Sujet Précédent Sujet Suivant

Virus msn tres incommodant

Fermé
marie-jeanne - 9 juil. 2007 à 21:32
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 13 juil. 2007 à 20:47
J'ai un probleme avec mon msn, quand je me connecte un message est envoyé a tout mes contacts en ligne c'est un site internet différent a chaque fois et qui nexisite pas et apres l'avoir envoyé une fois a tout le monde, il recomence indéfiniment en bogguant mon ordinateur, ce qui fait quil est impossible de me connecter...sur mon bureau il y a un icone qui a apparu sous un nom comme tss et lorsque je met ma sourit dessus il est écrit que ca s'appelle emergy development. Si je le suprime il fini part réaparaitre sous un autre nom comme tet ou pra, vous voyez le genre donc j'imagine que c'est ca le virus et j'aimerai vraiment trouver un moyen pour l'enlever...svp aidez moi!
A voir également:

10 réponses

Réponse 1 / 10
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
9 juil. 2007 à 21:46
BONJOUR


Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, exécutez l'option N.
--- Sauvegardez ce rapport puis faites un copier/coller de ce rapport sur le forum, ainsi qu'un nouveau scan HijackThis fait en mode normal.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
Télécharge HijackThis ici:
https://www.01net.com/

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)

http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

0
Réponse 2 / 10
marie-jeanne
9 juil. 2007 à 22:13
MSN_Fix 1.333

C:\Documents and Settings\Sarah-Chan\Mes documents\MSNFix\MSNFix
Fix exécuté le 2007-07-09 - 15:03:29,10 By Sarah-Chan
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\_default.pif

************************ Recherche les dossiers présents

... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\_default.pif


************************ Suppression des dossiers

.. OK ... C:\Temp\


************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2007-07-09_15042821.zip






Logfile of HijackThis v1.99.1
Scan saved at 16:11:17, on 2007-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ribmrbhp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\SARAH-~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webshots.com/r/internal/start/client/RAND
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jubuuskg.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm037YYCA
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?01e2d752f2874ec19635c86332cb2cc3
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?01e2d752f2874ec19635c86332cb2cc3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah-Chan\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://devillove002.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-caf.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ribmrbhp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe


voila!
0
Réponse 3 / 10
marie-jeanne
10 juil. 2007 à 06:36
allo...?
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
10 juil. 2007 à 09:28
Slt

C:\DOCUME~1\SARAH-~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe


Il est mal placé.
Tu le supprimes et tu le refais comme indiqué si dessus
Enregistre le bien dans c : !
0
Réponse 4 / 10
marie-jeanne
10 juil. 2007 à 18:29
oups desoler...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:28:01, on 2007-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ribmrbhp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webshots.com/r/internal/start/client/RAND
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\yafhftxm.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: (no name) - {59BFECE4-F3C8-45E7-B281-FCAFC1ECA7BA} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\qommjgd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C0928C44-ACFF-4155-B477-D71DDF9FC000} - C:\WINDOWS\system32\ddabc.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\eulhxcpd.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm037YYCA
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?01e2d752f2874ec19635c86332cb2cc3
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?01e2d752f2874ec19635c86332cb2cc3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah-Chan\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://devillove002.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-caf.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: qommjgd - C:\WINDOWS\SYSTEM32\qommjgd.dll
O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ribmrbhp.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
10 juil. 2007 à 18:34
Re

Supprime "My Web Search" dans ajout supp des programme

ensuite
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
0
Réponse 6 / 10
marie jeanne
11 juil. 2007 à 03:56
le programme a mit les fichiers dans un dossier nommé vundofix.backups est ce que je doit les supprimer?






VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 21:32:55 2007-07-10

Listing files found while scanning....

C:\windows\system32\aemxyhaw.exe
C:\windows\system32\akvmolua.dll
C:\windows\system32\alaurugk.exe
C:\windows\system32\aulomvka.ini
C:\windows\system32\awtqpqr.dll
C:\windows\system32\awtrqno.dll
C:\windows\system32\awtrrrp.dll
C:\windows\system32\awtsqqq.dll
C:\windows\system32\awtstqp.dll
C:\windows\system32\awttqom.dll
C:\windows\system32\baxuhjpx.ini
C:\windows\system32\bdloxqbj.exe
C:\windows\system32\bqasyutl.exe
C:\windows\system32\byxurst.dll
C:\windows\system32\byxvsqr.dll
C:\windows\system32\byxwvwv.dll
C:\windows\system32\byxwxwu.dll
C:\windows\system32\byxxuut.dll
C:\windows\system32\byxxwtr.dll
C:\windows\system32\byxxxxx.dll
C:\windows\system32\byxyvut.dll
C:\windows\system32\cbxxusr.dll
C:\windows\system32\cbxxxxw.dll
C:\windows\system32\cbxyvtu.dll
C:\windows\system32\cbxywxu.dll
C:\windows\system32\cbxyyxx.dll
C:\windows\system32\ckhqxhik.ini
C:\windows\system32\ddcaaay.dll
C:\windows\system32\ddcbbax.dll
C:\windows\system32\ddcbbyw.dll
C:\windows\system32\ddcyaxv.dll
C:\windows\system32\dhmqxcoh.dll
C:\WINDOWS\system32\dpcxhlue.ini
C:\windows\system32\efcbxvv.dll
C:\windows\system32\efcccdb.dll
C:\windows\system32\efccdca.dll
C:\windows\system32\efcdcyv.dll
C:\windows\system32\efcdddc.dll
C:\windows\system32\efcyvst.dll
C:\WINDOWS\system32\eulhxcpd.dll
C:\windows\system32\fccaaab.dll
C:\windows\system32\fccbcdc.dll
C:\windows\system32\fccdcbb.dll
C:\windows\system32\fccyaaw.dll
C:\windows\system32\fpkefmsn.dll
C:\windows\system32\frwgbphj.exe
C:\windows\system32\gebaawu.dll
C:\windows\system32\gebawxu.dll
C:\windows\system32\gebayxy.dll
C:\windows\system32\gebbbbc.dll
C:\windows\system32\gebyvur.dll
C:\windows\system32\gebyywu.dll
C:\windows\system32\gebyyxv.dll
C:\windows\system32\gksuubuj.ini
C:\windows\system32\gnqdafxv.exe
C:\windows\system32\hggeefg.dll
C:\windows\system32\hggfcay.dll
C:\windows\system32\hggfdef.dll
C:\windows\system32\hggghhf.dll
C:\windows\system32\hggheff.dll
C:\windows\system32\hlqubcff.exe
C:\windows\system32\hocxqmhd.ini
C:\windows\system32\iayggtxu.exe
C:\windows\system32\iifdbax.dll
C:\windows\system32\iifefda.dll
C:\windows\system32\iifgdba.dll
C:\windows\system32\iifgddd.dll
C:\windows\system32\iifghfe.dll
C:\windows\system32\irbvdged.exe
C:\windows\system32\jbhcuxrs.exe
C:\windows\system32\jkkhfda.dll
C:\windows\system32\jkkhghf.dll
C:\windows\system32\jkkihec.dll
C:\windows\system32\jkkiihi.dll
C:\windows\system32\jkkjjhe.dll
C:\windows\system32\jrsugfnh.exe
C:\windows\system32\jubuuskg.dll
C:\windows\system32\juypubfl.ini
C:\windows\system32\khccvtcu.dll
C:\windows\system32\khfcaaw.dll
C:\windows\system32\khfcabc.dll
C:\windows\system32\khfdbay.dll
C:\windows\system32\khffdde.dll
C:\windows\system32\khfffgf.dll
C:\windows\system32\khffgda.dll
C:\windows\system32\khfgeeb.dll
C:\windows\system32\khfgfcb.dll
C:\windows\system32\khfgfgd.dll
C:\windows\system32\kihxqhkc.dll
C:\windows\system32\lfbupyuj.dll
C:\windows\system32\ljjgdbb.dll
C:\windows\system32\ljjgghh.dll
C:\windows\system32\ljjhijj.dll
C:\windows\system32\ljjiigh.dll
C:\windows\system32\ljjiiii.dll
C:\windows\system32\ljjijhi.dll
C:\windows\system32\ljjijkj.dll
C:\windows\system32\ljjjkif.dll
C:\windows\system32\ljjkkhe.dll
C:\windows\system32\ljjkklj.dll
C:\windows\system32\mjcsqaan.dll
C:\windows\system32\mljgfdb.dll
C:\windows\system32\mljghhg.dll
C:\windows\system32\mljifef.dll
C:\windows\system32\mljihgf.dll
C:\windows\system32\mljjhhi.dll
C:\windows\system32\naaqscjm.ini
C:\windows\system32\nilcvqrw.ini
C:\windows\system32\nnnklji.dll
C:\windows\system32\nnnklli.dll
C:\windows\system32\nnnlmmj.dll
C:\windows\system32\nnnmnmj.dll
C:\windows\system32\nnnnlmm.dll
C:\windows\system32\nnnolkj.dll
C:\windows\system32\nsmfekpf.ini
C:\windows\system32\opnkhee.dll
C:\windows\system32\opnkjgd.dll
C:\windows\system32\opnlmkl.dll
C:\windows\system32\opnlmlj.dll
C:\windows\system32\opnmjgf.dll
C:\windows\system32\opnmmno.dll
C:\windows\system32\opnnlli.dll
C:\windows\system32\opnnllj.dll
C:\windows\system32\opnnmnn.dll
C:\windows\system32\opnnnml.dll
C:\windows\system32\pmnkjkj.dll
C:\windows\system32\pmnlifc.dll
C:\windows\system32\pmnlmll.dll
C:\windows\system32\pmnmljk.dll
C:\windows\system32\pmnmlmk.dll
C:\windows\system32\pmnmmmk.dll
C:\windows\system32\pmnnnnn.dll
C:\windows\system32\prqmeacq.exe
C:\windows\system32\pyeweajk.exe
C:\windows\system32\qomjhhf.dll
C:\windows\system32\qomkjhh.dll
C:\windows\system32\qomkkll.dll
C:\windows\system32\qomliif.dll
C:\windows\system32\qomlmnl.dll
C:\WINDOWS\system32\qommjgd.dll
C:\windows\system32\qqjhkstx.ini
C:\windows\system32\ribmrbhp.exe
C:\windows\system32\rqrolmj.dll
C:\windows\system32\rqroolm.dll
C:\windows\system32\rqrpnno.dll
C:\windows\system32\rqrqqnn.dll
C:\windows\system32\rqrrqqo.dll
C:\windows\system32\rqrsssp.dll
C:\windows\system32\rqrsttu.dll
C:\windows\system32\rvacvxdw.ini
C:\windows\system32\ssqnmno.dll
C:\windows\system32\ssqolif.dll
C:\windows\system32\ssqpqqo.dll
C:\windows\system32\ssqqnoo.dll
C:\windows\system32\ssqqpnn.dll
C:\windows\system32\ssqqppp.dll
C:\windows\system32\ssqronm.dll
C:\windows\system32\ssqrpom.dll
C:\WINDOWS\system32\ssttu.dll
C:\windows\system32\tuvsrop.dll
C:\windows\system32\tuvsrpp.dll
C:\windows\system32\tuvsrrp.dll
C:\windows\system32\tuvtqrq.dll
C:\windows\system32\tuvutqn.dll
C:\windows\system32\tuvuvwu.dll
C:\windows\system32\tuvwutr.dll
C:\windows\system32\tuvwwwu.dll
C:\windows\system32\uctvcchk.ini
C:\windows\system32\uggngtkd.exe
C:\windows\system32\uqlmolhc.exe
C:\windows\system32\urqnlmj.dll
C:\windows\system32\urqnlmm.dll
C:\windows\system32\urqponn.dll
C:\windows\system32\urqpppo.dll
C:\windows\system32\urqpqom.dll
C:\windows\system32\urqqnml.dll
C:\windows\system32\urqqopn.dll
C:\windows\system32\urqrrop.dll
C:\windows\system32\uttss.bak1
C:\windows\system32\uttss.bak2
C:\windows\system32\uttss.ini
C:\windows\system32\uttss.ini2
C:\windows\system32\uttss.tmp
C:\windows\system32\vfmnqllr.exe
C:\windows\system32\vturqqn.dll
C:\windows\system32\vtuspnm.dll
C:\windows\system32\vtutttr.dll
C:\windows\system32\vtuussp.dll
C:\windows\system32\vtuusst.dll
C:\windows\system32\vtuvsqq.dll
C:\windows\system32\vtuvutt.dll
C:\windows\system32\wdxvcavr.dll
C:\windows\system32\wqosqedb.exe
C:\windows\system32\wrqvclin.dll
C:\windows\system32\wvuuvtr.dll
C:\windows\system32\xpjhuxab.dll
C:\windows\system32\xtskhjqq.dll
C:\windows\system32\xxyabcy.dll
C:\windows\system32\xxyxvsr.dll
C:\windows\system32\xxyywuv.dll
C:\WINDOWS\system32\yafhftxm.dll
C:\windows\system32\yayabxx.dll
C:\windows\system32\yayvvuu.dll
C:\windows\system32\yaywtsq.dll
C:\windows\system32\yaywvsr.dll
C:\windows\system32\yaywwwv.dll
C:\windows\system32\yayxvtr.dll
C:\windows\system32\yeupwawr.exe
C:\windows\system32\ytdijykp.exe

Beginning removal...

Attempting to delete C:\windows\system32\aemxyhaw.exe
C:\windows\system32\aemxyhaw.exe Has been deleted!

Attempting to delete C:\windows\system32\akvmolua.dll
C:\windows\system32\akvmolua.dll Has been deleted!

Attempting to delete C:\windows\system32\alaurugk.exe
C:\windows\system32\alaurugk.exe Has been deleted!

Attempting to delete C:\windows\system32\aulomvka.ini
C:\windows\system32\aulomvka.ini Has been deleted!

Attempting to delete C:\windows\system32\awtqpqr.dll
C:\windows\system32\awtqpqr.dll Has been deleted!

Attempting to delete C:\windows\system32\awtrqno.dll
C:\windows\system32\awtrqno.dll Has been deleted!

Attempting to delete C:\windows\system32\awtrrrp.dll
C:\windows\system32\awtrrrp.dll Has been deleted!

Attempting to delete C:\windows\system32\awtsqqq.dll
C:\windows\system32\awtsqqq.dll Has been deleted!

Attempting to delete C:\windows\system32\awtstqp.dll
C:\windows\system32\awtstqp.dll Has been deleted!

Attempting to delete C:\windows\system32\awttqom.dll
C:\windows\system32\awttqom.dll Has been deleted!

Attempting to delete C:\windows\system32\baxuhjpx.ini
C:\windows\system32\baxuhjpx.ini Has been deleted!

Attempting to delete C:\windows\system32\bdloxqbj.exe
C:\windows\system32\bdloxqbj.exe Has been deleted!

Attempting to delete C:\windows\system32\bqasyutl.exe
C:\windows\system32\bqasyutl.exe Has been deleted!

Attempting to delete C:\windows\system32\byxurst.dll
C:\windows\system32\byxurst.dll Has been deleted!

Attempting to delete C:\windows\system32\byxvsqr.dll
C:\windows\system32\byxvsqr.dll Has been deleted!

Attempting to delete C:\windows\system32\byxwvwv.dll
C:\windows\system32\byxwvwv.dll Has been deleted!

Attempting to delete C:\windows\system32\byxwxwu.dll
C:\windows\system32\byxwxwu.dll Has been deleted!

Attempting to delete C:\windows\system32\byxxuut.dll
C:\windows\system32\byxxuut.dll Has been deleted!

Attempting to delete C:\windows\system32\byxxwtr.dll
C:\windows\system32\byxxwtr.dll Has been deleted!

Attempting to delete C:\windows\system32\byxxxxx.dll
C:\windows\system32\byxxxxx.dll Has been deleted!

Attempting to delete C:\windows\system32\byxyvut.dll
C:\windows\system32\byxyvut.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxxusr.dll
C:\windows\system32\cbxxusr.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxxxxw.dll
C:\windows\system32\cbxxxxw.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxyvtu.dll
C:\windows\system32\cbxyvtu.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxywxu.dll
C:\windows\system32\cbxywxu.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxyyxx.dll
C:\windows\system32\cbxyyxx.dll Has been deleted!

Attempting to delete C:\windows\system32\ckhqxhik.ini
C:\windows\system32\ckhqxhik.ini Has been deleted!

Attempting to delete C:\windows\system32\ddcaaay.dll
C:\windows\system32\ddcaaay.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcbbax.dll
C:\windows\system32\ddcbbax.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcbbyw.dll
C:\windows\system32\ddcbbyw.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyaxv.dll
C:\windows\system32\ddcyaxv.dll Has been deleted!

Attempting to delete C:\windows\system32\dhmqxcoh.dll
C:\windows\system32\dhmqxcoh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dpcxhlue.ini
C:\WINDOWS\system32\dpcxhlue.ini Has been deleted!

Attempting to delete C:\windows\system32\efcbxvv.dll
C:\windows\system32\efcbxvv.dll Has been deleted!

Attempting to delete C:\windows\system32\efcccdb.dll
C:\windows\system32\efcccdb.dll Has been deleted!

Attempting to delete C:\windows\system32\efccdca.dll
C:\windows\system32\efccdca.dll Has been deleted!

Attempting to delete C:\windows\system32\efcdcyv.dll
C:\windows\system32\efcdcyv.dll Has been deleted!

Attempting to delete C:\windows\system32\efcdddc.dll
C:\windows\system32\efcdddc.dll Has been deleted!

Attempting to delete C:\windows\system32\efcyvst.dll
C:\windows\system32\efcyvst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eulhxcpd.dll
C:\WINDOWS\system32\eulhxcpd.dll Has been deleted!

Attempting to delete C:\windows\system32\fccaaab.dll
C:\windows\system32\fccaaab.dll Has been deleted!

Attempting to delete C:\windows\system32\fccbcdc.dll
C:\windows\system32\fccbcdc.dll Has been deleted!

Attempting to delete C:\windows\system32\fccdcbb.dll
C:\windows\system32\fccdcbb.dll Has been deleted!

Attempting to delete C:\windows\system32\fccyaaw.dll
C:\windows\system32\fccyaaw.dll Has been deleted!

Attempting to delete C:\windows\system32\fpkefmsn.dll
C:\windows\system32\fpkefmsn.dll Has been deleted!

Attempting to delete C:\windows\system32\frwgbphj.exe
C:\windows\system32\frwgbphj.exe Has been deleted!

Attempting to delete C:\windows\system32\gebaawu.dll
C:\windows\system32\gebaawu.dll Has been deleted!

Attempting to delete C:\windows\system32\gebawxu.dll
C:\windows\system32\gebawxu.dll Has been deleted!

Attempting to delete C:\windows\system32\gebayxy.dll
C:\windows\system32\gebayxy.dll Has been deleted!

Attempting to delete C:\windows\system32\gebbbbc.dll
C:\windows\system32\gebbbbc.dll Has been deleted!

Attempting to delete C:\windows\system32\gebyvur.dll
C:\windows\system32\gebyvur.dll Has been deleted!

Attempting to delete C:\windows\system32\gebyywu.dll
C:\windows\system32\gebyywu.dll Has been deleted!

Attempting to delete C:\windows\system32\gebyyxv.dll
C:\windows\system32\gebyyxv.dll Has been deleted!

Attempting to delete C:\windows\system32\gksuubuj.ini
C:\windows\system32\gksuubuj.ini Has been deleted!

Attempting to delete C:\windows\system32\gnqdafxv.exe
C:\windows\system32\gnqdafxv.exe Has been deleted!

Attempting to delete C:\windows\system32\hggeefg.dll
C:\windows\system32\hggeefg.dll Has been deleted!

Attempting to delete C:\windows\system32\hggfcay.dll
C:\windows\system32\hggfcay.dll Has been deleted!

Attempting to delete C:\windows\system32\hggfdef.dll
C:\windows\system32\hggfdef.dll Has been deleted!

Attempting to delete C:\windows\system32\hggghhf.dll
C:\windows\system32\hggghhf.dll Has been deleted!

Attempting to delete C:\windows\system32\hggheff.dll
C:\windows\system32\hggheff.dll Has been deleted!

Attempting to delete C:\windows\system32\hlqubcff.exe
C:\windows\system32\hlqubcff.exe Has been deleted!

Attempting to delete C:\windows\system32\hocxqmhd.ini
C:\windows\system32\hocxqmhd.ini Has been deleted!

Attempting to delete C:\windows\system32\iayggtxu.exe
C:\windows\system32\iayggtxu.exe Has been deleted!

Attempting to delete C:\windows\system32\iifdbax.dll
C:\windows\system32\iifdbax.dll Has been deleted!

Attempting to delete C:\windows\system32\iifefda.dll
C:\windows\system32\iifefda.dll Has been deleted!

Attempting to delete C:\windows\system32\iifgdba.dll
C:\windows\system32\iifgdba.dll Has been deleted!

Attempting to delete C:\windows\system32\iifgddd.dll
C:\windows\system32\iifgddd.dll Has been deleted!

Attempting to delete C:\windows\system32\iifghfe.dll
C:\windows\system32\iifghfe.dll Has been deleted!

Attempting to delete C:\windows\system32\irbvdged.exe
C:\windows\system32\irbvdged.exe Has been deleted!

Attempting to delete C:\windows\system32\jbhcuxrs.exe
C:\windows\system32\jbhcuxrs.exe Has been deleted!

Attempting to delete C:\windows\system32\jkkhfda.dll
C:\windows\system32\jkkhfda.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkhghf.dll
C:\windows\system32\jkkhghf.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkihec.dll
C:\windows\system32\jkkihec.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkiihi.dll
C:\windows\system32\jkkiihi.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkjjhe.dll
C:\windows\system32\jkkjjhe.dll Has been deleted!

Attempting to delete C:\windows\system32\jrsugfnh.exe
C:\windows\system32\jrsugfnh.exe Has been deleted!

Attempting to delete C:\windows\system32\jubuuskg.dll
C:\windows\system32\jubuuskg.dll Has been deleted!

Attempting to delete C:\windows\system32\juypubfl.ini
C:\windows\system32\juypubfl.ini Has been deleted!

Attempting to delete C:\windows\system32\khccvtcu.dll
C:\windows\system32\khccvtcu.dll Has been deleted!

Attempting to delete C:\windows\system32\khfcaaw.dll
C:\windows\system32\khfcaaw.dll Has been deleted!

Attempting to delete C:\windows\system32\khfcabc.dll
C:\windows\system32\khfcabc.dll Has been deleted!

Attempting to delete C:\windows\system32\khfdbay.dll
C:\windows\system32\khfdbay.dll Has been deleted!

Attempting to delete C:\windows\system32\khffdde.dll
C:\windows\system32\khffdde.dll Has been deleted!

Attempting to delete C:\windows\system32\khfffgf.dll
C:\windows\system32\khfffgf.dll Has been deleted!

Attempting to delete C:\windows\system32\khffgda.dll
C:\windows\system32\khffgda.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgeeb.dll
C:\windows\system32\khfgeeb.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgfcb.dll
C:\windows\system32\khfgfcb.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgfgd.dll
C:\windows\system32\khfgfgd.dll Has been deleted!

Attempting to delete C:\windows\system32\kihxqhkc.dll
C:\windows\system32\kihxqhkc.dll Has been deleted!

Attempting to delete C:\windows\system32\lfbupyuj.dll
C:\windows\system32\lfbupyuj.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjgdbb.dll
C:\windows\system32\ljjgdbb.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjgghh.dll
C:\windows\system32\ljjgghh.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjhijj.dll
C:\windows\system32\ljjhijj.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjiigh.dll
C:\windows\system32\ljjiigh.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjiiii.dll
C:\windows\system32\ljjiiii.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjijhi.dll
C:\windows\system32\ljjijhi.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjijkj.dll
C:\windows\system32\ljjijkj.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjjkif.dll
C:\windows\system32\ljjjkif.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjkkhe.dll
C:\windows\system32\ljjkkhe.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjkklj.dll
C:\windows\system32\ljjkklj.dll Has been deleted!

Attempting to delete C:\windows\system32\mjcsqaan.dll
C:\windows\system32\mjcsqaan.dll Has been deleted!

Attempting to delete C:\windows\system32\mljgfdb.dll
C:\windows\system32\mljgfdb.dll Has been deleted!

Attempting to delete C:\windows\system32\mljghhg.dll
C:\windows\system32\mljghhg.dll Has been deleted!

Attempting to delete C:\windows\system32\mljifef.dll
C:\windows\system32\mljifef.dll Has been deleted!

Attempting to delete C:\windows\system32\mljihgf.dll
C:\windows\system32\mljihgf.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjhhi.dll
C:\windows\system32\mljjhhi.dll Has been deleted!

Attempting to delete C:\windows\system32\naaqscjm.ini
C:\windows\system32\naaqscjm.ini Has been deleted!

Attempting to delete C:\windows\system32\nilcvqrw.ini
C:\windows\system32\nilcvqrw.ini Has been deleted!

Attempting to delete C:\windows\system32\nnnklji.dll
C:\windows\system32\nnnklji.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnklli.dll
C:\windows\system32\nnnklli.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnlmmj.dll
C:\windows\system32\nnnlmmj.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnmnmj.dll
C:\windows\system32\nnnmnmj.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnnlmm.dll
C:\windows\system32\nnnnlmm.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnolkj.dll
C:\windows\system32\nnnolkj.dll Has been deleted!

Attempting to delete C:\windows\system32\nsmfekpf.ini
C:\windows\system32\nsmfekpf.ini Has been deleted!

Attempting to delete C:\windows\system32\opnkhee.dll
C:\windows\system32\opnkhee.dll Has been deleted!

Attempting to delete C:\windows\system32\opnkjgd.dll
C:\windows\system32\opnkjgd.dll Has been deleted!

Attempting to delete C:\windows\system32\opnlmkl.dll
C:\windows\system32\opnlmkl.dll Has been deleted!

Attempting to delete C:\windows\system32\opnlmlj.dll
C:\windows\system32\opnlmlj.dll Has been deleted!

Attempting to delete C:\windows\system32\opnmjgf.dll
C:\windows\system32\opnmjgf.dll Has been deleted!

Attempting to delete C:\windows\system32\opnmmno.dll
C:\windows\system32\opnmmno.dll Has been deleted!

Attempting to delete C:\windows\system32\opnnlli.dll
C:\windows\system32\opnnlli.dll Has been deleted!

Attempting to delete C:\windows\system32\opnnllj.dll
C:\windows\system32\opnnllj.dll Has been deleted!

Attempting to delete C:\windows\system32\opnnmnn.dll
C:\windows\system32\opnnmnn.dll Has been deleted!

Attempting to delete C:\windows\system32\opnnnml.dll
C:\windows\system32\opnnnml.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnkjkj.dll
C:\windows\system32\pmnkjkj.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnlifc.dll
C:\windows\system32\pmnlifc.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnlmll.dll
C:\windows\system32\pmnlmll.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnmljk.dll
C:\windows\system32\pmnmljk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnmlmk.dll
C:\windows\system32\pmnmlmk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnmmmk.dll
C:\windows\system32\pmnmmmk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnnnnn.dll
C:\windows\system32\pmnnnnn.dll Has been deleted!

Attempting to delete C:\windows\system32\prqmeacq.exe
C:\windows\system32\prqmeacq.exe Has been deleted!

Attempting to delete C:\windows\system32\pyeweajk.exe
C:\windows\system32\pyeweajk.exe Has been deleted!

Attempting to delete C:\windows\system32\qomjhhf.dll
C:\windows\system32\qomjhhf.dll Has been deleted!

Attempting to delete C:\windows\system32\qomkjhh.dll
C:\windows\system32\qomkjhh.dll Has been deleted!

Attempting to delete C:\windows\system32\qomkkll.dll
C:\windows\system32\qomkkll.dll Has been deleted!

Attempting to delete C:\windows\system32\qomliif.dll
C:\windows\system32\qomliif.dll Has been deleted!

Attempting to delete C:\windows\system32\qomlmnl.dll
C:\windows\system32\qomlmnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommjgd.dll
C:\WINDOWS\system32\qommjgd.dll Has been deleted!

Attempting to delete C:\windows\system32\qqjhkstx.ini
C:\windows\system32\qqjhkstx.ini Has been deleted!

Attempting to delete C:\windows\system32\ribmrbhp.exe
C:\windows\system32\ribmrbhp.exe Could not be deleted.

Attempting to delete C:\windows\system32\rqrolmj.dll
C:\windows\system32\rqrolmj.dll Has been deleted!

Attempting to delete C:\windows\system32\rqroolm.dll
C:\windows\system32\rqroolm.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrpnno.dll
C:\windows\system32\rqrpnno.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrqqnn.dll
C:\windows\system32\rqrqqnn.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrrqqo.dll
C:\windows\system32\rqrrqqo.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrsssp.dll
C:\windows\system32\rqrsssp.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrsttu.dll
C:\windows\system32\rqrsttu.dll Has been deleted!

Attempting to delete C:\windows\system32\rvacvxdw.ini
C:\windows\system32\rvacvxdw.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqnmno.dll
C:\windows\system32\ssqnmno.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqolif.dll
C:\windows\system32\ssqolif.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpqqo.dll
C:\windows\system32\ssqpqqo.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqqnoo.dll
C:\windows\system32\ssqqnoo.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqqpnn.dll
C:\windows\system32\ssqqpnn.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqqppp.dll
C:\windows\system32\ssqqppp.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqronm.dll
C:\windows\system32\ssqronm.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqrpom.dll
C:\windows\system32\ssqrpom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ssttu.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvsrop.dll
C:\windows\system32\tuvsrop.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvsrpp.dll
C:\windows\system32\tuvsrpp.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvsrrp.dll
C:\windows\system32\tuvsrrp.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvtqrq.dll
C:\windows\system32\tuvtqrq.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvutqn.dll
C:\windows\system32\tuvutqn.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvuvwu.dll
C:\windows\system32\tuvuvwu.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvwutr.dll
C:\windows\system32\tuvwutr.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvwwwu.dll
C:\windows\system32\tuvwwwu.dll Has been deleted!

Attempting to delete C:\windows\system32\uctvcchk.ini
C:\windows\system32\uctvcchk.ini Has been deleted!

Attempting to delete C:\windows\system32\uggngtkd.exe
C:\windows\system32\uggngtkd.exe Has been deleted!

Attempting to delete C:\windows\system32\uqlmolhc.exe
C:\windows\system32\uqlmolhc.exe Has been deleted!

Attempting to delete C:\windows\system32\urqnlmj.dll
C:\windows\system32\urqnlmj.dll Has been deleted!

Attempting to delete C:\windows\system32\urqnlmm.dll
C:\windows\system32\urqnlmm.dll Has been deleted!

Attempting to delete C:\windows\system32\urqponn.dll
C:\windows\system32\urqponn.dll Has been deleted!

Attempting to delete C:\windows\system32\urqpppo.dll
C:\windows\system32\urqpppo.dll Has been deleted!

Attempting to delete C:\windows\system32\urqpqom.dll
C:\windows\system32\urqpqom.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqnml.dll
C:\windows\system32\urqqnml.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqopn.dll
C:\windows\system32\urqqopn.dll Has been deleted!

Attempting to delete C:\windows\system32\urqrrop.dll
C:\windows\system32\urqrrop.dll Has been deleted!

Attempting to delete C:\windows\system32\uttss.bak1
C:\windows\system32\uttss.bak1 Has been deleted!

Attempting to delete C:\windows\system32\uttss.bak2
C:\windows\system32\uttss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\uttss.ini
C:\windows\system32\uttss.ini Has been deleted!

Attempting to delete C:\windows\system32\uttss.ini2
C:\windows\system32\uttss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\uttss.tmp
C:\windows\system32\uttss.tmp Has been deleted!

Attempting to delete C:\windows\system32\vfmnqllr.exe
C:\windows\system32\vfmnqllr.exe Has been deleted!

Attempting to delete C:\windows\system32\vturqqn.dll
C:\windows\system32\vturqqn.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuspnm.dll
C:\windows\system32\vtuspnm.dll Has been deleted!

Attempting to delete C:\windows\system32\vtutttr.dll
C:\windows\system32\vtutttr.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuussp.dll
C:\windows\system32\vtuussp.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuusst.dll
C:\windows\system32\vtuusst.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuvsqq.dll
C:\windows\system32\vtuvsqq.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuvutt.dll
C:\windows\system32\vtuvutt.dll Has been deleted!

Attempting to delete C:\windows\system32\wdxvcavr.dll
C:\windows\system32\wdxvcavr.dll Has been deleted!

Attempting to delete C:\windows\system32\wqosqedb.exe
C:\windows\system32\wqosqedb.exe Has been deleted!

Attempting to delete C:\windows\system32\wrqvclin.dll
C:\windows\system32\wrqvclin.dll Has been deleted!

Attempting to delete C:\windows\system32\wvuuvtr.dll
C:\windows\system32\wvuuvtr.dll Has been deleted!

Attempting to delete C:\windows\system32\xpjhuxab.dll
C:\windows\system32\xpjhuxab.dll Has been deleted!

Attempting to delete C:\windows\system32\xtskhjqq.dll
C:\windows\system32\xtskhjqq.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyabcy.dll
C:\windows\system32\xxyabcy.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyxvsr.dll
C:\windows\system32\xxyxvsr.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyywuv.dll
C:\windows\system32\xxyywuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yafhftxm.dll
C:\WINDOWS\system32\yafhftxm.dll Has been deleted!

Attempting to delete C:\windows\system32\yayabxx.dll
C:\windows\system32\yayabxx.dll Has been deleted!

Attempting to delete C:\windows\system32\yayvvuu.dll
C:\windows\system32\yayvvuu.dll Has been deleted!

Attempting to delete C:\windows\system32\yaywtsq.dll
C:\windows\system32\yaywtsq.dll Has been deleted!

Attempting to delete C:\windows\system32\yaywvsr.dll
C:\windows\system32\yaywvsr.dll Has been deleted!

Attempting to delete C:\windows\system32\yaywwwv.dll
C:\windows\system32\yaywwwv.dll Has been deleted!

Attempting to delete C:\windows\system32\yayxvtr.dll
C:\windows\system32\yayxvtr.dll Has been deleted!

Attempting to delete C:\windows\system32\yeupwawr.exe
C:\windows\system32\yeupwawr.exe Has been deleted!

Attempting to delete C:\windows\system32\ytdijykp.exe
C:\windows\system32\ytdijykp.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\ribmrbhp.exe
C:\windows\system32\ribmrbhp.exe Could not be deleted.

Performing Repairs to the registry.
Done!










Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:48:28, on 2007-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ribmrbhp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webshots.com/r/internal/start/client/RAND
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {082C9544-5933-41B8-8792-85372CF8C658} - C:\WINDOWS\system32\sstqr.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: (no name) - {59BFECE4-F3C8-45E7-B281-FCAFC1ECA7BA} - C:\WINDOWS\system32\ssttu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C0928C44-ACFF-4155-B477-D71DDF9FC000} - C:\WINDOWS\system32\ddabc.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm037YYCA
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?01e2d752f2874ec19635c86332cb2cc3
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?01e2d752f2874ec19635c86332cb2cc3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah-Chan\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://devillove002.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-caf.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: opnkhgg - C:\WINDOWS\SYSTEM32\opnkhgg.dll
O20 - Winlogon Notify: sstqr - C:\WINDOWS\system32\sstqr.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ribmrbhp.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 7 / 10
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
11 juil. 2007 à 09:45
Supprime ces deux merdouilles

WinAntiVirus Pro 2007
mywebsearch


Ensuite

Fais un clic droit sur ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans mon avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

0
Réponse 8 / 10
marie-jeanne
12 juil. 2007 à 22:55
Search Navipromo version 2.0.5 commencé le 2007-07-11 à 22:09:02,93

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Sarah-Chan\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/11/07 at 22:09:06.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .....................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/11/07 at 22:21:43 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\rqtss.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rqtss.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rqtss.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\system32\fkhsjshg.exe trouvé !

3)Recherche Certificats :


*** Analyse Terminé le 2007-07-11 à 22:24:10,82 ***
0
Réponse 9 / 10
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
13 juil. 2007 à 09:19
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
0
Réponse 10 / 10
marie-jeanne
13 juil. 2007 à 20:45
mais je l'ait déja fait ca : s
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
13 juil. 2007 à 20:47
Oui
Déso lol

Refais un log hitjakthis, je repasse tout à l'heure
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Peut on retrouver des conversations MSN?
Moi51 -
benzar -

36 réponses