    <<!>> "{88485281-8b4b-4f8d-9ede-82e29a064277}" = "MarkAny Contents Safer Manager 1.0"
    -> {HKLM...CLSID} = "ShellHook Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" ["MarkAny Cooperation."]
    <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
    -> {HKLM...CLSID} = "IEContextMenu Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
    ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
    -> {HKLM...CLSID} = "ZLAVShExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
    -> {HKLM...CLSID} = "IEContextMenu Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
    ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
    -> {HKLM...CLSID} = "ZLAVShExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "DisableRegedit" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "NoFind" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "NoRun" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "NoDesktop" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "NoControlPanel" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "NoClose" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "StartMenuLogOff" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    "HideClock" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Startup items in "Propriétaire" & "All Users" startup folders:
    --------------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Development Company, L.P."]

    Enabled Scheduled Tasks:
    ------------------------

    "MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
    "Norton AntiVirus - Analyse système complète - Propriétaire" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

    {7F9DB11C-E358-4CA6-A83D-ACC663939424}\
    "ButtonText" = "Bonjour"

    {85D1F590-48F4-11D9-9669-0800200C9A66}\
    "MenuText" = "Uninstall BitDefender Online Scanner v8"
    "Exec" = "%windir%\bdoscandel.exe" [null data]

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    "MenuText" = "@xpsp3res.dll,-20001"
    "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    a-squared Free Service, a2free, "c:\program files\a-squared free\a2service.exe" ["Emsi Software GmbH"]
    AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
    Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
    LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
    LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
    Planificateur LiveUpdate automatique, Planificateur LiveUpdate automatique, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
    Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"]
    Service Bonjour, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
    Symantec AppCore Service, SymAppCore, ""C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
    Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
    Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
    Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
    TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
    Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
    Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]

    ----------
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 53 seconds, including 13 seconds for message boxes)
    0
  19. Brittany
     
    [06/27/2007, 15:42:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [06/27/2007, 15:42:09] - Detected System Information:
    [06/27/2007, 15:42:09] - Windows Version: 5.1.2600, Service Pack 2
    [06/27/2007, 15:42:09] - Current Username: Propriétaire (Admin)
    [06/27/2007, 15:42:09] - Windows is in SAFE mode with Networking.
    [06/27/2007, 15:42:09] - Searching for Browser Helper Objects:
    [06/27/2007, 15:42:09] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [06/27/2007, 15:42:09] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/27/2007, 15:42:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:09] - Checking for HKLM\...\Winlogon\Notify\ubitnpay
    [06/27/2007, 15:42:09] - Key not found: HKLM\...\Winlogon\Notify\ubitnpay, continuing.
    [06/27/2007, 15:42:09] - BHO 3: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/27/2007, 15:42:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:09] - Checking for HKLM\...\Winlogon\Notify\ssttq
    [06/27/2007, 15:42:09] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
    [06/27/2007, 15:42:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/27/2007, 15:42:09] - BHO 5: {7C24493F-3D23-4258-9426-42C5FC3B8211} ()
    [06/27/2007, 15:42:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:09] - Checking for HKLM\...\Winlogon\Notify\tuvspqn
    [06/27/2007, 15:42:09] - Found: HKLM\...\Winlogon\Notify\tuvspqn - This is probably Virtumundo.
    [06/27/2007, 15:42:09] - Assigning {7C24493F-3D23-4258-9426-42C5FC3B8211} MSEvents Object
    [06/27/2007, 15:42:09] - BHO list has been changed! Starting over...
    [06/27/2007, 15:42:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [06/27/2007, 15:42:10] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/27/2007, 15:42:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:10] - Checking for HKLM\...\Winlogon\Notify\ubitnpay
    [06/27/2007, 15:42:10] - Key not found: HKLM\...\Winlogon\Notify\ubitnpay, continuing.
    [06/27/2007, 15:42:10] - BHO 3: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/27/2007, 15:42:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:10] - Checking for HKLM\...\Winlogon\Notify\ssttq
    [06/27/2007, 15:42:10] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
    [06/27/2007, 15:42:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/27/2007, 15:42:10] - BHO 5: {7C24493F-3D23-4258-9426-42C5FC3B8211} (MSEvents Object)
    [06/27/2007, 15:42:10] - ALERT: Found MSEvents Object!
    [06/27/2007, 15:42:10] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/27/2007, 15:42:10] - Finished Searching Browser Helper Objects
    [06/27/2007, 15:42:10] - *** Detected MSEvents Object
    [06/27/2007, 15:42:10] - Trying to remove MSEvents Object...
    [06/27/2007, 15:42:11] - Terminating Process: IEXPLORE.EXE
    [06/27/2007, 15:42:11] - Terminating Process: RUNDLL32.EXE
    [06/27/2007, 15:42:11] - Disabling Automatic Shell Restart
    [06/27/2007, 15:42:11] - Terminating Process: EXPLORER.EXE
    [06/27/2007, 15:42:11] - Suspending the NT Session Manager System Service
    [06/27/2007, 15:42:11] - Terminating Windows NT Logon/Logoff Manager
    [06/27/2007, 15:42:12] - Re-enabling Automatic Shell Restart
    [06/27/2007, 15:42:12] - File to disable: C:\WINDOWS\system32\tuvspqn.dll
    [06/27/2007, 15:42:12] - Renaming C:\WINDOWS\system32\tuvspqn.dll -> C:\WINDOWS\system32\tuvspqn.dll.vir
    [06/27/2007, 15:42:12] - File successfully renamed!
    [06/27/2007, 15:42:12] - Removing HKLM\...\Browser Helper Objects\{7C24493F-3D23-4258-9426-42C5FC3B8211}
    [06/27/2007, 15:42:12] - Removing HKCR\CLSID\{7C24493F-3D23-4258-9426-42C5FC3B8211}
    [06/27/2007, 15:42:12] - Adding Kill Bit for ActiveX for GUID: {7C24493F-3D23-4258-9426-42C5FC3B8211}
    [06/27/2007, 15:42:12] - Deleting ATLEvents/MSEvents Registry entries
    [06/27/2007, 15:42:12] - Removing HKLM\...\Winlogon\Notify\tuvspqn
    [06/27/2007, 15:42:12] - Searching for Browser Helper Objects:
    [06/27/2007, 15:42:12] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [06/27/2007, 15:42:12] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/27/2007, 15:42:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:12] - Checking for HKLM\...\Winlogon\Notify\ubitnpay
    [06/27/2007, 15:42:12] - Key not found: HKLM\...\Winlogon\Notify\ubitnpay, continuing.
    [06/27/2007, 15:42:12] - BHO 3: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/27/2007, 15:42:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:12] - Checking for HKLM\...\Winlogon\Notify\ssttq
    [06/27/2007, 15:42:12] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
    [06/27/2007, 15:42:12] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/27/2007, 15:42:12] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/27/2007, 15:42:12] - Finished Searching Browser Helper Objects
    [06/27/2007, 15:42:12] - Finishing up...
    [06/27/2007, 15:42:12] - A restart is needed.
    [06/27/2007, 15:42:24] - Attempting to Restart via STOP error (Blue Screen!)

    [06/28/2007, 18:52:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [06/28/2007, 18:52:44] - Detected System Information:
    [06/28/2007, 18:52:44] - Windows Version: 5.1.2600, Service Pack 2
    [06/28/2007, 18:52:44] - Current Username: Propriétaire (Admin)
    [06/28/2007, 18:52:44] - Windows is in NORMAL mode.
    [06/28/2007, 18:52:44] - Searching for Browser Helper Objects:
    [06/28/2007, 18:52:44] - BHO 1: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/28/2007, 18:52:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 18:52:44] - Checking for HKLM\...\Winlogon\Notify\ubitnpay
    [06/28/2007, 18:52:44] - Key not found: HKLM\...\Winlogon\Notify\ubitnpay, continuing.
    [06/28/2007, 18:52:44] - BHO 2: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/28/2007, 18:52:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 18:52:44] - No filename found. Continuing.
    [06/28/2007, 18:52:44] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 18:52:44] - BHO 4: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 18:52:44] - Finished Searching Browser Helper Objects
    [06/28/2007, 18:52:44] - Finishing up...
    [06/28/2007, 18:52:44] - Nothing found! Exiting...

    [06/28/2007, 22:18:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [06/28/2007, 22:18:59] - Detected System Information:
    [06/28/2007, 22:18:59] - Windows Version: 5.1.2600, Service Pack 2
    [06/28/2007, 22:18:59] - Current Username: Propriétaire (Admin)
    [06/28/2007, 22:18:59] - Windows is in NORMAL mode.
    [06/28/2007, 22:18:59] - Searching for Browser Helper Objects:
    [06/28/2007, 22:18:59] - BHO 1: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/28/2007, 22:18:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 22:18:59] - No filename found. Continuing.
    [06/28/2007, 22:18:59] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 22:19:00] - BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 22:19:00] - Finished Searching Browser Helper Objects
    [06/28/2007, 22:19:00] - Finishing up...
    [06/28/2007, 22:19:00] - Nothing found! Exiting...
    0
  20. Brittany
     
    rapp virtueldu monde

    [06/27/2007, 15:42:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [06/27/2007, 15:42:09] - Detected System Information:
    [06/27/2007, 15:42:09] - Windows Version: 5.1.2600, Service Pack 2
    [06/27/2007, 15:42:09] - Current Username: Propriétaire (Admin)
    [06/27/2007, 15:42:09] - Windows is in SAFE mode with Networking.
    [06/27/2007, 15:42:09] - Searching for Browser Helper Objects:
    [06/27/2007, 15:42:09] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [06/27/2007, 15:42:09] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/27/2007, 15:42:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:09] - Checking for HKLM\...\Winlogon\Notify\ubitnpay
    [06/27/2007, 15:42:09] - Key not found: HKLM\...\Winlogon\Notify\ubitnpay, continuing.
    [06/27/2007, 15:42:09] - BHO 3: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/27/2007, 15:42:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:09] - Checking for HKLM\...\Winlogon\Notify\ssttq
    [06/27/2007, 15:42:09] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
    [06/27/2007, 15:42:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/27/2007, 15:42:09] - BHO 5: {7C24493F-3D23-4258-9426-42C5FC3B8211} ()
    [06/27/2007, 15:42:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:09] - Checking for HKLM\...\Winlogon\Notify\tuvspqn
    [06/27/2007, 15:42:09] - Found: HKLM\...\Winlogon\Notify\tuvspqn - This is probably Virtumundo.
    [06/27/2007, 15:42:09] - Assigning {7C24493F-3D23-4258-9426-42C5FC3B8211} MSEvents Object
    [06/27/2007, 15:42:09] - BHO list has been changed! Starting over...
    [06/27/2007, 15:42:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [06/27/2007, 15:42:10] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/27/2007, 15:42:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:10] - Checking for HKLM\...\Winlogon\Notify\ubitnpay
    [06/27/2007, 15:42:10] - Key not found: HKLM\...\Winlogon\Notify\ubitnpay, continuing.
    [06/27/2007, 15:42:10] - BHO 3: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/27/2007, 15:42:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:10] - Checking for HKLM\...\Winlogon\Notify\ssttq
    [06/27/2007, 15:42:10] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
    [06/27/2007, 15:42:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/27/2007, 15:42:10] - BHO 5: {7C24493F-3D23-4258-9426-42C5FC3B8211} (MSEvents Object)
    [06/27/2007, 15:42:10] - ALERT: Found MSEvents Object!
    [06/27/2007, 15:42:10] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/27/2007, 15:42:10] - Finished Searching Browser Helper Objects
    [06/27/2007, 15:42:10] - *** Detected MSEvents Object
    [06/27/2007, 15:42:10] - Trying to remove MSEvents Object...
    [06/27/2007, 15:42:11] - Terminating Process: IEXPLORE.EXE
    [06/27/2007, 15:42:11] - Terminating Process: RUNDLL32.EXE
    [06/27/2007, 15:42:11] - Disabling Automatic Shell Restart
    [06/27/2007, 15:42:11] - Terminating Process: EXPLORER.EXE
    [06/27/2007, 15:42:11] - Suspending the NT Session Manager System Service
    [06/27/2007, 15:42:11] - Terminating Windows NT Logon/Logoff Manager
    [06/27/2007, 15:42:12] - Re-enabling Automatic Shell Restart
    [06/27/2007, 15:42:12] - File to disable: C:\WINDOWS\system32\tuvspqn.dll
    [06/27/2007, 15:42:12] - Renaming C:\WINDOWS\system32\tuvspqn.dll -> C:\WINDOWS\system32\tuvspqn.dll.vir
    [06/27/2007, 15:42:12] - File successfully renamed!
    [06/27/2007, 15:42:12] - Removing HKLM\...\Browser Helper Objects\{7C24493F-3D23-4258-9426-42C5FC3B8211}
    [06/27/2007, 15:42:12] - Removing HKCR\CLSID\{7C24493F-3D23-4258-9426-42C5FC3B8211}
    [06/27/2007, 15:42:12] - Adding Kill Bit for ActiveX for GUID: {7C24493F-3D23-4258-9426-42C5FC3B8211}
    [06/27/2007, 15:42:12] - Deleting ATLEvents/MSEvents Registry entries
    [06/27/2007, 15:42:12] - Removing HKLM\...\Winlogon\Notify\tuvspqn
    [06/27/2007, 15:42:12] - Searching for Browser Helper Objects:
    [06/27/2007, 15:42:12] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [06/27/2007, 15:42:12] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/27/2007, 15:42:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:12] - Checking for HKLM\...\Winlogon\Notify\ubitnpay
    [06/27/2007, 15:42:12] - Key not found: HKLM\...\Winlogon\Notify\ubitnpay, continuing.
    [06/27/2007, 15:42:12] - BHO 3: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/27/2007, 15:42:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/27/2007, 15:42:12] - Checking for HKLM\...\Winlogon\Notify\ssttq
    [06/27/2007, 15:42:12] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
    [06/27/2007, 15:42:12] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/27/2007, 15:42:12] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/27/2007, 15:42:12] - Finished Searching Browser Helper Objects
    [06/27/2007, 15:42:12] - Finishing up...
    [06/27/2007, 15:42:12] - A restart is needed.
    [06/27/2007, 15:42:24] - Attempting to Restart via STOP error (Blue Screen!)

    [06/28/2007, 18:52:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [06/28/2007, 18:52:44] - Detected System Information:
    [06/28/2007, 18:52:44] - Windows Version: 5.1.2600, Service Pack 2
    [06/28/2007, 18:52:44] - Current Username: Propriétaire (Admin)
    [06/28/2007, 18:52:44] - Windows is in NORMAL mode.
    [06/28/2007, 18:52:44] - Searching for Browser Helper Objects:
    [06/28/2007, 18:52:44] - BHO 1: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/28/2007, 18:52:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 18:52:44] - Checking for HKLM\...\Winlogon\Notify\ubitnpay
    [06/28/2007, 18:52:44] - Key not found: HKLM\...\Winlogon\Notify\ubitnpay, continuing.
    [06/28/2007, 18:52:44] - BHO 2: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/28/2007, 18:52:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 18:52:44] - No filename found. Continuing.
    [06/28/2007, 18:52:44] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 18:52:44] - BHO 4: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 18:52:44] - Finished Searching Browser Helper Objects
    [06/28/2007, 18:52:44] - Finishing up...
    [06/28/2007, 18:52:44] - Nothing found! Exiting...

    [06/28/2007, 22:18:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [06/28/2007, 22:18:59] - Detected System Information:
    [06/28/2007, 22:18:59] - Windows Version: 5.1.2600, Service Pack 2
    [06/28/2007, 22:18:59] - Current Username: Propriétaire (Admin)
    [06/28/2007, 22:18:59] - Windows is in NORMAL mode.
    [06/28/2007, 22:18:59] - Searching for Browser Helper Objects:
    [06/28/2007, 22:18:59] - BHO 1: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/28/2007, 22:18:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 22:18:59] - No filename found. Continuing.
    [06/28/2007, 22:18:59] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 22:19:00] - BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 22:19:00] - Finished Searching Browser Helper Objects
    [06/28/2007, 22:19:00] - Finishing up...
    [06/28/2007, 22:19:00] - Nothing found! Exiting...

    [06/28/2007, 22:27:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [06/28/2007, 22:27:33] - User choose NOT to continue. Exiting...

    [06/28/2007, 22:41:13] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [06/28/2007, 22:41:15] - Detected System Information:
    [06/28/2007, 22:41:15] - Windows Version: 5.1.2600, Service Pack 2
    [06/28/2007, 22:41:15] - Current Username: Propriétaire (Admin)
    [06/28/2007, 22:41:15] - Windows is in NORMAL mode.
    [06/28/2007, 22:41:15] - Searching for Browser Helper Objects:
    [06/28/2007, 22:41:15] - BHO 1: {741D2E5C-340B-4129-AA58-A0557189A0B8} ()
    [06/28/2007, 22:41:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 22:41:15] - No filename found. Continuing.
    [06/28/2007, 22:41:15] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 22:41:15] - BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 22:41:15] - Finished Searching Browser Helper Objects
    [06/28/2007, 22:41:15] - Finishing up...
    [06/28/2007, 22:41:15] - Nothing found! Exiting...
    0
  • 1
  • 2
  • 3
  • 4