Cheval de Troie +++++
Fermé
Pat1809
Messages postés
8
Date d'inscription
lundi 28 mai 2007
Statut
Membre
Dernière intervention
16 août 2007
-
16 août 2007 à 19:35
raleuboleu Messages postés 5022 Date d'inscription mercredi 13 décembre 2006 Statut Membre Dernière intervention 14 mars 2012 - 16 août 2007 à 23:37
raleuboleu Messages postés 5022 Date d'inscription mercredi 13 décembre 2006 Statut Membre Dernière intervention 14 mars 2012 - 16 août 2007 à 23:37
A voir également:
- Cheval de Troie +++++
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Cheval de troie virus - Accueil - Virus
- Skyrim cheval perdu - Forum Jeux PC
- Message cheval de troie - Forum Virus
6 réponses
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
79
16 août 2007 à 19:38
16 août 2007 à 19:38
salut
pour commencer execute ceci:
1/vundo:
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
2/virtumonde:
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
3/Sdfix:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
4/hijack
Télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
poste tous rapports stp
bizoux
pour commencer execute ceci:
1/vundo:
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
2/virtumonde:
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
3/Sdfix:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
4/hijack
Télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
poste tous rapports stp
bizoux
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
79
16 août 2007 à 22:14
16 août 2007 à 22:14
bon déjà 1 point qui va pas , celui de windows est de ......c'est 1 passoire en gros ^^
tu as avast , avec lui le parefeu adéquat est kério (reste gratuit meme apres la période d'essai)
télécharge le ici:
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
ce sera déjà 1 bon point
^^
bizoux
tu as avast , avec lui le parefeu adéquat est kério (reste gratuit meme apres la période d'essai)
télécharge le ici:
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
ce sera déjà 1 bon point
^^
bizoux
Pat1809
Messages postés
8
Date d'inscription
lundi 28 mai 2007
Statut
Membre
Dernière intervention
16 août 2007
16 août 2007 à 22:49
16 août 2007 à 22:49
ok c'est fait...
cela à l'air catastrophique !
cela à l'air catastrophique !
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
79
16 août 2007 à 23:08
16 août 2007 à 23:08
pourquoi?
Pat1809
Messages postés
8
Date d'inscription
lundi 28 mai 2007
Statut
Membre
Dernière intervention
16 août 2007
16 août 2007 à 23:17
16 août 2007 à 23:17
c'est le eh ben..... qui m'a impressionnée !
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
79
16 août 2007 à 23:25
16 août 2007 à 23:25
re
au contraire ça a viré pas mal de truc et tanst mieux!!!!!!!!
que donne ton ordi depuis?
des changements ou pas?
bizoux
au contraire ça a viré pas mal de truc et tanst mieux!!!!!!!!
que donne ton ordi depuis?
des changements ou pas?
bizoux
Pat1809
Messages postés
8
Date d'inscription
lundi 28 mai 2007
Statut
Membre
Dernière intervention
16 août 2007
16 août 2007 à 23:29
16 août 2007 à 23:29
Un peu mieux au niveau de la défragmentation
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
79
16 août 2007 à 23:37
16 août 2007 à 23:37
bon ben c'est a prendre toujours!!!
bizoux
bizoux
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Pat1809
Messages postés
8
Date d'inscription
lundi 28 mai 2007
Statut
Membre
Dernière intervention
16 août 2007
16 août 2007 à 23:28
16 août 2007 à 23:28
J'aurai souhaiter continuer mais il est tard.
DOM + 2hoo soit 01h26 du mat..Très peu de sommeil en vue...
encore Merci.
A demain.
@++++++
DOM + 2hoo soit 01h26 du mat..Très peu de sommeil en vue...
encore Merci.
A demain.
@++++++
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
79
16 août 2007 à 23:29
16 août 2007 à 23:29
ok have a good night
bizoux
bizoux
16 août 2007 à 20:36
Voici les differents rapports. Merci
16 août 2007 à 20:45
tu les as oublié loool^^
bizoux
16 août 2007 à 21:01
Beginning removal...
VundoFix V6.5.7
Checking Java version...
Scan started at 21:43:26 16/08/2007
Listing files found while scanning....
C:\windows\system32\aaefljcy.ini
C:\windows\system32\afdfcmhq.dll
C:\windows\system32\ajpnklba.exe
C:\windows\system32\aqdijnep.dll
C:\windows\system32\aqoqwlqa.exe
C:\windows\system32\avgfehwf.dll
C:\windows\system32\awtqrqo.dll
C:\windows\system32\awtrrqn.dll
C:\windows\system32\awtsrpm.dll
C:\windows\system32\awtsrrr.dll
C:\windows\system32\awtssqr.dll
C:\windows\system32\awttqqq.dll
C:\WINDOWS\system32\awvvw.dll
C:\windows\system32\bcjvtcjh.exe
C:\windows\system32\bjbaxdob.dll
C:\windows\system32\bjxkqder.exe
C:\windows\system32\bodxabjb.ini
C:\windows\system32\byxvuts.dll
C:\windows\system32\byxyvuu.dll
C:\windows\system32\cbxvvus.dll
C:\windows\system32\cbxvwwt.dll
C:\windows\system32\cbxwurp.dll
C:\windows\system32\cbxxuut.dll
C:\windows\system32\cewyqbmr.exe
C:\windows\system32\cqjfcnrv.dll
C:\windows\system32\drkdcymg.exe
C:\windows\system32\eccfrpeb.dll
C:\windows\system32\efcccdb.dll
C:\windows\system32\efccddb.dll
C:\windows\system32\enbjjcih.dll
C:\windows\system32\epnetxts.ini
C:\windows\system32\eypgmnke.exe
C:\windows\system32\fcccdax.dll
C:\windows\system32\fhmlyaqu.exe
C:\windows\system32\fwhefgva.ini
C:\windows\system32\gcnedtkx.dll
C:\windows\system32\gebccdd.dll
C:\windows\system32\gebccya.dll
C:\windows\system32\gebyvut.dll
C:\windows\system32\gebywxu.dll
C:\windows\system32\gsfltfyd.exe
C:\windows\system32\gsqrlfkj.exe
C:\windows\system32\gupbxbjo.dll
C:\windows\system32\hggdeba.dll
C:\windows\system32\hggeecb.dll
C:\windows\system32\hggfghg.dll
C:\windows\system32\hgggfed.dll
C:\windows\system32\hgukkwme.dll
C:\windows\system32\iifdbyv.dll
C:\windows\system32\iifeefg.dll
C:\windows\system32\iifgfee.dll
C:\windows\system32\ijxhttcs.dll
C:\windows\system32\ikyaivdo.exe
C:\windows\system32\jfotoqoy.exe
C:\windows\system32\jfxeaxgq.ini
C:\windows\system32\jkkkljj.dll
C:\windows\system32\jkklkjg.dll
C:\windows\system32\kdtnfsst.exe
C:\windows\system32\khfddax.dll
C:\windows\system32\khfghgf.dll
C:\windows\system32\kjeamiie.exe
C:\windows\system32\kloolyro.exe
C:\windows\system32\kpycbwmd.dll
C:\windows\system32\ldbgatgx.dll
C:\windows\system32\ljjgeee.dll
C:\windows\system32\ljjgefd.dll
C:\windows\system32\ljjhheb.dll
C:\windows\system32\ljjifed.dll
C:\windows\system32\ljjkkhi.dll
C:\windows\system32\lslsjlng.exe
C:\windows\system32\mjfrnrgt.dll
C:\windows\system32\mtvhcdyy.dll
C:\windows\system32\myomkyeh.exe
C:\windows\system32\ngevnxgh.exe
C:\windows\system32\nhngxbwi.dll
C:\windows\system32\nnnkjhe.dll
C:\windows\system32\nnnkkji.dll
C:\windows\system32\nnnklki.dll
C:\windows\system32\nnnmjhh.dll
C:\windows\system32\nnnmmjh.dll
C:\windows\system32\nnnoonk.dll
C:\windows\system32\nsdifukj.exe
C:\windows\system32\oeatrjel.dll
C:\windows\system32\onjibjow.ini
C:\windows\system32\opnnkjk.dll
C:\windows\system32\opnnmmm.dll
C:\windows\system32\oskyyakw.exe
C:\windows\system32\paepdnuu.dll
C:\windows\system32\pfujfvpa.dll
C:\windows\system32\pmnkkkh.dll
C:\windows\system32\pmnlmjh.dll
C:\windows\system32\pmnmnki.dll
C:\windows\system32\pmnolig.dll
C:\windows\system32\pmnooop.dll
C:\windows\system32\pugpxeal.dll
C:\windows\system32\puvxibpd.dll
C:\windows\system32\pvkpxuqw.dll
C:\windows\system32\qfnjmkvw.exe
C:\windows\system32\qgxaexfj.dll
C:\windows\system32\qomjkjg.dll
C:\windows\system32\qomlihg.dll
C:\windows\system32\quekvmqr.exe
C:\windows\system32\qvcvloej.exe
C:\windows\system32\rhtaubcd.dll
C:\windows\system32\rngwbcpa.exe
C:\windows\system32\rqrollk.dll
C:\windows\system32\rqrsppo.dll
C:\windows\system32\ssqolkk.dll
C:\windows\system32\ssqrqrr.dll
C:\windows\system32\stxtenpe.dll
C:\windows\system32\svnklqqp.dll
C:\windows\system32\tgrnrfjm.ini
C:\windows\system32\tjbnafar.dll
C:\windows\system32\tlscyprx.exe
C:\windows\system32\tuvtutt.dll
C:\windows\system32\tuvusqp.dll
C:\windows\system32\uexayxho.dll
C:\windows\system32\ufbyvsww.dll
C:\windows\system32\unfgigfr.dll
C:\windows\system32\urqolih.dll
C:\windows\system32\urqppnl.dll
C:\windows\system32\uundpeap.ini
C:\WINDOWS\system32\uylwtmrh.dll
C:\windows\system32\vrncfjqc.ini
C:\windows\system32\vtursrp.dll
C:\windows\system32\vtuspol.dll
C:\windows\system32\vtusqnl.dll
C:\windows\system32\vtusrrq.dll
C:\windows\system32\vwjbpkkx.dll
C:\windows\system32\wbjuyouy.dll
C:\windows\system32\wojbijno.dll
C:\windows\system32\wuyrhttg.dll
C:\windows\system32\wvussqn.dll
C:\WINDOWS\system32\wvuttro.dll
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.bak2
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2
C:\WINDOWS\system32\wvvwa.tmp
C:\windows\system32\xcqnhwsr.exe
C:\windows\system32\xfaaquvq.exe
C:\windows\system32\xqdukxul.exe
C:\windows\system32\xxyaxxw.dll
C:\windows\system32\xxyvsst.dll
C:\windows\system32\xxyyaxv.dll
C:\windows\system32\xxyyyya.dll
C:\windows\system32\yayvusr.dll
C:\windows\system32\yayxurr.dll
C:\windows\system32\ycjlfeaa.dll
C:\WINDOWS\system32\yefbwike.dll
C:\windows\system32\yuoyujbw.ini
Beginning removal...
Attempting to delete C:\windows\system32\aaefljcy.ini
C:\windows\system32\aaefljcy.ini Has been deleted!
Attempting to delete C:\windows\system32\afdfcmhq.dll
C:\windows\system32\afdfcmhq.dll Has been deleted!
Attempting to delete C:\windows\system32\ajpnklba.exe
C:\windows\system32\ajpnklba.exe Has been deleted!
Attempting to delete C:\windows\system32\aqdijnep.dll
C:\windows\system32\aqdijnep.dll Has been deleted!
Attempting to delete C:\windows\system32\aqoqwlqa.exe
C:\windows\system32\aqoqwlqa.exe Has been deleted!
Attempting to delete C:\windows\system32\avgfehwf.dll
C:\windows\system32\avgfehwf.dll Has been deleted!
Attempting to delete C:\windows\system32\awtqrqo.dll
C:\windows\system32\awtqrqo.dll Has been deleted!
Attempting to delete C:\windows\system32\awtrrqn.dll
C:\windows\system32\awtrrqn.dll Has been deleted!
Attempting to delete C:\windows\system32\awtsrpm.dll
C:\windows\system32\awtsrpm.dll Has been deleted!
Attempting to delete C:\windows\system32\awtsrrr.dll
C:\windows\system32\awtsrrr.dll Has been deleted!
Attempting to delete C:\windows\system32\awtssqr.dll
C:\windows\system32\awtssqr.dll Has been deleted!
Attempting to delete C:\windows\system32\awttqqq.dll
C:\windows\system32\awttqqq.dll Has been deleted!
Attempting to delete C:\windows\system32\bcjvtcjh.exe
C:\windows\system32\bcjvtcjh.exe Has been deleted!
Attempting to delete C:\windows\system32\bjbaxdob.dll
C:\windows\system32\bjbaxdob.dll Has been deleted!
Attempting to delete C:\windows\system32\bjxkqder.exe
C:\windows\system32\bjxkqder.exe Has been deleted!
Attempting to delete C:\windows\system32\bodxabjb.ini
C:\windows\system32\bodxabjb.ini Has been deleted!
Attempting to delete C:\windows\system32\byxvuts.dll
C:\windows\system32\byxvuts.dll Has been deleted!
Attempting to delete C:\windows\system32\byxyvuu.dll
C:\windows\system32\byxyvuu.dll Has been deleted!
Attempting to delete C:\windows\system32\cbxvvus.dll
C:\windows\system32\cbxvvus.dll Has been deleted!
Attempting to delete C:\windows\system32\cbxvwwt.dll
C:\windows\system32\cbxvwwt.dll Has been deleted!
Attempting to delete C:\windows\system32\cbxwurp.dll
C:\windows\system32\cbxwurp.dll Has been deleted!
Attempting to delete C:\windows\system32\cbxxuut.dll
C:\windows\system32\cbxxuut.dll Has been deleted!
Attempting to delete C:\windows\system32\cewyqbmr.exe
C:\windows\system32\cewyqbmr.exe Has been deleted!
Attempting to delete C:\windows\system32\cqjfcnrv.dll
C:\windows\system32\cqjfcnrv.dll Has been deleted!
Attempting to delete C:\windows\system32\drkdcymg.exe
C:\windows\system32\drkdcymg.exe Has been deleted!
Attempting to delete C:\windows\system32\eccfrpeb.dll
C:\windows\system32\eccfrpeb.dll Has been deleted!
Attempting to delete C:\windows\system32\efcccdb.dll
C:\windows\system32\efcccdb.dll Has been deleted!
Attempting to delete C:\windows\system32\efccddb.dll
C:\windows\system32\efccddb.dll Has been deleted!
Attempting to delete C:\windows\system32\enbjjcih.dll
C:\windows\system32\enbjjcih.dll Has been deleted!
Attempting to delete C:\windows\system32\epnetxts.ini
C:\windows\system32\epnetxts.ini Has been deleted!
Attempting to delete C:\windows\system32\eypgmnke.exe
C:\windows\system32\eypgmnke.exe Has been deleted!
Attempting to delete C:\windows\system32\fcccdax.dll
C:\windows\system32\fcccdax.dll Has been deleted!
Attempting to delete C:\windows\system32\fhmlyaqu.exe
C:\windows\system32\fhmlyaqu.exe Has been deleted!
Attempting to delete C:\windows\system32\fwhefgva.ini
C:\windows\system32\fwhefgva.ini Has been deleted!
Attempting to delete C:\windows\system32\gcnedtkx.dll
C:\windows\system32\gcnedtkx.dll Has been deleted!
Attempting to delete C:\windows\system32\gebccdd.dll
C:\windows\system32\gebccdd.dll Has been deleted!
Attempting to delete C:\windows\system32\gebccya.dll
C:\windows\system32\gebccya.dll Has been deleted!
Attempting to delete C:\windows\system32\gebyvut.dll
C:\windows\system32\gebyvut.dll Has been deleted!
Attempting to delete C:\windows\system32\gebywxu.dll
C:\windows\system32\gebywxu.dll Has been deleted!
Attempting to delete C:\windows\system32\gsfltfyd.exe
C:\windows\system32\gsfltfyd.exe Has been deleted!
Attempting to delete C:\windows\system32\gsqrlfkj.exe
C:\windows\system32\gsqrlfkj.exe Has been deleted!
Attempting to delete C:\windows\system32\gupbxbjo.dll
C:\windows\system32\gupbxbjo.dll Has been deleted!
Attempting to delete C:\windows\system32\hggdeba.dll
C:\windows\system32\hggdeba.dll Has been deleted!
Attempting to delete C:\windows\system32\hggeecb.dll
C:\windows\system32\hggeecb.dll Has been deleted!
Attempting to delete C:\windows\system32\hggfghg.dll
C:\windows\system32\hggfghg.dll Has been deleted!
Attempting to delete C:\windows\system32\hgggfed.dll
C:\windows\system32\hgggfed.dll Has been deleted!
Attempting to delete C:\windows\system32\hgukkwme.dll
C:\windows\system32\hgukkwme.dll Has been deleted!
Attempting to delete C:\windows\system32\iifdbyv.dll
C:\windows\system32\iifdbyv.dll Has been deleted!
Attempting to delete C:\windows\system32\iifeefg.dll
C:\windows\system32\iifeefg.dll Has been deleted!
Attempting to delete C:\windows\system32\iifgfee.dll
C:\windows\system32\iifgfee.dll Has been deleted!
Attempting to delete C:\windows\system32\ijxhttcs.dll
C:\windows\system32\ijxhttcs.dll Has been deleted!
Attempting to delete C:\windows\system32\ikyaivdo.exe
C:\windows\system32\ikyaivdo.exe Has been deleted!
Attempting to delete C:\windows\system32\jfotoqoy.exe
C:\windows\system32\jfotoqoy.exe Has been deleted!
Attempting to delete C:\windows\system32\jfxeaxgq.ini
C:\windows\system32\jfxeaxgq.ini Has been deleted!
Attempting to delete C:\windows\system32\jkkkljj.dll
C:\windows\system32\jkkkljj.dll Has been deleted!
Attempting to delete C:\windows\system32\jkklkjg.dll
C:\windows\system32\jkklkjg.dll Has been deleted!
Attempting to delete C:\windows\system32\kdtnfsst.exe
C:\windows\system32\kdtnfsst.exe Has been deleted!
Attempting to delete C:\windows\system32\khfddax.dll
C:\windows\system32\khfddax.dll Has been deleted!
Attempting to delete C:\windows\system32\khfghgf.dll
C:\windows\system32\khfghgf.dll Has been deleted!
Attempting to delete C:\windows\system32\kjeamiie.exe
C:\windows\system32\kjeamiie.exe Has been deleted!
Attempting to delete C:\windows\system32\kloolyro.exe
C:\windows\system32\kloolyro.exe Has been deleted!
Attempting to delete C:\windows\system32\kpycbwmd.dll
C:\windows\system32\kpycbwmd.dll Has been deleted!
Attempting to delete C:\windows\system32\ldbgatgx.dll
C:\windows\system32\ldbgatgx.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjgeee.dll
C:\windows\system32\ljjgeee.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjgefd.dll
C:\windows\system32\ljjgefd.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjhheb.dll
C:\windows\system32\ljjhheb.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjifed.dll
C:\windows\system32\ljjifed.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjkkhi.dll
C:\windows\system32\ljjkkhi.dll Has been deleted!
Attempting to delete C:\windows\system32\lslsjlng.exe
C:\windows\system32\lslsjlng.exe Has been deleted!
Attempting to delete C:\windows\system32\mjfrnrgt.dll
C:\windows\system32\mjfrnrgt.dll Has been deleted!
Attempting to delete C:\windows\system32\mtvhcdyy.dll
C:\windows\system32\mtvhcdyy.dll Has been deleted!
Attempting to delete C:\windows\system32\myomkyeh.exe
C:\windows\system32\myomkyeh.exe Has been deleted!
Attempting to delete C:\windows\system32\ngevnxgh.exe
C:\windows\system32\ngevnxgh.exe Has been deleted!
Attempting to delete C:\windows\system32\nhngxbwi.dll
C:\windows\system32\nhngxbwi.dll Has been deleted!
Attempting to delete C:\windows\system32\nnnkjhe.dll
C:\windows\system32\nnnkjhe.dll Has been deleted!
Attempting to delete C:\windows\system32\nnnkkji.dll
C:\windows\system32\nnnkkji.dll Has been deleted!
Attempting to delete C:\windows\system32\nnnklki.dll
C:\windows\system32\nnnklki.dll Has been deleted!
Attempting to delete C:\windows\system32\nnnmjhh.dll
C:\windows\system32\nnnmjhh.dll Has been deleted!
Attempting to delete C:\windows\system32\nnnmmjh.dll
C:\windows\system32\nnnmmjh.dll Has been deleted!
Attempting to delete C:\windows\system32\nnnoonk.dll
C:\windows\system32\nnnoonk.dll Has been deleted!
Attempting to delete C:\windows\system32\nsdifukj.exe
C:\windows\system32\nsdifukj.exe Has been deleted!
Attempting to delete C:\windows\system32\oeatrjel.dll
C:\windows\system32\oeatrjel.dll Has been deleted!
Attempting to delete C:\windows\system32\onjibjow.ini
C:\windows\system32\onjibjow.ini Has been deleted!
Attempting to delete C:\windows\system32\opnnkjk.dll
C:\windows\system32\opnnkjk.dll Has been deleted!
Attempting to delete C:\windows\system32\opnnmmm.dll
C:\windows\system32\opnnmmm.dll Has been deleted!
Attempting to delete C:\windows\system32\oskyyakw.exe
C:\windows\system32\oskyyakw.exe Has been deleted!
Attempting to delete C:\windows\system32\paepdnuu.dll
C:\windows\system32\paepdnuu.dll Has been deleted!
Attempting to delete C:\windows\system32\pfujfvpa.dll
C:\windows\system32\pfujfvpa.dll Has been deleted!
Attempting to delete C:\windows\system32\pmnkkkh.dll
C:\windows\system32\pmnkkkh.dll Has been deleted!
Attempting to delete C:\windows\system32\pmnlmjh.dll
C:\windows\system32\pmnlmjh.dll Has been deleted!
Attempting to delete C:\windows\system32\pmnmnki.dll
C:\windows\system32\pmnmnki.dll Has been deleted!
Attempting to delete C:\windows\system32\pmnolig.dll
C:\windows\system32\pmnolig.dll Has been deleted!
Attempting to delete C:\windows\system32\pmnooop.dll
C:\windows\system32\pmnooop.dll Has been deleted!
Attempting to delete C:\windows\system32\pugpxeal.dll
C:\windows\system32\pugpxeal.dll Has been deleted!
Attempting to delete C:\windows\system32\puvxibpd.dll
C:\windows\system32\puvxibpd.dll Has been deleted!
Attempting to delete C:\windows\system32\pvkpxuqw.dll
C:\windows\system32\pvkpxuqw.dll Has been deleted!
Attempting to delete C:\windows\system32\qfnjmkvw.exe
C:\windows\system32\qfnjmkvw.exe Has been deleted!
Attempting to delete C:\windows\system32\qgxaexfj.dll
C:\windows\system32\qgxaexfj.dll Has been deleted!
Attempting to delete C:\windows\system32\qomjkjg.dll
C:\windows\system32\qomjkjg.dll Has been deleted!
Attempting to delete C:\windows\system32\qomlihg.dll
C:\windows\system32\qomlihg.dll Has been deleted!
Attempting to delete C:\windows\system32\quekvmqr.exe
C:\windows\system32\quekvmqr.exe Has been deleted!
Attempting to delete C:\windows\system32\qvcvloej.exe
C:\windows\system32\qvcvloej.exe Has been deleted!
Attempting to delete C:\windows\system32\rhtaubcd.dll
C:\windows\system32\rhtaubcd.dll Has been deleted!
Attempting to delete C:\windows\system32\rngwbcpa.exe
C:\windows\system32\rngwbcpa.exe Has been deleted!
Attempting to delete C:\windows\system32\rqrollk.dll
C:\windows\system32\rqrollk.dll Has been deleted!
Attempting to delete C:\windows\system32\rqrsppo.dll
C:\windows\system32\rqrsppo.dll Has been deleted!
Attempting to delete C:\windows\system32\ssqolkk.dll
C:\windows\system32\ssqolkk.dll Has been deleted!
Attempting to delete C:\windows\system32\ssqrqrr.dll
C:\windows\system32\ssqrqrr.dll Has been deleted!
Attempting to delete C:\windows\system32\stxtenpe.dll
C:\windows\system32\stxtenpe.dll Has been deleted!
Attempting to delete C:\windows\system32\svnklqqp.dll
C:\windows\system32\svnklqqp.dll Has been deleted!
Attempting to delete C:\windows\system32\tgrnrfjm.ini
C:\windows\system32\tgrnrfjm.ini Has been deleted!
Attempting to delete C:\windows\system32\tjbnafar.dll
C:\windows\system32\tjbnafar.dll Has been deleted!
Attempting to delete C:\windows\system32\tlscyprx.exe
C:\windows\system32\tlscyprx.exe Has been deleted!
Attempting to delete C:\windows\system32\tuvtutt.dll
C:\windows\system32\tuvtutt.dll Has been deleted!
Attempting to delete C:\windows\system32\tuvusqp.dll
C:\windows\system32\tuvusqp.dll Has been deleted!
Attempting to delete C:\windows\system32\uexayxho.dll
C:\windows\system32\uexayxho.dll Has been deleted!
Attempting to delete C:\windows\system32\ufbyvsww.dll
C:\windows\system32\ufbyvsww.dll Has been deleted!
Attempting to delete C:\windows\system32\unfgigfr.dll
C:\windows\system32\unfgigfr.dll Has been deleted!
Attempting to delete C:\windows\system32\urqolih.dll
C:\windows\system32\urqolih.dll Has been deleted!
Attempting to delete C:\windows\system32\urqppnl.dll
C:\windows\system32\urqppnl.dll Has been deleted!
Attempting to delete C:\windows\system32\uundpeap.ini
C:\windows\system32\uundpeap.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\uylwtmrh.dll
C:\WINDOWS\system32\uylwtmrh.dll Has been deleted!
Attempting to delete C:\windows\system32\vrncfjqc.ini
C:\windows\system32\vrncfjqc.ini Has been deleted!
Attempting to delete C:\windows\system32\vtursrp.dll
C:\windows\system32\vtursrp.dll Has been deleted!
Attempting to delete C:\windows\system32\vtuspol.dll
C:\windows\system32\vtuspol.dll Has been deleted!
Attempting to delete C:\windows\system32\vtusqnl.dll
C:\windows\system32\vtusqnl.dll Has been deleted!
Attempting to delete C:\windows\system32\vtusrrq.dll
C:\windows\system32\vtusrrq.dll Has been deleted!
Attempting to delete C:\windows\system32\vwjbpkkx.dll
C:\windows\system32\vwjbpkkx.dll Has been deleted!
Attempting to delete C:\windows\system32\wbjuyouy.dll
C:\windows\system32\wbjuyouy.dll Has been deleted!
Attempting to delete C:\windows\system32\wojbijno.dll
C:\windows\system32\wojbijno.dll Has been deleted!
Attempting to delete C:\windows\system32\wuyrhttg.dll
C:\windows\system32\wuyrhttg.dll Has been deleted!
Attempting to delete C:\windows\system32\wvussqn.dll
C:\windows\system32\wvussqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvvwa.bak2
C:\WINDOWS\system32\wvvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvvwa.ini2
C:\WINDOWS\system32\wvvwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvvwa.tmp
C:\WINDOWS\system32\wvvwa.tmp Has been deleted!
Attempting to delete C:\windows\system32\xcqnhwsr.exe
C:\windows\system32\xcqnhwsr.exe Has been deleted!
Attempting to delete C:\windows\system32\xfaaquvq.exe
C:\windows\system32\xfaaquvq.exe Has been deleted!
Attempting to delete C:\windows\system32\xqdukxul.exe
C:\windows\system32\xqdukxul.exe Has been deleted!
Attempting to delete C:\windows\system32\xxyaxxw.dll
C:\windows\system32\xxyaxxw.dll Has been deleted!
Attempting to delete C:\windows\system32\xxyvsst.dll
C:\windows\system32\xxyvsst.dll Has been deleted!
Attempting to delete C:\windows\system32\xxyyaxv.dll
C:\windows\system32\xxyyaxv.dll Has been deleted!
Attempting to delete C:\windows\system32\xxyyyya.dll
C:\windows\system32\xxyyyya.dll Has been deleted!
Attempting to delete C:\windows\system32\yayvusr.dll
C:\windows\system32\yayvusr.dll Has been deleted!
Attempting to delete C:\windows\system32\yayxurr.dll
C:\windows\system32\yayxurr.dll Has been deleted!
Attempting to delete C:\windows\system32\ycjlfeaa.dll
C:\windows\system32\ycjlfeaa.dll Has been deleted!
Attempting to delete C:\windows\system32\yuoyujbw.ini
C:\windows\system32\yuoyujbw.ini Has been deleted!
Performing Repairs to the registry.
Done!
08/16/2007, 21:55:54] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[08/16/2007, 21:56:06] - Detected System Information:
[08/16/2007, 21:56:06] - Windows Version: 5.1.2600, Service Pack 2
[08/16/2007, 21:56:06] - Current Username: Pat (Admin)
[08/16/2007, 21:56:06] - Windows is in NORMAL mode.
[08/16/2007, 21:56:06] - Searching for Browser Helper Objects:
[08/16/2007, 21:56:06] - BHO 1: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[08/16/2007, 21:56:06] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/16/2007, 21:56:06] - BHO 3: {07B18EA1-A523-4961-B6BB-170DE4475CCA} (mwsBar BHO)
[08/16/2007, 21:56:06] - BHO 4: {4C4B4BD8-555D-42DA-8533-590B454983AE} ()
[08/16/2007, 21:56:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 21:56:06] - Checking for HKLM\...\Winlogon\Notify\awvvw
[08/16/2007, 21:56:06] - Found: HKLM\...\Winlogon\Notify\awvvw - This is probably Virtumundo.
[08/16/2007, 21:56:06] - Assigning {4C4B4BD8-555D-42DA-8533-590B454983AE} MSEvents Object
[08/16/2007, 21:56:06] - BHO list has been changed! Starting over...
[08/16/2007, 21:56:06] - BHO 1: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[08/16/2007, 21:56:06] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/16/2007, 21:56:06] - BHO 3: {07B18EA1-A523-4961-B6BB-170DE4475CCA} (mwsBar BHO)
[08/16/2007, 21:56:06] - BHO 4: {4C4B4BD8-555D-42DA-8533-590B454983AE} (MSEvents Object)
[08/16/2007, 21:56:06] - ALERT: Found MSEvents Object!
[08/16/2007, 21:56:06] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/16/2007, 21:56:06] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/16/2007, 21:56:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 21:56:06] - No filename found. Continuing.
[08/16/2007, 21:56:06] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/16/2007, 21:56:06] - BHO 8: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
[08/16/2007, 21:56:06] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/16/2007, 21:56:06] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/16/2007, 21:56:06] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[08/16/2007, 21:56:06] - BHO 12: {CA356D79-679B-4b4c-8E49-5AF97014F4C1} ()
[08/16/2007, 21:56:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 21:56:06] - Checking for HKLM\...\Winlogon\Notify\Starware354
[08/16/2007, 21:56:06] - Key not found: HKLM\...\Winlogon\Notify\Starware354, continuing.
[08/16/2007, 21:56:06] - BHO 13: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[08/16/2007, 21:56:06] - Finished Searching Browser Helper Objects
[08/16/2007, 21:56:06] - *** Detected MSEvents Object
[08/16/2007, 21:56:06] - Trying to remove MSEvents Object...
[08/16/2007, 21:56:07] - Terminating Process: IEXPLORE.EXE
[08/16/2007, 21:56:08] - Terminating Process: RUNDLL32.EXE
[08/16/2007, 21:56:08] - Disabling Automatic Shell Restart
[08/16/2007, 21:56:08] - Terminating Process: EXPLORER.EXE
[08/16/2007, 21:56:08] - Suspending the NT Session Manager System Service
[08/16/2007, 21:56:08] - Terminating Windows NT Logon/Logoff Manager
[08/16/2007, 21:56:08] - Re-enabling Automatic Shell Restart
[08/16/2007, 21:56:08] - File to disable: C:\WINDOWS\system32\awvvw.dll
[08/16/2007, 21:56:08] - Removing HKLM\...\Browser Helper Objects\{4C4B4BD8-555D-42DA-8533-590B454983AE}
[08/16/2007, 21:56:08] - Removing HKCR\CLSID\{4C4B4BD8-555D-42DA-8533-590B454983AE}
[08/16/2007, 21:56:09] - Adding Kill Bit for ActiveX for GUID: {4C4B4BD8-555D-42DA-8533-590B454983AE}
[08/16/2007, 21:56:09] - Deleting ATLEvents/MSEvents Registry entries
[08/16/2007, 21:56:09] - Removing HKLM\...\Winlogon\Notify\awvvw
[08/16/2007, 21:56:09] - Searching for Browser Helper Objects:
[08/16/2007, 21:56:09] - BHO 1: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[08/16/2007, 21:56:09] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/16/2007, 21:56:09] - BHO 3: {07B18EA1-A523-4961-B6BB-170DE4475CCA} (mwsBar BHO)
[08/16/2007, 21:56:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/16/2007, 21:56:09] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/16/2007, 21:56:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 21:56:09] - No filename found. Continuing.
[08/16/2007, 21:56:09] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/16/2007, 21:56:09] - BHO 7: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
[08/16/2007, 21:56:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/16/2007, 21:56:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/16/2007, 21:56:09] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[08/16/2007, 21:56:09] - BHO 11: {CA356D79-679B-4b4c-8E49-5AF97014F4C1} ()
[08/16/2007, 21:56:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 21:56:09] - Checking for HKLM\...\Winlogon\Notify\Starware354
[08/16/2007, 21:56:09] - Key not found: HKLM\...\Winlogon\Notify\Starware354, continuing.
[08/16/2007, 21:56:09] - BHO 12: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[08/16/2007, 21:56:09] - Finished Searching Browser Helper Objects
[08/16/2007, 21:56:09] - Finishing up...
[08/16/2007, 21:56:09] - A restart is needed.
[08/16/2007, 21:56:45] - Attempting to Restart via STOP error (Blue Screen!)
[08/16/2007, 22:00:35] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[08/16/2007, 22:00:54] - Detected System Information:
[08/16/2007, 22:00:54] - Windows Version: 5.1.2600, Service Pack 2
[08/16/2007, 22:00:54] - Current Username: Pat (Admin)
[08/16/2007, 22:00:54] - Windows is in NORMAL mode.
[08/16/2007, 22:00:54] - Searching for Browser Helper Objects:
[08/16/2007, 22:00:54] - BHO 1: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[08/16/2007, 22:00:54] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/16/2007, 22:00:54] - BHO 3: {07B18EA1-A523-4961-B6BB-170DE4475CCA} (mwsBar BHO)
[08/16/2007, 22:00:54] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/16/2007, 22:00:54] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/16/2007, 22:00:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 22:00:54] - No filename found. Continuing.
[08/16/2007, 22:00:54] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/16/2007, 22:00:54] - BHO 7: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
[08/16/2007, 22:00:54] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/16/2007, 22:00:54] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/16/2007, 22:00:54] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[08/16/2007, 22:00:54] - BHO 11: {CA356D79-679B-4b4c-8E49-5AF97014F4C1} ()
[08/16/2007, 22:00:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 22:00:54] - Checking for HKLM\...\Winlogon\Notify\Starware354
[08/16/2007, 22:00:54] - Key not found: HKLM\...\Winlogon\Notify\Starware354, continuing.
[08/16/2007, 22:00:54] - BHO 12: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[08/16/2007, 22:00:54] - Finished Searching Browser Helper Objects
[08/16/2007, 22:00:54] - Finishing up...
[08/16/2007, 22:00:54] - Nothing found! Exiting...
[08/16/2007, 22:02:07] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[08/16/2007, 22:02:09] - Detected System Information:
[08/16/2007, 22:02:09] - Windows Version: 5.1.2600, Service Pack 2
[08/16/2007, 22:02:09] - Current Username: Pat (Admin)
[08/16/2007, 22:02:09] - Windows is in NORMAL mode.
[08/16/2007, 22:02:09] - Searching for Browser Helper Objects:
[08/16/2007, 22:02:09] - BHO 1: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[08/16/2007, 22:02:09] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/16/2007, 22:02:09] - BHO 3: {07B18EA1-A523-4961-B6BB-170DE4475CCA} (mwsBar BHO)
[08/16/2007, 22:02:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/16/2007, 22:02:09] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/16/2007, 22:02:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 22:02:09] - No filename found. Continuing.
[08/16/2007, 22:02:09] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/16/2007, 22:02:09] - BHO 7: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
[08/16/2007, 22:02:09] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/16/2007, 22:02:09] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/16/2007, 22:02:09] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[08/16/2007, 22:02:09] - BHO 11: {CA356D79-679B-4b4c-8E49-5AF97014F4C1} ()
[08/16/2007, 22:02:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/16/2007, 22:02:09] - Checking for HKLM\...\Winlogon\Notify\Starware354
[08/16/2007, 22:02:09] - Key not found: HKLM\...\Winlogon\Notify\Starware354, continuing.
[08/16/2007, 22:02:09] - BHO 12: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[08/16/2007, 22:02:09] - Finished Searching Browser Helper Objects
[08/16/2007, 22:02:09] - Finishing up...
[08/16/2007, 22:02:09] - Nothing found! Exiting...
SDFix: Version 1.98
Run by Administrateur on 16/08/2007 at 22:15
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
DomainService
ImagePath:
C:\WINDOWS\system32\pebidrsv.exe /service
DomainService - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\retadpu1001307.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\pebidrsv.exe"="C:\\WINDOWS\\system32\\peb"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\laetitia0212@hotmail.fr\me\Thumbs.db
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\lapetitevendeenne@hotmail.fr\Thumbs.db
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\la_rappeuse_du45@hotmail.fr\Zuma Deluxe\Zuma Deluxe\FONTS\Thumbs.db
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\la_rappeuse_du45@hotmail.fr\Zuma Deluxe\Zuma Deluxe\LEVELS\LOOPY\Thumbs.db
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\louise.mag@hotmail.fr\freaky friday\AlbumArtSmall.jpg
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\louise.mag@hotmail.fr\freaky friday\AlbumArt_{F0D8F6D2-659A-4F36-9250-84E0F0DE3BEA}_Large.jpg
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\louise.mag@hotmail.fr\freaky friday\desktop.ini
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\louise.mag@hotmail.fr\freaky friday\Folder.jpg
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\Sharing Folders\louise.mag@hotmail.fr\freaky friday\Thumbs.db
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\Messenger\tutur_du_974@msn.com\SharingMetadata\louise.mag@hotmail.fr\DFSR\ConflictDelete\AlbumArt_{F0D8F6D2-659A-4F36-9250-84E0F0DE3BEA}_Sm-{EA3A19B1-A696-4406-BEB2-A8EDB17B11A3}-v108.jpg
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished Logfile of HijackThis v1.99.1
Scan saved at 22:32:23, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\Pat\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\7.bin\A5SRCHAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\7.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware354\bin\Starware354.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\7.bin\ASKTBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\7.bin\ASKTBAR.DLL
O3 - Toolbar: Starware Toolbar Recettes - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware354\bin\Starware354.dll
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk879YYRE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://ww12.mcboo.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16 août 2007 à 22:01
eh ben..............
tite question quel parefeu as tu?
16 août 2007 à 22:09