Sujet Précédent Sujet Suivant

Virus en pagaille

Résolu
sebtiti Messages postés 42 Statut Membre -  
 afideg -
Bonjour,

quand j'ouvre mon pc voici mes messages d'erreurs

P07 - 0100 irql : 1f SYSVER0xff00024 NT KERNEL ERROR 1256 KMODE EXCEPTION NOT HANDLED
+ invalid BACKWEB application id "4448364"
+"0x01d62739"
+0x02354e50

---------------------------
Your system could become unstable
---------------------------
A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
---------------------------
OK
---------------------------
+---------------------------
Your system could become unstable
---------------------------
A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
---------------------------
OK
---------------------------
A voir également:

114 réponses

Précédent
Réponse 21 / 114
sebtiti Messages postés 42 Statut Membre
 
Search Navipromo version 3.4.4 commencé le 11/02/2007 à 18:47:09,29

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.02.2008 à 12h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2800.1106
Système de fichiers : NTFS

Executé en mode sans échec

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

C:\WINDOWS\mslagent trouvé !
C:\WINDOWS\msskinner trouvé !

*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\MailSkinner trouvé !

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\CHEF Julie\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\CHEF Julie\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\CHEF Julie\MENUDM~1\PROGRA~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\CHEF Julie\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf trouvé !
C:\WINDOWS\tmlpcert2007 trouvé !
C:\WINDOWS\system32\linkprd.exe trouvé !
C:\WINDOWS\system32\msegcompid.dll trouvé !
C:\WINDOWS\system32\mseggrpid.dll trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_CURRENT_USER\Software\mc trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

upwaocowb.dat trouvé !
upwaocowb_nav.dat trouvé !
upwaocowb_navps.dat trouvé !
linkprd.exe trouvé !

* Dans "C:\Documents and Settings\CHEF Julie\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :

C:\WINDOWS\system32\ppqss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 11/02/2007 à 19:23:59,29 ***
0
Réponse 22 / 114
Utilisateur anonyme
 
bonjour tu va bien ?

Double cliques sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valides.

Le fix va t'informer qu'il va alors redémarrer ton PC
Fermes toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuies sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le bloc-notes. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

0
Réponse 23 / 114
sebtiti Messages postés 42 Statut Membre
 
je le ferais ce soir

Merci

a tout à l'heure
0
Réponse 24 / 114
valbo10
 
bjour j'ai le meme probleme j'aimerai savoir car jai pas trop comprit comment resoudre se problemme pouver vous me le redire svp sais tres importemps sa fait 3 semainue je rechercher je ni arive pas merci de me repondre
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 114
Utilisateur anonyme
 
bonjour Valbo10 , j'espere il faut que tu cree un poste sur le forum , pour ne pas se melanger dans les rapports et creer une catastrophe
pour ce faire clic ici http://www.commentcamarche.net/forum/forum 7#ecrire et remplis les champs en detaillant le plus clairement possible tes ennuies puis valide
0
Réponse 26 / 114
sebtiti Messages postés 42 Statut Membre
 
Clean Navipromo version 3.4.4 commencé le 12/02/2007 à 18:26:42,64

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.02.2008 à 12h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2800.1106
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Executé en mode sans échec

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

* Suppression dans "C:\Documents and Settings\CHEF Julie\locals~1\applic~1" *

*** Suppression dossiers dans C:\WINDOWS ***

C:\WINDOWS\mslagent ...suppression...
C:\WINDOWS\mslagent supprimé !

C:\WINDOWS\msskinner ...suppression...
C:\WINDOWS\msskinner supprimé !

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Suppression dossiers dans "C:\Documents and Settings\CHEF Julie\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\CHEF Julie\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\CHEF Julie\MENUDM~1\PROGRA~1" ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***

*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf supprimé !
C:\WINDOWS\tmlpcert2007 supprimé !
C:\WINDOWS\system32\linkprd.exe supprimé !
C:\WINDOWS\system32\msegcompid.dll supprimé !
C:\WINDOWS\system32\mseggrpid.dll supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\CHEF Julie\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans C:\WINDOWS\system32 *

upwaocowb.dat trouvé !
Copie upwaocowb.dat réalisée avec succès !
upwaocowb.dat supprimé !

upwaocowb_nav.dat trouvé !
Copie upwaocowb_nav.dat réalisée avec succès !
upwaocowb_nav.dat supprimé !

upwaocowb_navps.dat trouvé !
Copie upwaocowb_navps.dat réalisée avec succès !
upwaocowb_navps.dat supprimé !

C:\WINDOWS\prefetch\upwaocowb*.pf trouvé !
Copie C:\WINDOWS\prefetch\upwaocowb*.pf réalisée avec succès !
C:\WINDOWS\prefetch\upwaocowb*.pf supprimé !

* Dans "C:\Documents and Settings\CHEF Julie\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 12/02/2007 à 18:27:43,75 ***
0
Réponse 27 / 114
sebtiti Messages postés 42 Statut Membre
 
il ne m'a pas demandé de redemarrer
je l'ai fait car il etait a nouveau bloqué
0
Réponse 28 / 114
sebtiti Messages postés 42 Statut Membre
 
ci joint le rapport

SmitFraudFix v2.284

Rapport fait à 18:44:28,95, 12/02/2007
Executé à partir de C:\Documents and Settings\CHEF Julie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CHEF Julie

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CHEF Julie\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHEFJU~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3FD05EB8-C3BF-4626-AF3E-2733FE59CAE9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3FD05EB8-C3BF-4626-AF3E-2733FE59CAE9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3FD05EB8-C3BF-4626-AF3E-2733FE59CAE9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 29 / 114
Utilisateur anonyme
 
Smitfraud option 2

Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport sauvegardé sur le forum
0
Réponse 30 / 114
sebtiti Messages postés 42 Statut Membre
 
depuis le début je suis en mode sans echec car impossible d'ouvrir quoi que ce soit sur le pc
en mode normal

mais je vais reessayer apres l'option 2 merci
0
Réponse 31 / 114
Utilisateur anonyme
 
ok mais a noter il nous restent encore un gros travail pour assainir ton pc ! ;-)
0
Réponse 32 / 114
sebtiti Messages postés 42 Statut Membre
 
SmitFraudFix v2.284

Rapport fait à 19:01:30,78, 12/02/2007
Executé à partir de C:\Documents and Settings\CHEF Julie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3FD05EB8-C3BF-4626-AF3E-2733FE59CAE9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3FD05EB8-C3BF-4626-AF3E-2733FE59CAE9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3FD05EB8-C3BF-4626-AF3E-2733FE59CAE9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 33 / 114
sebtiti Messages postés 42 Statut Membre
 
j'ai une fenetre de avg qui me dit que je suis infecté au démaragge
il y a du + je peux travailler en mode normal et j'ai quelques fenetres supp qui s'ouvre avec ca comme info
---------------------------
Microsoft Internet Explorer
---------------------------
Notez: si votre ordinateur a travaillé plus lentement que d/?habitude, il peut etre infecté de Viruses, Adware ou Spyware.

MalwareAlarm fera le scanning vite et gratuit de votre système pour vour protéger de programmes malintentionnés.

Telechargez MalwareAlarm gratuitement maintenant!
---------------------------
OK Annuler
---------------------------

et aussi

---------------------------
Your system could become unstable
---------------------------
A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
---------------------------
OK
---------------------------
merci
0
Réponse 34 / 114
Utilisateur anonyme
 
ne surtout pas telecharger !!!!!!
0
Réponse 35 / 114
sebtiti Messages postés 42 Statut Membre
 
je ne trouve pas dans msn by cid
peut etrez dans programs files
0
Réponse 36 / 114
Utilisateur anonyme
 
non dans ajout suppression de programmes cherche CID et tu supprime
0
Réponse 37 / 114
sebtiti Messages postés 42 Statut Membre
 
sinon j'ai cidaemon dans WINDOWS/system32
0
Réponse 38 / 114
Utilisateur anonyme
 
on veras apres commence ceci :http://www.commentcamarche.net/forum/affich 4977849 virus en pagaille?page=2#32
0
Réponse 39 / 114
sebtiti Messages postés 42 Statut Membre
 
le rapport vundo

VundoFix V6.7.8

Checking Java version...

Scan started at 21:25:37 12/02/2007

Listing files found while scanning....

C:\WINDOWS\system32\arqwqrro.dll
C:\WINDOWS\system32\awtqnkh.dll
C:\WINDOWS\system32\bdqiypaw.dll
C:\WINDOWS\system32\byxvtqq.dll
C:\WINDOWS\system32\byxwwvw.dll
C:\WINDOWS\system32\byxxwuu.dll
C:\WINDOWS\system32\byxxxvv.dll
C:\WINDOWS\system32\dbnduswh.dll
C:\WINDOWS\system32\ddcbaaa.dll
C:\WINDOWS\system32\djfyqpfh.dll
C:\WINDOWS\system32\dkfhkxcp.dll
C:\WINDOWS\system32\eosbuqqq.ini
C:\WINDOWS\system32\fccdaxx.dll
C:\WINDOWS\system32\fccdcyx.dll
C:\WINDOWS\system32\gebaayy.dll
C:\WINDOWS\system32\gebbxwx.dll
C:\WINDOWS\system32\gebcdcc.dll
C:\WINDOWS\system32\gebywvu.dll
C:\WINDOWS\system32\gewwajpk.dll
C:\WINDOWS\system32\gtiwrdfj.dll
C:\WINDOWS\system32\hfpqyfjd.ini
C:\WINDOWS\system32\hggdeby.dll
C:\WINDOWS\system32\hgggffg.dll
C:\WINDOWS\system32\jkkjggh.dll
C:\WINDOWS\system32\jkkjkij.dll
C:\WINDOWS\system32\jkkkhec.dll
C:\WINDOWS\system32\jrgglfto.dll
C:\WINDOWS\system32\khffdba.dll
C:\WINDOWS\system32\khffdda.dll
C:\WINDOWS\system32\khfgdab.dll
C:\WINDOWS\system32\kpjawweg.ini
C:\WINDOWS\system32\kuentdju.dll
C:\WINDOWS\system32\lecbrirr.dll
C:\WINDOWS\system32\lmdogyvw.dll
C:\WINDOWS\system32\lnyvlrew.exe
C:\WINDOWS\system32\mofihxox.dll
C:\WINDOWS\system32\nnnoppo.dll
C:\WINDOWS\system32\opnopqo.dll
C:\WINDOWS\system32\otflggrj.ini
C:\WINDOWS\system32\pbbowuyt.dll
C:\WINDOWS\system32\pfajxdwy.dll
C:\WINDOWS\system32\pnlkhruw.dll
C:\WINDOWS\system32\pufvnbyj.dll
C:\WINDOWS\system32\qqqubsoe.dll
C:\WINDOWS\System32\qvqixawx.dll
C:\windows\system32\qvqixawx.dllbox
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.exe
C:\WINDOWS\system32\tvxcixax.exe
C:\WINDOWS\system32\ukxrnnko.dll
C:\WINDOWS\system32\uphmqnqs.dll
C:\WINDOWS\system32\vduxoric.dll
C:\WINDOWS\system32\wurhklnp.ini
C:\WINDOWS\system32\wvusqnn.dll
C:\WINDOWS\system32\wvustuv.dll
C:\WINDOWS\system32\wvutstt.dll
C:\WINDOWS\system32\wvuuurs.dll
C:\WINDOWS\system32\wvuvsrq.dll
C:\WINDOWS\system32\xxywwxy.dll
C:\WINDOWS\system32\xynvofyn.dll
C:\WINDOWS\system32\ywdxjafp.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\arqwqrro.dll
C:\WINDOWS\system32\arqwqrro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqnkh.dll
C:\WINDOWS\system32\awtqnkh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdqiypaw.dll
C:\WINDOWS\system32\bdqiypaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvtqq.dll
C:\WINDOWS\system32\byxvtqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxwwvw.dll
C:\WINDOWS\system32\byxwwvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxwuu.dll
C:\WINDOWS\system32\byxxwuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxxvv.dll
C:\WINDOWS\system32\byxxxvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dbnduswh.dll
C:\WINDOWS\system32\dbnduswh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcbaaa.dll
C:\WINDOWS\system32\ddcbaaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\djfyqpfh.dll
C:\WINDOWS\system32\djfyqpfh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dkfhkxcp.dll
C:\WINDOWS\system32\dkfhkxcp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eosbuqqq.ini
C:\WINDOWS\system32\eosbuqqq.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccdaxx.dll
C:\WINDOWS\system32\fccdaxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccdcyx.dll
C:\WINDOWS\system32\fccdcyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebaayy.dll
C:\WINDOWS\system32\gebaayy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebbxwx.dll
C:\WINDOWS\system32\gebbxwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcdcc.dll
C:\WINDOWS\system32\gebcdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebywvu.dll
C:\WINDOWS\system32\gebywvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gewwajpk.dll
C:\WINDOWS\system32\gewwajpk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gtiwrdfj.dll
C:\WINDOWS\system32\gtiwrdfj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hfpqyfjd.ini
C:\WINDOWS\system32\hfpqyfjd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggdeby.dll
C:\WINDOWS\system32\hggdeby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggffg.dll
C:\WINDOWS\system32\hgggffg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjggh.dll
C:\WINDOWS\system32\jkkjggh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjkij.dll
C:\WINDOWS\system32\jkkjkij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkkhec.dll
C:\WINDOWS\system32\jkkkhec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jrgglfto.dll
C:\WINDOWS\system32\jrgglfto.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khffdba.dll
C:\WINDOWS\system32\khffdba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khffdda.dll
C:\WINDOWS\system32\khffdda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgdab.dll
C:\WINDOWS\system32\khfgdab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kpjawweg.ini
C:\WINDOWS\system32\kpjawweg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kuentdju.dll
C:\WINDOWS\system32\kuentdju.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lecbrirr.dll
C:\WINDOWS\system32\lecbrirr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmdogyvw.dll
C:\WINDOWS\system32\lmdogyvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnyvlrew.exe
C:\WINDOWS\system32\lnyvlrew.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mofihxox.dll
C:\WINDOWS\system32\mofihxox.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnoppo.dll
C:\WINDOWS\system32\nnnoppo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnopqo.dll
C:\WINDOWS\system32\opnopqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\otflggrj.ini
C:\WINDOWS\system32\otflggrj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pbbowuyt.dll
C:\WINDOWS\system32\pbbowuyt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pfajxdwy.dll
C:\WINDOWS\system32\pfajxdwy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pnlkhruw.dll
C:\WINDOWS\system32\pnlkhruw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pufvnbyj.dll
C:\WINDOWS\system32\pufvnbyj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqqubsoe.dll
C:\WINDOWS\system32\qqqubsoe.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\qvqixawx.dll
C:\WINDOWS\System32\qvqixawx.dll Could not be deleted.

Attempting to delete C:\windows\system32\qvqixawx.dllbox
C:\windows\system32\qvqixawx.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpp.exe
C:\WINDOWS\system32\ssqpp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvxcixax.exe
C:\WINDOWS\system32\tvxcixax.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ukxrnnko.dll
C:\WINDOWS\system32\ukxrnnko.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uphmqnqs.dll
C:\WINDOWS\system32\uphmqnqs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vduxoric.dll
C:\WINDOWS\system32\vduxoric.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wurhklnp.ini
C:\WINDOWS\system32\wurhklnp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvusqnn.dll
C:\WINDOWS\system32\wvusqnn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvustuv.dll
C:\WINDOWS\system32\wvustuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvutstt.dll
C:\WINDOWS\system32\wvutstt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuuurs.dll
C:\WINDOWS\system32\wvuuurs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvsrq.dll
C:\WINDOWS\system32\wvuvsrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywwxy.dll
C:\WINDOWS\system32\xxywwxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xynvofyn.dll
C:\WINDOWS\system32\xynvofyn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ywdxjafp.ini
C:\WINDOWS\system32\ywdxjafp.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebcdcc.dll
C:\WINDOWS\system32\gebcdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\qvqixawx.dll
C:\WINDOWS\System32\qvqixawx.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Scan started at 21:40:06 12/02/2007

Listing files found while scanning....

C:\WINDOWS\system32\gebcdcc.dll
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\nwkfcqwm.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\qvqixawx.dll
C:\WINDOWS\system32\yfpefgnu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebcdcc.dll
C:\WINDOWS\system32\gebcdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\jjkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwkfcqwm.dll
C:\WINDOWS\system32\nwkfcqwm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qvqixawx.dll
C:\WINDOWS\system32\qvqixawx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yfpefgnu.dll
C:\WINDOWS\system32\yfpefgnu.dll Could not be deleted.

Performing Repairs to the registry.
Done!
0
Réponse 40 / 114
sebtiti Messages postés 42 Statut Membre
 
ci joint le scond rappaort

VBG.txt

[02/12/2007, 22:09:13] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\CHEF Julie\Bureau\VirtumundoBeGone.exe" )
[02/12/2007, 22:09:36] - Detected System Information:
[02/12/2007, 22:09:36] - Windows Version: 5.1.2600, Service Pack 1
[02/12/2007, 22:09:36] - Current Username: CHEF Julie (Admin)
[02/12/2007, 22:09:36] - Windows is in NORMAL mode.
[02/12/2007, 22:09:36] - Searching for Browser Helper Objects:
[02/12/2007, 22:09:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/12/2007, 22:09:36] - BHO 2: {3F0F06E8-1326-45FE-85AE-B1AF6DFC49B2} ()
[02/12/2007, 22:09:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:36] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[02/12/2007, 22:09:37] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[02/12/2007, 22:09:37] - BHO 3: {4672AFC5-0BC5-47B8-A401-423D2E7EEBA0} ()
[02/12/2007, 22:09:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:37] - Checking for HKLM\...\Winlogon\Notify\ssqpp
[02/12/2007, 22:09:37] - Key not found: HKLM\...\Winlogon\Notify\ssqpp, continuing.
[02/12/2007, 22:09:37] - BHO 4: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[02/12/2007, 22:09:37] - BHO 5: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[02/12/2007, 22:09:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:37] - Checking for HKLM\...\Winlogon\Notify\qvqixawx
[02/12/2007, 22:09:37] - Found: HKLM\...\Winlogon\Notify\qvqixawx - This is probably Virtumundo.
[02/12/2007, 22:09:37] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[02/12/2007, 22:09:37] - BHO list has been changed! Starting over...
[02/12/2007, 22:09:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/12/2007, 22:09:37] - BHO 2: {3F0F06E8-1326-45FE-85AE-B1AF6DFC49B2} ()
[02/12/2007, 22:09:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:37] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[02/12/2007, 22:09:37] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[02/12/2007, 22:09:37] - BHO 3: {4672AFC5-0BC5-47B8-A401-423D2E7EEBA0} ()
[02/12/2007, 22:09:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:37] - Checking for HKLM\...\Winlogon\Notify\ssqpp
[02/12/2007, 22:09:37] - Key not found: HKLM\...\Winlogon\Notify\ssqpp, continuing.
[02/12/2007, 22:09:37] - BHO 4: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[02/12/2007, 22:09:37] - BHO 5: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[02/12/2007, 22:09:37] - ALERT: Found MSEvents Object!
[02/12/2007, 22:09:37] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/12/2007, 22:09:37] - BHO 7: {bb1b9629-e6d8-48e6-9523-88fa62fd4a02} ()
[02/12/2007, 22:09:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:37] - Checking for HKLM\...\Winlogon\Notify\nwkfcqwm
[02/12/2007, 22:09:37] - Key not found: HKLM\...\Winlogon\Notify\nwkfcqwm, continuing.
[02/12/2007, 22:09:37] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[02/12/2007, 22:09:37] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[02/12/2007, 22:09:37] - BHO 10: {D55374BC-19D6-40D6-9441-4B744E69FD6D} ()
[02/12/2007, 22:09:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:37] - No filename found. Continuing.
[02/12/2007, 22:09:37] - BHO 11: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} ()
[02/12/2007, 22:09:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:37] - Checking for HKLM\...\Winlogon\Notify\gebcdcc
[02/12/2007, 22:09:37] - Found: HKLM\...\Winlogon\Notify\gebcdcc - This is probably Virtumundo.
[02/12/2007, 22:09:37] - Assigning {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} MSEvents Object
[02/12/2007, 22:09:37] - BHO list has been changed! Starting over...
[02/12/2007, 22:09:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/12/2007, 22:09:38] - BHO 2: {3F0F06E8-1326-45FE-85AE-B1AF6DFC49B2} ()
[02/12/2007, 22:09:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:38] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[02/12/2007, 22:09:38] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[02/12/2007, 22:09:38] - BHO 3: {4672AFC5-0BC5-47B8-A401-423D2E7EEBA0} ()
[02/12/2007, 22:09:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:38] - Checking for HKLM\...\Winlogon\Notify\ssqpp
[02/12/2007, 22:09:38] - Key not found: HKLM\...\Winlogon\Notify\ssqpp, continuing.
[02/12/2007, 22:09:38] - BHO 4: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[02/12/2007, 22:09:38] - BHO 5: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[02/12/2007, 22:09:38] - ALERT: Found MSEvents Object!
[02/12/2007, 22:09:38] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/12/2007, 22:09:38] - BHO 7: {bb1b9629-e6d8-48e6-9523-88fa62fd4a02} ()
[02/12/2007, 22:09:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:38] - Checking for HKLM\...\Winlogon\Notify\nwkfcqwm
[02/12/2007, 22:09:38] - Key not found: HKLM\...\Winlogon\Notify\nwkfcqwm, continuing.
[02/12/2007, 22:09:38] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[02/12/2007, 22:09:38] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[02/12/2007, 22:09:38] - BHO 10: {D55374BC-19D6-40D6-9441-4B744E69FD6D} ()
[02/12/2007, 22:09:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:38] - No filename found. Continuing.
[02/12/2007, 22:09:38] - BHO 11: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} (MSEvents Object)
[02/12/2007, 22:09:38] - ALERT: Found MSEvents Object!
[02/12/2007, 22:09:38] - BHO 12: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[02/12/2007, 22:09:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:38] - Checking for HKLM\...\Winlogon\Notify\mnyviewer
[02/12/2007, 22:09:38] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing.
[02/12/2007, 22:09:38] - Finished Searching Browser Helper Objects
[02/12/2007, 22:09:38] - *** Detected MSEvents Object
[02/12/2007, 22:09:38] - Trying to remove MSEvents Object...
[02/12/2007, 22:09:39] - Terminating Process: IEXPLORE.EXE
[02/12/2007, 22:09:40] - Terminating Process: RUNDLL32.EXE
[02/12/2007, 22:09:40] - Disabling Automatic Shell Restart
[02/12/2007, 22:09:40] - Terminating Process: EXPLORER.EXE
[02/12/2007, 22:09:41] - Suspending the NT Session Manager System Service
[02/12/2007, 22:09:41] - Terminating Windows NT Logon/Logoff Manager
[02/12/2007, 22:09:41] - Re-enabling Automatic Shell Restart
[02/12/2007, 22:09:41] - File to disable: C:\WINDOWS\system32\qvqixawx.dll
[02/12/2007, 22:09:41] - Renaming C:\WINDOWS\system32\qvqixawx.dll -> C:\WINDOWS\system32\qvqixawx.dll.vir
[02/12/2007, 22:09:41] - File successfully renamed!
[02/12/2007, 22:09:41] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[02/12/2007, 22:09:41] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[02/12/2007, 22:09:42] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[02/12/2007, 22:09:42] - Deleting ATLEvents/MSEvents Registry entries
[02/12/2007, 22:09:42] - Removing HKLM\...\Winlogon\Notify\qvqixawx
[02/12/2007, 22:09:42] - Searching for Browser Helper Objects:
[02/12/2007, 22:09:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/12/2007, 22:09:42] - BHO 2: {3F0F06E8-1326-45FE-85AE-B1AF6DFC49B2} ()
[02/12/2007, 22:09:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:42] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[02/12/2007, 22:09:42] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[02/12/2007, 22:09:42] - BHO 3: {4672AFC5-0BC5-47B8-A401-423D2E7EEBA0} ()
[02/12/2007, 22:09:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:42] - Checking for HKLM\...\Winlogon\Notify\ssqpp
[02/12/2007, 22:09:42] - Key not found: HKLM\...\Winlogon\Notify\ssqpp, continuing.
[02/12/2007, 22:09:42] - BHO 4: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[02/12/2007, 22:09:42] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/12/2007, 22:09:42] - BHO 6: {bb1b9629-e6d8-48e6-9523-88fa62fd4a02} ()
[02/12/2007, 22:09:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:42] - Checking for HKLM\...\Winlogon\Notify\nwkfcqwm
[02/12/2007, 22:09:42] - Key not found: HKLM\...\Winlogon\Notify\nwkfcqwm, continuing.
[02/12/2007, 22:09:42] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[02/12/2007, 22:09:42] - BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[02/12/2007, 22:09:42] - BHO 9: {D55374BC-19D6-40D6-9441-4B744E69FD6D} ()
[02/12/2007, 22:09:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:42] - No filename found. Continuing.
[02/12/2007, 22:09:42] - BHO 10: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} (MSEvents Object)
[02/12/2007, 22:09:42] - ALERT: Found MSEvents Object!
[02/12/2007, 22:09:42] - BHO 11: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[02/12/2007, 22:09:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:42] - Checking for HKLM\...\Winlogon\Notify\mnyviewer
[02/12/2007, 22:09:42] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing.
[02/12/2007, 22:09:42] - Finished Searching Browser Helper Objects
[02/12/2007, 22:09:42] - *** Detected MSEvents Object
[02/12/2007, 22:09:42] - Trying to remove MSEvents Object...
[02/12/2007, 22:09:43] - Terminating Process: IEXPLORE.EXE
[02/12/2007, 22:09:43] - Terminating Process: RUNDLL32.EXE
[02/12/2007, 22:09:44] - Disabling Automatic Shell Restart
[02/12/2007, 22:09:44] - Terminating Process: EXPLORER.EXE
[02/12/2007, 22:09:44] - Suspending the NT Session Manager System Service
[02/12/2007, 22:09:44] - Terminating Windows NT Logon/Logoff Manager
[02/12/2007, 22:09:44] - Re-enabling Automatic Shell Restart
[02/12/2007, 22:09:44] - File to disable: C:\WINDOWS\System32\gebcdcc.dll
[02/12/2007, 22:09:44] - Renaming C:\WINDOWS\System32\gebcdcc.dll -> C:\WINDOWS\System32\gebcdcc.dll.vir
[02/12/2007, 22:09:44] - File successfully renamed!
[02/12/2007, 22:09:44] - Removing HKLM\...\Browser Helper Objects\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
[02/12/2007, 22:09:44] - Removing HKCR\CLSID\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
[02/12/2007, 22:09:44] - Adding Kill Bit for ActiveX for GUID: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
[02/12/2007, 22:09:44] - Deleting ATLEvents/MSEvents Registry entries
[02/12/2007, 22:09:44] - Removing HKLM\...\Winlogon\Notify\gebcdcc
[02/12/2007, 22:09:44] - Searching for Browser Helper Objects:
[02/12/2007, 22:09:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/12/2007, 22:09:44] - BHO 2: {3F0F06E8-1326-45FE-85AE-B1AF6DFC49B2} ()
[02/12/2007, 22:09:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:44] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[02/12/2007, 22:09:44] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[02/12/2007, 22:09:44] - BHO 3: {4672AFC5-0BC5-47B8-A401-423D2E7EEBA0} ()
[02/12/2007, 22:09:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:44] - Checking for HKLM\...\Winlogon\Notify\ssqpp
[02/12/2007, 22:09:44] - Key not found: HKLM\...\Winlogon\Notify\ssqpp, continuing.
[02/12/2007, 22:09:44] - BHO 4: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[02/12/2007, 22:09:44] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/12/2007, 22:09:44] - BHO 6: {bb1b9629-e6d8-48e6-9523-88fa62fd4a02} ()
[02/12/2007, 22:09:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:45] - Checking for HKLM\...\Winlogon\Notify\nwkfcqwm
[02/12/2007, 22:09:45] - Key not found: HKLM\...\Winlogon\Notify\nwkfcqwm, continuing.
[02/12/2007, 22:09:45] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[02/12/2007, 22:09:45] - BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[02/12/2007, 22:09:45] - BHO 9: {D55374BC-19D6-40D6-9441-4B744E69FD6D} ()
[02/12/2007, 22:09:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:45] - No filename found. Continuing.
[02/12/2007, 22:09:45] - BHO 10: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[02/12/2007, 22:09:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2007, 22:09:45] - Checking for HKLM\...\Winlogon\Notify\mnyviewer
[02/12/2007, 22:09:45] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing.
[02/12/2007, 22:09:45] - Finished Searching Browser Helper Objects
[02/12/2007, 22:09:45] - Finishing up...
[02/12/2007, 22:09:45] - A restart is needed.
[02/12/2007, 22:09:52] - Attempting to Restart via STOP error (Blue Screen!)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses