Khffccc.dll Impossible a supprimé
Résolu/Fermé
Hermos
Messages postés
55
Date d'inscription
lundi 24 mars 2008
Statut
Membre
Dernière intervention
6 mai 2012
-
24 mars 2008 à 21:09
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 25 mars 2008 à 20:02
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 25 mars 2008 à 20:02
A voir également:
- Khffccc.dll Impossible a supprimé
- Recuperer message whatsapp supprimé - Guide
- Fichier impossible à supprimer - Guide
- Impossible de supprimer une page word - Guide
- Message supprimé whatsapp - Guide
- Retrouver contact supprimé - Accueil - Android
6 réponses
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
24 mars 2008 à 21:19
24 mars 2008 à 21:19
Bonsoir
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= ensuite va dans C:==> program files ==> trend micro => ouvre hijack et renomme le petit bonhomme avec une loupe par ton speudo.exe
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= ensuite va dans C:==> program files ==> trend micro => ouvre hijack et renomme le petit bonhomme avec une loupe par ton speudo.exe
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
24 mars 2008 à 23:58
24 mars 2008 à 23:58
re
Télécharge sur ton bureau RHosts (Merci à S!ri) disponible ici,
http://siri.urz.free.fr/Softs/RHosts.exe
Double-clique sur Rhosts.exe et clique sur "restaurer".
ensuite il faut renommer hijack
tu vas dans C:\Program Files\Trend Micro\HijackThis\HijackThis.exe et tu le renomme par exemple par Hermos.exe
ensuite
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4
=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt
ensuite
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici
ensuite
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
Télécharge sur ton bureau RHosts (Merci à S!ri) disponible ici,
http://siri.urz.free.fr/Softs/RHosts.exe
Double-clique sur Rhosts.exe et clique sur "restaurer".
ensuite il faut renommer hijack
tu vas dans C:\Program Files\Trend Micro\HijackThis\HijackThis.exe et tu le renomme par exemple par Hermos.exe
ensuite
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4
=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt
ensuite
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici
ensuite
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
Hermos
Messages postés
55
Date d'inscription
lundi 24 mars 2008
Statut
Membre
Dernière intervention
6 mai 2012
4
24 mars 2008 à 23:52
24 mars 2008 à 23:52
bonsoir,
voici le report de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:56, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.youtube.com;http://www.google.fr;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 90.1.36.245 l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [20805a46] rundll32.exe "C:\WINDOWS\system32\quxefsyy.dll",b
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BM23b369da] Rundll32.exe "C:\WINDOWS\system32\jgybfdtu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
voici le report de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:56, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.youtube.com;http://www.google.fr;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 90.1.36.245 l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [20805a46] rundll32.exe "C:\WINDOWS\system32\quxefsyy.dll",b
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BM23b369da] Rundll32.exe "C:\WINDOWS\system32\jgybfdtu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Hermos
Messages postés
55
Date d'inscription
lundi 24 mars 2008
Statut
Membre
Dernière intervention
6 mai 2012
4
25 mars 2008 à 00:38
25 mars 2008 à 00:38
re
voila le rapport de vundofix
VundoFix V7.0.3
Scan started at 14:42:23 20/03/2008
Listing files found while scanning....
C:\Program Files\PowerISO\PWRISOSH.DLL
C:\windows\system32\ddcyw.dll
C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini2
Beginning removal...
Attempting to delete C:\windows\system32\ddcyw.dll
C:\windows\system32\ddcyw.dll Has been deleted!
Attempting to delete C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini Has been deleted!
Attempting to delete C:\windows\system32\wycdd.ini2
C:\windows\system32\wycdd.ini2 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V7.0.3
Scan started at 23:26:20 24/03/2008
Listing files found while scanning....
C:\Program Files\PowerISO\PWRISOSH.DLL
Beginning removal...
Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!
Performing Repairs to the registry.
Done!
je n'es pas encore terminé les autre étapes je te dirai d'es que je les aurai faite
voila le rapport de vundofix
VundoFix V7.0.3
Scan started at 14:42:23 20/03/2008
Listing files found while scanning....
C:\Program Files\PowerISO\PWRISOSH.DLL
C:\windows\system32\ddcyw.dll
C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini2
Beginning removal...
Attempting to delete C:\windows\system32\ddcyw.dll
C:\windows\system32\ddcyw.dll Has been deleted!
Attempting to delete C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini Has been deleted!
Attempting to delete C:\windows\system32\wycdd.ini2
C:\windows\system32\wycdd.ini2 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V7.0.3
Scan started at 23:26:20 24/03/2008
Listing files found while scanning....
C:\Program Files\PowerISO\PWRISOSH.DLL
Beginning removal...
Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!
Performing Repairs to the registry.
Done!
je n'es pas encore terminé les autre étapes je te dirai d'es que je les aurai faite
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Hermos
Messages postés
55
Date d'inscription
lundi 24 mars 2008
Statut
Membre
Dernière intervention
6 mai 2012
4
25 mars 2008 à 01:25
25 mars 2008 à 01:25
re voila la suite
voici le rapport de VirtumundoBeGone.exe
[03/24/2008, 23:49:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\BuzzLeclair\Bureau\VirtumundoBeGone.exe" )
[03/24/2008, 23:49:56] - Detected System Information:
[03/24/2008, 23:49:56] - Windows Version: 5.1.2600, Service Pack 2
[03/24/2008, 23:49:56] - Current Username: BuzzLeclair (Admin)
[03/24/2008, 23:49:56] - Windows is in NORMAL mode.
[03/24/2008, 23:49:56] - Searching for Browser Helper Objects:
[03/24/2008, 23:49:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:49:56] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:49:56] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:49:56] - Found: HKLM\...\Winlogon\Notify\pmnonno - This is probably Virtumundo.
[03/24/2008, 23:49:56] - Assigning {11241072-58BB-40CE-9171-0B2BDFB22E97} MSEvents Object
[03/24/2008, 23:49:56] - BHO list has been changed! Starting over...
[03/24/2008, 23:49:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:49:56] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:49:56] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} (MSEvents Object)
[03/24/2008, 23:49:56] - ALERT: Found MSEvents Object!
[03/24/2008, 23:49:56] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:49:56] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:49:56] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:49:56] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - No filename found. Continuing.
[03/24/2008, 23:49:56] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:49:56] - BHO 9: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:49:56] - BHO 10: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - No filename found. Continuing.
[03/24/2008, 23:49:56] - BHO 11: {E9383002-FC55-4330-B9C9-67E03BC5C840} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\khffccc
[03/24/2008, 23:49:56] - Found: HKLM\...\Winlogon\Notify\khffccc - This is probably Virtumundo.
[03/24/2008, 23:49:56] - Assigning {E9383002-FC55-4330-B9C9-67E03BC5C840} MSEvents Object
[03/24/2008, 23:49:56] - BHO list has been changed! Starting over...
[03/24/2008, 23:49:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:49:56] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:49:56] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} (MSEvents Object)
[03/24/2008, 23:49:56] - ALERT: Found MSEvents Object!
[03/24/2008, 23:49:56] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:49:56] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:49:56] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:49:56] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - No filename found. Continuing.
[03/24/2008, 23:49:56] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:49:56] - BHO 9: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:49:56] - BHO 10: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - No filename found. Continuing.
[03/24/2008, 23:49:56] - BHO 11: {E9383002-FC55-4330-B9C9-67E03BC5C840} (MSEvents Object)
[03/24/2008, 23:49:56] - ALERT: Found MSEvents Object!
[03/24/2008, 23:49:56] - Finished Searching Browser Helper Objects
[03/24/2008, 23:49:56] - *** Detected MSEvents Object
[03/24/2008, 23:49:56] - Trying to remove MSEvents Object...
[03/24/2008, 23:49:57] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 23:49:57] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 23:49:57] - Disabling Automatic Shell Restart
[03/24/2008, 23:49:57] - Terminating Process: EXPLORER.EXE
[03/24/2008, 23:49:57] - Suspending the NT Session Manager System Service
[03/24/2008, 23:49:57] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 23:49:57] - Re-enabling Automatic Shell Restart
[03/24/2008, 23:49:57] - File to disable: C:\WINDOWS\system32\pmnonno.dll
[03/24/2008, 23:49:57] - Renaming C:\WINDOWS\system32\pmnonno.dll -> C:\WINDOWS\system32\pmnonno.dll.vir
[03/24/2008, 23:49:58] - ! File rename was unsucessful.
[03/24/2008, 23:49:58] - Attempting to Deny Access to C:\WINDOWS\system32\pmnonno.dll
[03/24/2008, 23:49:58] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/24/2008, 23:49:58] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[03/24/2008, 23:49:58] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/24/2008, 23:49:58] - Removing HKLM\...\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:49:58] - Removing HKCR\CLSID\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:49:58] - Adding Kill Bit for ActiveX for GUID: {11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:49:58] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 23:49:58] - Removing HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:49:58] - Searching for Browser Helper Objects:
[03/24/2008, 23:49:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:49:58] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:49:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:58] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:49:58] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:49:58] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:49:58] - BHO 4: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:49:58] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:49:58] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:49:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:58] - No filename found. Continuing.
[03/24/2008, 23:49:58] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:49:58] - BHO 8: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:49:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:58] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:49:58] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:49:58] - BHO 9: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:49:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:59] - No filename found. Continuing.
[03/24/2008, 23:49:59] - BHO 10: {E9383002-FC55-4330-B9C9-67E03BC5C840} (MSEvents Object)
[03/24/2008, 23:49:59] - ALERT: Found MSEvents Object!
[03/24/2008, 23:49:59] - Finished Searching Browser Helper Objects
[03/24/2008, 23:49:59] - *** Detected MSEvents Object
[03/24/2008, 23:49:59] - Trying to remove MSEvents Object...
[03/24/2008, 23:50:00] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 23:50:00] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 23:50:00] - Disabling Automatic Shell Restart
[03/24/2008, 23:50:00] - Terminating Process: EXPLORER.EXE
[03/24/2008, 23:50:00] - Suspending the NT Session Manager System Service
[03/24/2008, 23:50:00] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 23:50:00] - Re-enabling Automatic Shell Restart
[03/24/2008, 23:50:00] - File to disable: C:\WINDOWS\system32\khffccc.dll
[03/24/2008, 23:50:00] - Renaming C:\WINDOWS\system32\khffccc.dll -> C:\WINDOWS\system32\khffccc.dll.vir
[03/24/2008, 23:50:00] - ! File rename was unsucessful.
[03/24/2008, 23:50:00] - Attempting to Deny Access to C:\WINDOWS\system32\khffccc.dll
[03/24/2008, 23:50:00] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/24/2008, 23:50:00] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[03/24/2008, 23:50:00] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/24/2008, 23:50:00] - Removing HKLM\...\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}
[03/24/2008, 23:50:00] - Removing HKCR\CLSID\{E9383002-FC55-4330-B9C9-67E03BC5C840}
[03/24/2008, 23:50:00] - Adding Kill Bit for ActiveX for GUID: {E9383002-FC55-4330-B9C9-67E03BC5C840}
[03/24/2008, 23:50:00] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 23:50:00] - Removing HKLM\...\Winlogon\Notify\khffccc
[03/24/2008, 23:50:00] - Searching for Browser Helper Objects:
[03/24/2008, 23:50:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:50:00] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:50:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:00] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:50:00] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:50:00] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} ()
[03/24/2008, 23:50:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:00] - Checking for HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:50:00] - Found: HKLM\...\Winlogon\Notify\pmnonno - This is probably Virtumundo.
[03/24/2008, 23:50:00] - Assigning {11241072-58BB-40CE-9171-0B2BDFB22E97} MSEvents Object
[03/24/2008, 23:50:00] - BHO list has been changed! Starting over...
[03/24/2008, 23:50:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:50:00] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:50:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:00] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:50:00] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:50:00] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} (MSEvents Object)
[03/24/2008, 23:50:00] - ALERT: Found MSEvents Object!
[03/24/2008, 23:50:01] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:50:01] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:50:01] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:50:01] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:50:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:01] - No filename found. Continuing.
[03/24/2008, 23:50:01] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:50:01] - BHO 9: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:50:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:01] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:50:01] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:50:01] - BHO 10: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:50:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:01] - No filename found. Continuing.
[03/24/2008, 23:50:01] - Finished Searching Browser Helper Objects
[03/24/2008, 23:50:01] - *** Detected MSEvents Object
[03/24/2008, 23:50:01] - Trying to remove MSEvents Object...
[03/24/2008, 23:50:02] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 23:50:02] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 23:50:02] - Disabling Automatic Shell Restart
[03/24/2008, 23:50:02] - Terminating Process: EXPLORER.EXE
[03/24/2008, 23:50:02] - Suspending the NT Session Manager System Service
[03/24/2008, 23:50:02] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 23:50:02] - Re-enabling Automatic Shell Restart
[03/24/2008, 23:50:02] - File to disable: C:\WINDOWS\system32\pmnonno.dll
[03/24/2008, 23:50:02] - Renaming C:\WINDOWS\system32\pmnonno.dll -> C:\WINDOWS\system32\pmnonno.dll.vir
[03/24/2008, 23:50:02] - ! File rename was unsucessful.
[03/24/2008, 23:50:02] - Attempting to Deny Access to C:\WINDOWS\system32\pmnonno.dll
[03/24/2008, 23:50:02] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/24/2008, 23:50:02] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[03/24/2008, 23:50:02] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/24/2008, 23:50:02] - Removing HKLM\...\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:50:04] - Removing HKCR\CLSID\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:50:05] - Adding Kill Bit for ActiveX for GUID: {11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:50:05] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 23:50:05] - Removing HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:50:06] - Searching for Browser Helper Objects:
[03/24/2008, 23:50:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:50:06] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:50:06] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:50:06] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - Checking for HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:50:06] - Key not found: HKLM\...\Winlogon\Notify\pmnonno, continuing.
[03/24/2008, 23:50:06] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:50:06] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:50:06] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:50:06] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - No filename found. Continuing.
[03/24/2008, 23:50:06] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:50:06] - BHO 9: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:50:06] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:50:06] - BHO 10: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - No filename found. Continuing.
[03/24/2008, 23:50:06] - Finished Searching Browser Helper Objects
[03/24/2008, 23:50:06] - Finishing up...
[03/24/2008, 23:50:06] - A restart is needed.
[03/24/2008, 23:50:28] - Attempting to Restart via STOP error (Blue Screen!)
combo fix rapport trouvé dans c:combofix pas sur le bureau
ComboFix 08-03-24.1 - BuzzLeclair 2008-03-25 0:00:29.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.617 [GMT 0:00]
Endroit: C:\Documents and Settings\BuzzLeclair\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
-- Script messages for sUBs --
CF6349.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF6349.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
apres le fin de l'analyse de combofix le pc s'est blocké et et j'ai du redémarre manuellement
je pense que le virus a été supprimé avec succes
merci beaucoup =)
voici le rapport de VirtumundoBeGone.exe
[03/24/2008, 23:49:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\BuzzLeclair\Bureau\VirtumundoBeGone.exe" )
[03/24/2008, 23:49:56] - Detected System Information:
[03/24/2008, 23:49:56] - Windows Version: 5.1.2600, Service Pack 2
[03/24/2008, 23:49:56] - Current Username: BuzzLeclair (Admin)
[03/24/2008, 23:49:56] - Windows is in NORMAL mode.
[03/24/2008, 23:49:56] - Searching for Browser Helper Objects:
[03/24/2008, 23:49:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:49:56] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:49:56] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:49:56] - Found: HKLM\...\Winlogon\Notify\pmnonno - This is probably Virtumundo.
[03/24/2008, 23:49:56] - Assigning {11241072-58BB-40CE-9171-0B2BDFB22E97} MSEvents Object
[03/24/2008, 23:49:56] - BHO list has been changed! Starting over...
[03/24/2008, 23:49:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:49:56] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:49:56] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} (MSEvents Object)
[03/24/2008, 23:49:56] - ALERT: Found MSEvents Object!
[03/24/2008, 23:49:56] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:49:56] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:49:56] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:49:56] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - No filename found. Continuing.
[03/24/2008, 23:49:56] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:49:56] - BHO 9: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:49:56] - BHO 10: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - No filename found. Continuing.
[03/24/2008, 23:49:56] - BHO 11: {E9383002-FC55-4330-B9C9-67E03BC5C840} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\khffccc
[03/24/2008, 23:49:56] - Found: HKLM\...\Winlogon\Notify\khffccc - This is probably Virtumundo.
[03/24/2008, 23:49:56] - Assigning {E9383002-FC55-4330-B9C9-67E03BC5C840} MSEvents Object
[03/24/2008, 23:49:56] - BHO list has been changed! Starting over...
[03/24/2008, 23:49:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:49:56] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:49:56] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} (MSEvents Object)
[03/24/2008, 23:49:56] - ALERT: Found MSEvents Object!
[03/24/2008, 23:49:56] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:49:56] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:49:56] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:49:56] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - No filename found. Continuing.
[03/24/2008, 23:49:56] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:49:56] - BHO 9: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:49:56] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:49:56] - BHO 10: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:49:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:56] - No filename found. Continuing.
[03/24/2008, 23:49:56] - BHO 11: {E9383002-FC55-4330-B9C9-67E03BC5C840} (MSEvents Object)
[03/24/2008, 23:49:56] - ALERT: Found MSEvents Object!
[03/24/2008, 23:49:56] - Finished Searching Browser Helper Objects
[03/24/2008, 23:49:56] - *** Detected MSEvents Object
[03/24/2008, 23:49:56] - Trying to remove MSEvents Object...
[03/24/2008, 23:49:57] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 23:49:57] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 23:49:57] - Disabling Automatic Shell Restart
[03/24/2008, 23:49:57] - Terminating Process: EXPLORER.EXE
[03/24/2008, 23:49:57] - Suspending the NT Session Manager System Service
[03/24/2008, 23:49:57] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 23:49:57] - Re-enabling Automatic Shell Restart
[03/24/2008, 23:49:57] - File to disable: C:\WINDOWS\system32\pmnonno.dll
[03/24/2008, 23:49:57] - Renaming C:\WINDOWS\system32\pmnonno.dll -> C:\WINDOWS\system32\pmnonno.dll.vir
[03/24/2008, 23:49:58] - ! File rename was unsucessful.
[03/24/2008, 23:49:58] - Attempting to Deny Access to C:\WINDOWS\system32\pmnonno.dll
[03/24/2008, 23:49:58] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/24/2008, 23:49:58] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[03/24/2008, 23:49:58] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/24/2008, 23:49:58] - Removing HKLM\...\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:49:58] - Removing HKCR\CLSID\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:49:58] - Adding Kill Bit for ActiveX for GUID: {11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:49:58] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 23:49:58] - Removing HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:49:58] - Searching for Browser Helper Objects:
[03/24/2008, 23:49:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:49:58] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:49:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:58] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:49:58] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:49:58] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:49:58] - BHO 4: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:49:58] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:49:58] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:49:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:58] - No filename found. Continuing.
[03/24/2008, 23:49:58] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:49:58] - BHO 8: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:49:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:58] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:49:58] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:49:58] - BHO 9: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:49:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:49:59] - No filename found. Continuing.
[03/24/2008, 23:49:59] - BHO 10: {E9383002-FC55-4330-B9C9-67E03BC5C840} (MSEvents Object)
[03/24/2008, 23:49:59] - ALERT: Found MSEvents Object!
[03/24/2008, 23:49:59] - Finished Searching Browser Helper Objects
[03/24/2008, 23:49:59] - *** Detected MSEvents Object
[03/24/2008, 23:49:59] - Trying to remove MSEvents Object...
[03/24/2008, 23:50:00] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 23:50:00] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 23:50:00] - Disabling Automatic Shell Restart
[03/24/2008, 23:50:00] - Terminating Process: EXPLORER.EXE
[03/24/2008, 23:50:00] - Suspending the NT Session Manager System Service
[03/24/2008, 23:50:00] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 23:50:00] - Re-enabling Automatic Shell Restart
[03/24/2008, 23:50:00] - File to disable: C:\WINDOWS\system32\khffccc.dll
[03/24/2008, 23:50:00] - Renaming C:\WINDOWS\system32\khffccc.dll -> C:\WINDOWS\system32\khffccc.dll.vir
[03/24/2008, 23:50:00] - ! File rename was unsucessful.
[03/24/2008, 23:50:00] - Attempting to Deny Access to C:\WINDOWS\system32\khffccc.dll
[03/24/2008, 23:50:00] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/24/2008, 23:50:00] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[03/24/2008, 23:50:00] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/24/2008, 23:50:00] - Removing HKLM\...\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}
[03/24/2008, 23:50:00] - Removing HKCR\CLSID\{E9383002-FC55-4330-B9C9-67E03BC5C840}
[03/24/2008, 23:50:00] - Adding Kill Bit for ActiveX for GUID: {E9383002-FC55-4330-B9C9-67E03BC5C840}
[03/24/2008, 23:50:00] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 23:50:00] - Removing HKLM\...\Winlogon\Notify\khffccc
[03/24/2008, 23:50:00] - Searching for Browser Helper Objects:
[03/24/2008, 23:50:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:50:00] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:50:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:00] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:50:00] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:50:00] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} ()
[03/24/2008, 23:50:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:00] - Checking for HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:50:00] - Found: HKLM\...\Winlogon\Notify\pmnonno - This is probably Virtumundo.
[03/24/2008, 23:50:00] - Assigning {11241072-58BB-40CE-9171-0B2BDFB22E97} MSEvents Object
[03/24/2008, 23:50:00] - BHO list has been changed! Starting over...
[03/24/2008, 23:50:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:50:00] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:50:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:00] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:50:00] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:50:00] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} (MSEvents Object)
[03/24/2008, 23:50:00] - ALERT: Found MSEvents Object!
[03/24/2008, 23:50:01] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:50:01] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:50:01] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:50:01] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:50:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:01] - No filename found. Continuing.
[03/24/2008, 23:50:01] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:50:01] - BHO 9: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:50:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:01] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:50:01] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:50:01] - BHO 10: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:50:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:01] - No filename found. Continuing.
[03/24/2008, 23:50:01] - Finished Searching Browser Helper Objects
[03/24/2008, 23:50:01] - *** Detected MSEvents Object
[03/24/2008, 23:50:01] - Trying to remove MSEvents Object...
[03/24/2008, 23:50:02] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 23:50:02] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 23:50:02] - Disabling Automatic Shell Restart
[03/24/2008, 23:50:02] - Terminating Process: EXPLORER.EXE
[03/24/2008, 23:50:02] - Suspending the NT Session Manager System Service
[03/24/2008, 23:50:02] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 23:50:02] - Re-enabling Automatic Shell Restart
[03/24/2008, 23:50:02] - File to disable: C:\WINDOWS\system32\pmnonno.dll
[03/24/2008, 23:50:02] - Renaming C:\WINDOWS\system32\pmnonno.dll -> C:\WINDOWS\system32\pmnonno.dll.vir
[03/24/2008, 23:50:02] - ! File rename was unsucessful.
[03/24/2008, 23:50:02] - Attempting to Deny Access to C:\WINDOWS\system32\pmnonno.dll
[03/24/2008, 23:50:02] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/24/2008, 23:50:02] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[03/24/2008, 23:50:02] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/24/2008, 23:50:02] - Removing HKLM\...\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:50:04] - Removing HKCR\CLSID\{11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:50:05] - Adding Kill Bit for ActiveX for GUID: {11241072-58BB-40CE-9171-0B2BDFB22E97}
[03/24/2008, 23:50:05] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 23:50:05] - Removing HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:50:06] - Searching for Browser Helper Objects:
[03/24/2008, 23:50:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/24/2008, 23:50:06] - BHO 2: {10ce7142-1733-4923-81ce-a558f86cc1ef} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - Checking for HKLM\...\Winlogon\Notify\gxpgjmsi
[03/24/2008, 23:50:06] - Key not found: HKLM\...\Winlogon\Notify\gxpgjmsi, continuing.
[03/24/2008, 23:50:06] - BHO 3: {11241072-58BB-40CE-9171-0B2BDFB22E97} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - Checking for HKLM\...\Winlogon\Notify\pmnonno
[03/24/2008, 23:50:06] - Key not found: HKLM\...\Winlogon\Notify\pmnonno, continuing.
[03/24/2008, 23:50:06] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/24/2008, 23:50:06] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[03/24/2008, 23:50:06] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 23:50:06] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - No filename found. Continuing.
[03/24/2008, 23:50:06] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 23:50:06] - BHO 9: {9D873503-FD2C-4681-8D2F-5EE8209B2DB5} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - Checking for HKLM\...\Winlogon\Notify\awtqp
[03/24/2008, 23:50:06] - Key not found: HKLM\...\Winlogon\Notify\awtqp, continuing.
[03/24/2008, 23:50:06] - BHO 10: {B777CB37-46E1-4187-BDC7-916573CA23D0} ()
[03/24/2008, 23:50:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 23:50:06] - No filename found. Continuing.
[03/24/2008, 23:50:06] - Finished Searching Browser Helper Objects
[03/24/2008, 23:50:06] - Finishing up...
[03/24/2008, 23:50:06] - A restart is needed.
[03/24/2008, 23:50:28] - Attempting to Restart via STOP error (Blue Screen!)
combo fix rapport trouvé dans c:combofix pas sur le bureau
ComboFix 08-03-24.1 - BuzzLeclair 2008-03-25 0:00:29.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.617 [GMT 0:00]
Endroit: C:\Documents and Settings\BuzzLeclair\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
-- Script messages for sUBs --
CF6349.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF6349.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
apres le fin de l'analyse de combofix le pc s'est blocké et et j'ai du redémarre manuellement
je pense que le virus a été supprimé avec succes
merci beaucoup =)
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
25 mars 2008 à 20:02
25 mars 2008 à 20:02
Bonjour
ton rapport de combofix n'est aps complet
il le faut en entier
@+
ton rapport de combofix n'est aps complet
il le faut en entier
@+
