Warning spyware threat has been detected on
tony marny
Messages postés
9
Statut
Membre
-
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
je tiens tout d'abord à remercier celui ou celle qui pourra m'aider. Mon problème est donc le suivant:
j'ai contracté le même virus que les autres internautes dont les topics traitent du même sujet: le cheval de Troie ou encore Trojan, ce virus intrevient dans le fond d'écran (la phrase inscrit sur mon écran, c est le titre de mon message) et dans une fenêtre qui apparait en bas a droite de l ecran. J'ai donc suivie les étapes que j ai trouver dans un autre topic à la lettre c'est à dire:
1. CCLEAN pour virer tous les fichiers unitilisés
2. installation- mise à jour de AVG-ANTISPYWARE
3. installation de SmitfraudFix.exe à la racine c:/ puis j'ai lancé l'analyse (1) qui m'a rendu un rapport (ci-dessous).
Puis j'ai redémaré en mode sans échec.
4. analyse et nettoyage avec AVG-ANTISPYWARE (qui m'a pris 5heures) désolé mais le rapport je ne l'ai plus car je l'ai supprimer par erreur en désinstallant AVG. J'espère que cela n'est assez important pour l'extermination de ce virus.
5. Smitfraudfix.exe, option 2 (rapport ci-dessous)
6. enfin Hijackthis toujours en mode sans échec (rapport ci-dessous)
--------------------------------------------------------------------------------
SmitfraudFix.exe rapport de l'analyse (1) en mode normale :
SmitFraudFix v2.328
Rapport fait à 17:02:44,71, 04/07/2008
Executé à partir de C:\Documents and Settings\Coll‚gien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\fpamkitc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Collégien\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\accesss.exe PRESENT !
C:\WINDOWS\astctl32.ocx PRESENT !
C:\WINDOWS\avpcc.dll PRESENT !
C:\WINDOWS\clrssn.exe PRESENT !
C:\WINDOWS\cpan.dll PRESENT !
C:\WINDOWS\default.htm PRESENT !
C:\WINDOWS\iexplorer.exe PRESENT !
C:\WINDOWS\loader.exe PRESENT !
C:\WINDOWS\mtwirl32.dll PRESENT !
C:\WINDOWS\notepad32.exe PRESENT !
C:\WINDOWS\olehelp.exe PRESENT !
C:\WINDOWS\systeem.exe PRESENT !
C:\WINDOWS\systemcritical.exe PRESENT !
C:\WINDOWS\time.exe PRESENT !
C:\WINDOWS\users32.exe PRESENT !
C:\WINDOWS\waol.exe PRESENT !
C:\WINDOWS\win32e.exe PRESENT !
C:\WINDOWS\win64.exe PRESENT !
C:\WINDOWS\winajbm.dll PRESENT !
C:\WINDOWS\window.exe PRESENT !
C:\WINDOWS\winmgnt.exe PRESENT !
C:\WINDOWS\x.exe PRESENT !
C:\WINDOWS\xplugin.dll PRESENT !
C:\WINDOWS\xxxvideo.hta PRESENT !
C:\WINDOWS\y.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Coll‚gien
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Coll‚gien\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COLLGI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=172.16.20.20 172.16.20.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.20.20 172.16.20.21
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
--------------------------------------------------------------------------------
Smitfraudfix.exe, option 2 mode sans echec:
SmitFraudFix v2.328
Rapport fait à 22:38:45,87, 04/07/2008
Executé à partir de C:\Documents and Settings\Coll‚gien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\accesss.exe supprimé
C:\WINDOWS\astctl32.ocx supprimé
C:\WINDOWS\avpcc.dll supprimé
C:\WINDOWS\clrssn.exe supprimé
C:\WINDOWS\cpan.dll supprimé
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
C:\WINDOWS\loader.exe supprimé
C:\WINDOWS\mtwirl32.dll supprimé
C:\WINDOWS\notepad32.exe supprimé
C:\WINDOWS\olehelp.exe supprimé
C:\WINDOWS\systeem.exe supprimé
C:\WINDOWS\systemcritical.exe supprimé
C:\WINDOWS\time.exe supprimé
C:\WINDOWS\users32.exe supprimé
C:\WINDOWS\waol.exe supprimé
C:\WINDOWS\win32e.exe supprimé
C:\WINDOWS\win64.exe supprimé
C:\WINDOWS\winajbm.dll supprimé
C:\WINDOWS\window.exe supprimé
C:\WINDOWS\winmgnt.exe supprimé
C:\WINDOWS\x.exe supprimé
C:\WINDOWS\xplugin.dll supprimé
C:\WINDOWS\xxxvideo.hta supprimé
C:\WINDOWS\y.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=172.16.20.20 172.16.20.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.20.20 172.16.20.21
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Fin
--------------------------------------------------------------------------------
et voici le rapport de l'analyse par hijackthis en mode sans echec:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:41, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7D8F380F-E933-4E5E-8646-CF8CD05AB32D} - C:\WINDOWS\system32\pmnLbYrS.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94AB4D61-0B1F-472C-90E2-21E996C5C943} - C:\WINDOWS\system32\yayyxwTM.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: {e8147133-dffe-f4d9-2174-f37ee7f527fb} - {bf725f7e-e73f-4712-9d4f-effd3317418e} - C:\WINDOWS\system32\xmqtqz.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Inside mapi.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Collégien\lsass.exe
O4 - HKLM\..\Run: [5c04078d] rundll32.exe "C:\WINDOWS\system32\fphwqhms.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [lies bold] C:\DOCUME~1\COLLGI~1\APPLIC~1\SOAPCO~1\Start Bait.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnLbYrS - C:\WINDOWS\SYSTEM32\pmnLbYrS.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q29uc2VpbCBn6W7pcmFsIFNlaW5lLVNhaW50LQ\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\juiuzoynyif.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
je tiens tout d'abord à remercier celui ou celle qui pourra m'aider. Mon problème est donc le suivant:
j'ai contracté le même virus que les autres internautes dont les topics traitent du même sujet: le cheval de Troie ou encore Trojan, ce virus intrevient dans le fond d'écran (la phrase inscrit sur mon écran, c est le titre de mon message) et dans une fenêtre qui apparait en bas a droite de l ecran. J'ai donc suivie les étapes que j ai trouver dans un autre topic à la lettre c'est à dire:
1. CCLEAN pour virer tous les fichiers unitilisés
2. installation- mise à jour de AVG-ANTISPYWARE
3. installation de SmitfraudFix.exe à la racine c:/ puis j'ai lancé l'analyse (1) qui m'a rendu un rapport (ci-dessous).
Puis j'ai redémaré en mode sans échec.
4. analyse et nettoyage avec AVG-ANTISPYWARE (qui m'a pris 5heures) désolé mais le rapport je ne l'ai plus car je l'ai supprimer par erreur en désinstallant AVG. J'espère que cela n'est assez important pour l'extermination de ce virus.
5. Smitfraudfix.exe, option 2 (rapport ci-dessous)
6. enfin Hijackthis toujours en mode sans échec (rapport ci-dessous)
--------------------------------------------------------------------------------
SmitfraudFix.exe rapport de l'analyse (1) en mode normale :
SmitFraudFix v2.328
Rapport fait à 17:02:44,71, 04/07/2008
Executé à partir de C:\Documents and Settings\Coll‚gien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\fpamkitc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Collégien\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\accesss.exe PRESENT !
C:\WINDOWS\astctl32.ocx PRESENT !
C:\WINDOWS\avpcc.dll PRESENT !
C:\WINDOWS\clrssn.exe PRESENT !
C:\WINDOWS\cpan.dll PRESENT !
C:\WINDOWS\default.htm PRESENT !
C:\WINDOWS\iexplorer.exe PRESENT !
C:\WINDOWS\loader.exe PRESENT !
C:\WINDOWS\mtwirl32.dll PRESENT !
C:\WINDOWS\notepad32.exe PRESENT !
C:\WINDOWS\olehelp.exe PRESENT !
C:\WINDOWS\systeem.exe PRESENT !
C:\WINDOWS\systemcritical.exe PRESENT !
C:\WINDOWS\time.exe PRESENT !
C:\WINDOWS\users32.exe PRESENT !
C:\WINDOWS\waol.exe PRESENT !
C:\WINDOWS\win32e.exe PRESENT !
C:\WINDOWS\win64.exe PRESENT !
C:\WINDOWS\winajbm.dll PRESENT !
C:\WINDOWS\window.exe PRESENT !
C:\WINDOWS\winmgnt.exe PRESENT !
C:\WINDOWS\x.exe PRESENT !
C:\WINDOWS\xplugin.dll PRESENT !
C:\WINDOWS\xxxvideo.hta PRESENT !
C:\WINDOWS\y.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Coll‚gien
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Coll‚gien\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COLLGI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=172.16.20.20 172.16.20.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.20.20 172.16.20.21
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
--------------------------------------------------------------------------------
Smitfraudfix.exe, option 2 mode sans echec:
SmitFraudFix v2.328
Rapport fait à 22:38:45,87, 04/07/2008
Executé à partir de C:\Documents and Settings\Coll‚gien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\accesss.exe supprimé
C:\WINDOWS\astctl32.ocx supprimé
C:\WINDOWS\avpcc.dll supprimé
C:\WINDOWS\clrssn.exe supprimé
C:\WINDOWS\cpan.dll supprimé
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
C:\WINDOWS\loader.exe supprimé
C:\WINDOWS\mtwirl32.dll supprimé
C:\WINDOWS\notepad32.exe supprimé
C:\WINDOWS\olehelp.exe supprimé
C:\WINDOWS\systeem.exe supprimé
C:\WINDOWS\systemcritical.exe supprimé
C:\WINDOWS\time.exe supprimé
C:\WINDOWS\users32.exe supprimé
C:\WINDOWS\waol.exe supprimé
C:\WINDOWS\win32e.exe supprimé
C:\WINDOWS\win64.exe supprimé
C:\WINDOWS\winajbm.dll supprimé
C:\WINDOWS\window.exe supprimé
C:\WINDOWS\winmgnt.exe supprimé
C:\WINDOWS\x.exe supprimé
C:\WINDOWS\xplugin.dll supprimé
C:\WINDOWS\xxxvideo.hta supprimé
C:\WINDOWS\y.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=172.16.20.20 172.16.20.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.20.20 172.16.20.21
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Fin
--------------------------------------------------------------------------------
et voici le rapport de l'analyse par hijackthis en mode sans echec:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:41, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7D8F380F-E933-4E5E-8646-CF8CD05AB32D} - C:\WINDOWS\system32\pmnLbYrS.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94AB4D61-0B1F-472C-90E2-21E996C5C943} - C:\WINDOWS\system32\yayyxwTM.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: {e8147133-dffe-f4d9-2174-f37ee7f527fb} - {bf725f7e-e73f-4712-9d4f-effd3317418e} - C:\WINDOWS\system32\xmqtqz.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Inside mapi.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Collégien\lsass.exe
O4 - HKLM\..\Run: [5c04078d] rundll32.exe "C:\WINDOWS\system32\fphwqhms.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [lies bold] C:\DOCUME~1\COLLGI~1\APPLIC~1\SOAPCO~1\Start Bait.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnLbYrS - C:\WINDOWS\SYSTEM32\pmnLbYrS.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q29uc2VpbCBn6W7pcmFsIFNlaW5lLVNhaW50LQ\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\juiuzoynyif.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
A voir également:
- Warning spyware threat has been detected on
- No boot disk has been detected or the disk has failed - Forum Disque dur / SSD
- Over current have been detected on your usb device - Forum logiciel systeme
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Boot failure detected - Forum BIOS
- Problème BIOS (Boot failure) - Forum BIOS
8 réponses
Salut !!
il te reste pas mal d infections :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
ensuite refais un nouveau rapport hijackthis stp
il te reste pas mal d infections :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
ensuite refais un nouveau rapport hijackthis stp
salut! je tenais à te dire que je t'ensuis amplement reconnaissant de m'avoir répondu si vite et de m'avoir aider dans mon problème et dès le téléchargement de malwarebytes le virus s'en est aller de mon ordinateur voici les rapports que tu m'as demandé ainsi que le contenu de VGB.txt. Aussi je voudrais savoir en quoi ses rapports te seront utiles?
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 922
Windows 5.1.2600 Service Pack 2
17:26:37 05/07/2008
mbam-log-7-5-2008 (17-26-37).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 171606
Temps écoulé: 29 minute(s), 8 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 149
Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlbyrs (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{39b7595d-0c8d-4961-b1f3-599cebd0dda1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{508c3a51-f68c-480e-a38c-771100070292} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa060326-c000-460e-b7bd-527755f719c0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcbe977e-8243-468a-b396-ca7140206484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04078d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\smhqwhpf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyxkkuyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byukkxyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slmxymcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcmyxmls.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swtruhwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywhurtws.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cTMO\dvsid140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18\modtrux182328.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_57_09.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_58_02.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\!Easy ScreenSaver Studio 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Akira KurosawaIkiru DVDRip Xvid EN Subs.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\American Soldiers DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\As Good As It Gets DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Bambi II 2006 Sapphire XVID DVDRip.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Cant Hardly Wait DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Chocolat DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Crocodile Technology v605.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Dolphins Software Volts v4.01 Enterprise Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\DTA-Ueberweisung v4.4.1.172.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Eastsea MP3 CD Burner v2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Easy2Sync for Files 1.13 Business Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ebgo Sniper v1.69.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Estelle Reyna 2006 HQ Calendar PDF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Fanaa (2006) - DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GenePix Pro v6.0.1.27.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GGU Retain v4.34.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Google Earth Pro Gold Edition 2008.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Hard Drive Inspector v1.85.950.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HDClone v3.1.11 Pro.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HighTech Holdem Memory v3.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HttpWatch Professional v4.0.54.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\JobMaster v3.70.672.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Kaspersky Anti-Hacker v1.9.37.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Catalan v4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Chinese v4.21.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Lovely Folders 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MagicISO v5.3 Build 0205.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Editor v4.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Studio v5.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Media Resizer Pro v2.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MEDIAKG Slideshow Pro v9.8.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Micro-Sys A1 Website Download 1.3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MobileDB Pro 1.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MProjector v2.0 dj.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Nekromantik Uncut DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\NewLive All Media To MP3 Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Norbyte Petal Palace v1.0.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ozi Explorer 2.19.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PC Auto Shutdown v2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PertMaster Project Risk v7.8.1031.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Pirates Of The Carribean The Dead Mans Chest CAM HYdRO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PixFiler 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Plato DVD Copy v4.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Portable Naturpic Audio File Cutter 3.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Prey-CloneDVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Primal Below DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\ProCAD 3DSmart Create 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RAM Booster Expert 1.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RM to AVI VCD SVCD DVD MPEG Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RollerCoaster Tycoon 3 Soaked! iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SAS JMP v6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises DatabaseToDoc v2.5.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises QueryToDoc v2.1.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises SchemaToDoc v4.4.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Snappy Fax Network Server v1.42.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Star Wars KOTOR II iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Stubbs the Zombie-RELOADED DVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Syberia iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\The Hole DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\TOCA Race Driver 3 PAL - PS2DVD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Urban Freestyle Soccer iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Utility Ping v2.1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Warhammer 40,000 Dawn of War iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Wild At Heart DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\X-Men 3 The Last Stand XviDTS HQ.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\XP Smoker Pro v5.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxpdstqm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Collégien\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\list.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\Bureau\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
le fichier VGB
[07/05/2008, 17:40:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:40:39] - Detected System Information:
[07/05/2008, 17:40:39] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:40:39] - Current Username: Collégien (Admin)
[07/05/2008, 17:40:39] - Windows is in NORMAL mode.
[07/05/2008, 17:40:39] - Searching for Browser Helper Objects:
[07/05/2008, 17:40:39] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:40:39] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:40:39] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:40:39] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:40:39] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - No filename found. Continuing.
[07/05/2008, 17:40:39] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:40:39] - Finished Searching Browser Helper Objects
[07/05/2008, 17:40:39] - Finishing up...
[07/05/2008, 17:40:39] - Nothing found! Exiting...
[07/05/2008, 17:48:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:48:51] - User choose NOT to continue. Exiting...
[07/05/2008, 17:49:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:10] - Detected System Information:
[07/05/2008, 17:49:10] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:10] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:10] - Windows is in NORMAL mode.
[07/05/2008, 17:49:10] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:10] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:10] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - No filename found. Continuing.
[07/05/2008, 17:49:10] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:10] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:10] - Finishing up...
[07/05/2008, 17:49:10] - Nothing found! Exiting...
[07/05/2008, 17:49:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:32] - Detected System Information:
[07/05/2008, 17:49:32] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:32] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:32] - Windows is in NORMAL mode.
[07/05/2008, 17:49:32] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:32] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:32] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:32] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - No filename found. Continuing.
[07/05/2008, 17:49:32] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:32] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:32] - Finishing up...
[07/05/2008, 17:49:32] - Nothing found! Exiting...
Et enfin hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:13, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\juiuzoynyif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: {99e63ea2-51ba-72cb-ef24-4de156588684} - {48688565-1ed4-42fe-bc27-ab152ae36e99} - C:\WINDOWS\system32\sktywp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Inside mapi.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Collégien\lsass.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [lies bold] C:\DOCUME~1\COLLGI~1\APPLIC~1\SOAPCO~1\Start Bait.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 922
Windows 5.1.2600 Service Pack 2
17:26:37 05/07/2008
mbam-log-7-5-2008 (17-26-37).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 171606
Temps écoulé: 29 minute(s), 8 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 149
Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlbyrs (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{39b7595d-0c8d-4961-b1f3-599cebd0dda1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{508c3a51-f68c-480e-a38c-771100070292} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa060326-c000-460e-b7bd-527755f719c0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcbe977e-8243-468a-b396-ca7140206484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04078d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\smhqwhpf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyxkkuyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byukkxyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slmxymcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcmyxmls.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swtruhwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywhurtws.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cTMO\dvsid140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18\modtrux182328.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_57_09.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_58_02.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\!Easy ScreenSaver Studio 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Akira KurosawaIkiru DVDRip Xvid EN Subs.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\American Soldiers DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\As Good As It Gets DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Bambi II 2006 Sapphire XVID DVDRip.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Cant Hardly Wait DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Chocolat DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Crocodile Technology v605.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Dolphins Software Volts v4.01 Enterprise Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\DTA-Ueberweisung v4.4.1.172.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Eastsea MP3 CD Burner v2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Easy2Sync for Files 1.13 Business Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ebgo Sniper v1.69.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Estelle Reyna 2006 HQ Calendar PDF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Fanaa (2006) - DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GenePix Pro v6.0.1.27.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GGU Retain v4.34.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Google Earth Pro Gold Edition 2008.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Hard Drive Inspector v1.85.950.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HDClone v3.1.11 Pro.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HighTech Holdem Memory v3.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HttpWatch Professional v4.0.54.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\JobMaster v3.70.672.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Kaspersky Anti-Hacker v1.9.37.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Catalan v4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Chinese v4.21.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Lovely Folders 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MagicISO v5.3 Build 0205.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Editor v4.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Studio v5.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Media Resizer Pro v2.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MEDIAKG Slideshow Pro v9.8.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Micro-Sys A1 Website Download 1.3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MobileDB Pro 1.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MProjector v2.0 dj.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Nekromantik Uncut DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\NewLive All Media To MP3 Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Norbyte Petal Palace v1.0.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ozi Explorer 2.19.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PC Auto Shutdown v2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PertMaster Project Risk v7.8.1031.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Pirates Of The Carribean The Dead Mans Chest CAM HYdRO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PixFiler 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Plato DVD Copy v4.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Portable Naturpic Audio File Cutter 3.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Prey-CloneDVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Primal Below DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\ProCAD 3DSmart Create 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RAM Booster Expert 1.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RM to AVI VCD SVCD DVD MPEG Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RollerCoaster Tycoon 3 Soaked! iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SAS JMP v6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises DatabaseToDoc v2.5.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises QueryToDoc v2.1.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises SchemaToDoc v4.4.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Snappy Fax Network Server v1.42.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Star Wars KOTOR II iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Stubbs the Zombie-RELOADED DVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Syberia iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\The Hole DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\TOCA Race Driver 3 PAL - PS2DVD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Urban Freestyle Soccer iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Utility Ping v2.1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Warhammer 40,000 Dawn of War iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Wild At Heart DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\X-Men 3 The Last Stand XviDTS HQ.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\XP Smoker Pro v5.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxpdstqm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Collégien\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\list.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\Bureau\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
le fichier VGB
[07/05/2008, 17:40:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:40:39] - Detected System Information:
[07/05/2008, 17:40:39] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:40:39] - Current Username: Collégien (Admin)
[07/05/2008, 17:40:39] - Windows is in NORMAL mode.
[07/05/2008, 17:40:39] - Searching for Browser Helper Objects:
[07/05/2008, 17:40:39] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:40:39] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:40:39] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:40:39] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:40:39] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - No filename found. Continuing.
[07/05/2008, 17:40:39] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:40:39] - Finished Searching Browser Helper Objects
[07/05/2008, 17:40:39] - Finishing up...
[07/05/2008, 17:40:39] - Nothing found! Exiting...
[07/05/2008, 17:48:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:48:51] - User choose NOT to continue. Exiting...
[07/05/2008, 17:49:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:10] - Detected System Information:
[07/05/2008, 17:49:10] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:10] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:10] - Windows is in NORMAL mode.
[07/05/2008, 17:49:10] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:10] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:10] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - No filename found. Continuing.
[07/05/2008, 17:49:10] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:10] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:10] - Finishing up...
[07/05/2008, 17:49:10] - Nothing found! Exiting...
[07/05/2008, 17:49:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:32] - Detected System Information:
[07/05/2008, 17:49:32] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:32] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:32] - Windows is in NORMAL mode.
[07/05/2008, 17:49:32] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:32] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:32] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:32] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - No filename found. Continuing.
[07/05/2008, 17:49:32] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:32] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:32] - Finishing up...
[07/05/2008, 17:49:32] - Nothing found! Exiting...
Et enfin hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:13, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\juiuzoynyif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: {99e63ea2-51ba-72cb-ef24-4de156588684} - {48688565-1ed4-42fe-bc27-ab152ae36e99} - C:\WINDOWS\system32\sktywp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Inside mapi.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Collégien\lsass.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [lies bold] C:\DOCUME~1\COLLGI~1\APPLIC~1\SOAPCO~1\Start Bait.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
salut! je tenais à te dire que je t'ensuis amplement reconnaissant de m'avoir répondu si vite et de m'avoir aider dans mon problème et dès le téléchargement de malwarebytes le virus s'en est aller de mon ordinateur voici les rapports que tu m'as demandé ainsi que le contenu de VGB.txt. Aussi je voudrais savoir en quoi ses rapports te seront utiles?
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 922
Windows 5.1.2600 Service Pack 2
17:26:37 05/07/2008
mbam-log-7-5-2008 (17-26-37).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 171606
Temps écoulé: 29 minute(s), 8 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 149
Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlbyrs (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{39b7595d-0c8d-4961-b1f3-599cebd0dda1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{508c3a51-f68c-480e-a38c-771100070292} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa060326-c000-460e-b7bd-527755f719c0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcbe977e-8243-468a-b396-ca7140206484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04078d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\smhqwhpf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyxkkuyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byukkxyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slmxymcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcmyxmls.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swtruhwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywhurtws.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cTMO\dvsid140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18\modtrux182328.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_57_09.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_58_02.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\!Easy ScreenSaver Studio 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Akira KurosawaIkiru DVDRip Xvid EN Subs.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\American Soldiers DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\As Good As It Gets DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Bambi II 2006 Sapphire XVID DVDRip.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Cant Hardly Wait DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Chocolat DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Crocodile Technology v605.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Dolphins Software Volts v4.01 Enterprise Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\DTA-Ueberweisung v4.4.1.172.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Eastsea MP3 CD Burner v2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Easy2Sync for Files 1.13 Business Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ebgo Sniper v1.69.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Estelle Reyna 2006 HQ Calendar PDF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Fanaa (2006) - DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GenePix Pro v6.0.1.27.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GGU Retain v4.34.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Google Earth Pro Gold Edition 2008.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Hard Drive Inspector v1.85.950.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HDClone v3.1.11 Pro.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HighTech Holdem Memory v3.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HttpWatch Professional v4.0.54.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\JobMaster v3.70.672.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Kaspersky Anti-Hacker v1.9.37.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Catalan v4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Chinese v4.21.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Lovely Folders 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MagicISO v5.3 Build 0205.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Editor v4.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Studio v5.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Media Resizer Pro v2.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MEDIAKG Slideshow Pro v9.8.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Micro-Sys A1 Website Download 1.3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MobileDB Pro 1.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MProjector v2.0 dj.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Nekromantik Uncut DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\NewLive All Media To MP3 Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Norbyte Petal Palace v1.0.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ozi Explorer 2.19.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PC Auto Shutdown v2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PertMaster Project Risk v7.8.1031.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Pirates Of The Carribean The Dead Mans Chest CAM HYdRO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PixFiler 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Plato DVD Copy v4.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Portable Naturpic Audio File Cutter 3.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Prey-CloneDVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Primal Below DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\ProCAD 3DSmart Create 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RAM Booster Expert 1.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RM to AVI VCD SVCD DVD MPEG Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RollerCoaster Tycoon 3 Soaked! iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SAS JMP v6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises DatabaseToDoc v2.5.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises QueryToDoc v2.1.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises SchemaToDoc v4.4.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Snappy Fax Network Server v1.42.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Star Wars KOTOR II iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Stubbs the Zombie-RELOADED DVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Syberia iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\The Hole DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\TOCA Race Driver 3 PAL - PS2DVD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Urban Freestyle Soccer iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Utility Ping v2.1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Warhammer 40,000 Dawn of War iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Wild At Heart DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\X-Men 3 The Last Stand XviDTS HQ.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\XP Smoker Pro v5.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxpdstqm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Collégien\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\list.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\Bureau\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
le fichier VGB
[07/05/2008, 17:40:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:40:39] - Detected System Information:
[07/05/2008, 17:40:39] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:40:39] - Current Username: Collégien (Admin)
[07/05/2008, 17:40:39] - Windows is in NORMAL mode.
[07/05/2008, 17:40:39] - Searching for Browser Helper Objects:
[07/05/2008, 17:40:39] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:40:39] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:40:39] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:40:39] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:40:39] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - No filename found. Continuing.
[07/05/2008, 17:40:39] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:40:39] - Finished Searching Browser Helper Objects
[07/05/2008, 17:40:39] - Finishing up...
[07/05/2008, 17:40:39] - Nothing found! Exiting...
[07/05/2008, 17:48:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:48:51] - User choose NOT to continue. Exiting...
[07/05/2008, 17:49:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:10] - Detected System Information:
[07/05/2008, 17:49:10] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:10] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:10] - Windows is in NORMAL mode.
[07/05/2008, 17:49:10] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:10] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:10] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - No filename found. Continuing.
[07/05/2008, 17:49:10] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:10] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:10] - Finishing up...
[07/05/2008, 17:49:10] - Nothing found! Exiting...
[07/05/2008, 17:49:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:32] - Detected System Information:
[07/05/2008, 17:49:32] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:32] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:32] - Windows is in NORMAL mode.
[07/05/2008, 17:49:32] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:32] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:32] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:32] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - No filename found. Continuing.
[07/05/2008, 17:49:32] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:32] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:32] - Finishing up...
[07/05/2008, 17:49:32] - Nothing found! Exiting...
Et enfin hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:13, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\juiuzoynyif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: {99e63ea2-51ba-72cb-ef24-4de156588684} - {48688565-1ed4-42fe-bc27-ab152ae36e99} - C:\WINDOWS\system32\sktywp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Inside mapi.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Collégien\lsass.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [lies bold] C:\DOCUME~1\COLLGI~1\APPLIC~1\SOAPCO~1\Start Bait.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 922
Windows 5.1.2600 Service Pack 2
17:26:37 05/07/2008
mbam-log-7-5-2008 (17-26-37).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 171606
Temps écoulé: 29 minute(s), 8 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 149
Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlbyrs (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{39b7595d-0c8d-4961-b1f3-599cebd0dda1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{508c3a51-f68c-480e-a38c-771100070292} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa060326-c000-460e-b7bd-527755f719c0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcbe977e-8243-468a-b396-ca7140206484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04078d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\smhqwhpf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyxkkuyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byukkxyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slmxymcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcmyxmls.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swtruhwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywhurtws.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cTMO\dvsid140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18\modtrux182328.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_57_09.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_58_02.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\!Easy ScreenSaver Studio 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Akira KurosawaIkiru DVDRip Xvid EN Subs.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\American Soldiers DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\As Good As It Gets DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Bambi II 2006 Sapphire XVID DVDRip.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Cant Hardly Wait DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Chocolat DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Crocodile Technology v605.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Dolphins Software Volts v4.01 Enterprise Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\DTA-Ueberweisung v4.4.1.172.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Eastsea MP3 CD Burner v2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Easy2Sync for Files 1.13 Business Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ebgo Sniper v1.69.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Estelle Reyna 2006 HQ Calendar PDF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Fanaa (2006) - DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GenePix Pro v6.0.1.27.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GGU Retain v4.34.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Google Earth Pro Gold Edition 2008.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Hard Drive Inspector v1.85.950.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HDClone v3.1.11 Pro.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HighTech Holdem Memory v3.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HttpWatch Professional v4.0.54.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\JobMaster v3.70.672.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Kaspersky Anti-Hacker v1.9.37.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Catalan v4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Chinese v4.21.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Lovely Folders 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MagicISO v5.3 Build 0205.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Editor v4.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Studio v5.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Media Resizer Pro v2.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MEDIAKG Slideshow Pro v9.8.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Micro-Sys A1 Website Download 1.3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MobileDB Pro 1.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MProjector v2.0 dj.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Nekromantik Uncut DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\NewLive All Media To MP3 Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Norbyte Petal Palace v1.0.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ozi Explorer 2.19.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PC Auto Shutdown v2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PertMaster Project Risk v7.8.1031.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Pirates Of The Carribean The Dead Mans Chest CAM HYdRO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PixFiler 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Plato DVD Copy v4.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Portable Naturpic Audio File Cutter 3.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Prey-CloneDVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Primal Below DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\ProCAD 3DSmart Create 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RAM Booster Expert 1.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RM to AVI VCD SVCD DVD MPEG Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RollerCoaster Tycoon 3 Soaked! iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SAS JMP v6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises DatabaseToDoc v2.5.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises QueryToDoc v2.1.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises SchemaToDoc v4.4.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Snappy Fax Network Server v1.42.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Star Wars KOTOR II iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Stubbs the Zombie-RELOADED DVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Syberia iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\The Hole DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\TOCA Race Driver 3 PAL - PS2DVD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Urban Freestyle Soccer iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Utility Ping v2.1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Warhammer 40,000 Dawn of War iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Wild At Heart DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\X-Men 3 The Last Stand XviDTS HQ.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\XP Smoker Pro v5.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxpdstqm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Collégien\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\list.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\Bureau\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
le fichier VGB
[07/05/2008, 17:40:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:40:39] - Detected System Information:
[07/05/2008, 17:40:39] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:40:39] - Current Username: Collégien (Admin)
[07/05/2008, 17:40:39] - Windows is in NORMAL mode.
[07/05/2008, 17:40:39] - Searching for Browser Helper Objects:
[07/05/2008, 17:40:39] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:40:39] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:40:39] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:40:39] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:40:39] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - No filename found. Continuing.
[07/05/2008, 17:40:39] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:40:39] - Finished Searching Browser Helper Objects
[07/05/2008, 17:40:39] - Finishing up...
[07/05/2008, 17:40:39] - Nothing found! Exiting...
[07/05/2008, 17:48:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:48:51] - User choose NOT to continue. Exiting...
[07/05/2008, 17:49:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:10] - Detected System Information:
[07/05/2008, 17:49:10] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:10] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:10] - Windows is in NORMAL mode.
[07/05/2008, 17:49:10] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:10] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:10] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - No filename found. Continuing.
[07/05/2008, 17:49:10] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:10] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:10] - Finishing up...
[07/05/2008, 17:49:10] - Nothing found! Exiting...
[07/05/2008, 17:49:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:32] - Detected System Information:
[07/05/2008, 17:49:32] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:32] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:32] - Windows is in NORMAL mode.
[07/05/2008, 17:49:32] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:32] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:32] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:32] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - No filename found. Continuing.
[07/05/2008, 17:49:32] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:32] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:32] - Finishing up...
[07/05/2008, 17:49:32] - Nothing found! Exiting...
Et enfin hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:13, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\juiuzoynyif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: {99e63ea2-51ba-72cb-ef24-4de156588684} - {48688565-1ed4-42fe-bc27-ab152ae36e99} - C:\WINDOWS\system32\sktywp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Inside mapi.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Collégien\lsass.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [lies bold] C:\DOCUME~1\COLLGI~1\APPLIC~1\SOAPCO~1\Start Bait.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
mais de rien...les rapport me servent à les analyser pour vérifier ce que les programmes suppriment..et le rapport hijackthis pour vérifier ce qu il reste...Et il en reste pas mal :
télécharge OtMoveIt
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
c:\windows\system32\sktywp.dll
c:\documents and settings\all users\application data\okay meta anti lite\inside mapi.exe
c:\documents and settings\collégien\lsass.exe
c:\windows\system32\amvo.exe
c:\program files\soapco~1\start bait.exe
clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
ensuite :
Fix.reg
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48688565-1ed4-42fe-bc27-ab152ae36e99}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48688565-1ed4-42fe-bc27-ab152ae36e99}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ANTI LITE TITLE DEBUG"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LSA Shellu"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"amva"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"lies bold"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler à ca une fois enregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
ensuite refais un nouveau rapport hijackthis pour vérifier stp
télécharge OtMoveIt
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
c:\windows\system32\sktywp.dll
c:\documents and settings\all users\application data\okay meta anti lite\inside mapi.exe
c:\documents and settings\collégien\lsass.exe
c:\windows\system32\amvo.exe
c:\program files\soapco~1\start bait.exe
clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
ensuite :
Fix.reg
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48688565-1ed4-42fe-bc27-ab152ae36e99}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48688565-1ed4-42fe-bc27-ab152ae36e99}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ANTI LITE TITLE DEBUG"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LSA Shellu"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"amva"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"lies bold"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler à ca une fois enregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
ensuite refais un nouveau rapport hijackthis pour vérifier stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut voici les informations que tu m'avais demandé. Désolé de ne pas avoir répondu hier je n'étais plus sur mon poste:
voici le rapport de OTMoveIt:
DllUnregisterServer procedure not found in c:\windows\system32\sktywp.dll
c:\windows\system32\sktywp.dll NOT unregistered.
c:\windows\system32\sktywp.dll moved successfully.
File move failed. c:\documents and settings\all users\application data\okay meta anti lite\inside mapi.exe scheduled to be moved on reboot.
File/Folder c:\documents and settings\collégien\lsass.exe not found.
File/Folder c:\windows\system32\amvo.exe not found.
File/Folder c:\program files\soapco~1\start bait.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_171317
Files moved on Reboot...
c:\documents and settings\all users\application data\okay meta anti lite\inside mapi.exe moved successfully.
et enfin le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:00, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\fpamkitc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\RunServices: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
voici le rapport de OTMoveIt:
DllUnregisterServer procedure not found in c:\windows\system32\sktywp.dll
c:\windows\system32\sktywp.dll NOT unregistered.
c:\windows\system32\sktywp.dll moved successfully.
File move failed. c:\documents and settings\all users\application data\okay meta anti lite\inside mapi.exe scheduled to be moved on reboot.
File/Folder c:\documents and settings\collégien\lsass.exe not found.
File/Folder c:\windows\system32\amvo.exe not found.
File/Folder c:\program files\soapco~1\start bait.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_171317
Files moved on Reboot...
c:\documents and settings\all users\application data\okay meta anti lite\inside mapi.exe moved successfully.
et enfin le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:00, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\fpamkitc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\RunServices: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
Salut !!
ca a l air bon je ne vois plus d infections...tu peux faire ceci :
relance hijackthis en cliquant sur scan only et coches ces lignes :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Global Startup: Image Transfer.lnk = ?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\RunServices: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
puis tu cliques sur fix checked.
as tu encore des problemes ??
ca a l air bon je ne vois plus d infections...tu peux faire ceci :
relance hijackthis en cliquant sur scan only et coches ces lignes :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Global Startup: Image Transfer.lnk = ?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\RunServices: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
puis tu cliques sur fix checked.
as tu encore des problemes ??
salut,
Pour répondre à ta dernière question à chaque connexion msn j'envoie involontairement des messages en anglais à mes contacts est-ceque tu pourrais me dicter la démarche à faire s'il te plait.
Et mon ordinateur rame un peu donc je voudrais savoir si une défragmentation lui permettrais d'aller plus vite ?
T. marny
Pour répondre à ta dernière question à chaque connexion msn j'envoie involontairement des messages en anglais à mes contacts est-ceque tu pourrais me dicter la démarche à faire s'il te plait.
Et mon ordinateur rame un peu donc je voudrais savoir si une défragmentation lui permettrais d'aller plus vite ?
T. marny
c est que tu as un virus msn...fais ceci :
Télécharger sur le bureau msnFix : http://sosvirus.changelog.fr/MSNFix.zip
= Clic-Droit sur MSNFix.zip
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= Double-Clic sur le dossier MSNfix qui vient de se créer
= Double-Clic MSNfix ==> Symbole roue dentée
Note: Avec vista pas de double-clic mais faire un clic-droit , puis exécuter en tant qu'administrateur
= Choisir F pour français
= Choisir R
= Choisir ensuite A quand le choix se présent
= Choisir ensuite N ( si infection)
= Enregistrer le rapport sur le bureau de préférence
=mettre le rapport dans la nouvelle réponse
ensuite :
Télécharger SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur le Bureau.
> Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..
Choisir son compte, pas celui de l'Administrateur ou autre.
Dérouler la liste des instructions ci-dessous :
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum
Télécharger sur le bureau msnFix : http://sosvirus.changelog.fr/MSNFix.zip
= Clic-Droit sur MSNFix.zip
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= Double-Clic sur le dossier MSNfix qui vient de se créer
= Double-Clic MSNfix ==> Symbole roue dentée
Note: Avec vista pas de double-clic mais faire un clic-droit , puis exécuter en tant qu'administrateur
= Choisir F pour français
= Choisir R
= Choisir ensuite A quand le choix se présent
= Choisir ensuite N ( si infection)
= Enregistrer le rapport sur le bureau de préférence
=mettre le rapport dans la nouvelle réponse
ensuite :
Télécharger SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur le Bureau.
> Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..
Choisir son compte, pas celui de l'Administrateur ou autre.
Dérouler la liste des instructions ci-dessous :
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum
