Log HiJack
Darjeeling
Messages postés
32
Statut
Membre
-
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
J'ai choper un/des virus (dont celui qui se met dans sytem32), j'ai passer McAffe, SpywareTerminator, Ad_Aware et CCleaner mais rien a faire, je supprime des troyens, des spy, etc... mais il en reste tjs.
Je vous poste donc une log HiJack, si vous pouviez m'aider ce serrait sympa, j'ai pas envie de formater mon DD system^^:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:49, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
D:\unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
D:\PowerIso\PWRISOVM.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wallpaper\Wallpaper.exe
D:\D-Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
D:\firefox\firefox.exe
C:\Documents and Settings\dany\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\WINDOWS\system32\ssqNFYPG.dll
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] D:\unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerIso\PWRISOVM.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [DAEMON Tools] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqNFYPG - C:\WINDOWS\SYSTEM32\ssqNFYPG.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
J'ai choper un/des virus (dont celui qui se met dans sytem32), j'ai passer McAffe, SpywareTerminator, Ad_Aware et CCleaner mais rien a faire, je supprime des troyens, des spy, etc... mais il en reste tjs.
Je vous poste donc une log HiJack, si vous pouviez m'aider ce serrait sympa, j'ai pas envie de formater mon DD system^^:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:49, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
D:\unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
D:\PowerIso\PWRISOVM.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wallpaper\Wallpaper.exe
D:\D-Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
D:\firefox\firefox.exe
C:\Documents and Settings\dany\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\WINDOWS\system32\ssqNFYPG.dll
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] D:\unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerIso\PWRISOVM.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [DAEMON Tools] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqNFYPG - C:\WINDOWS\SYSTEM32\ssqNFYPG.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:
- Log HiJack
- Hijack this - Télécharger - Antivirus & Antimalwares
- Vpn no log - Guide
- View rescue log traduction - Guide
- Log crash windows - Guide
- 0.log miui - Forum Logiciels
14 réponses
Salut !!
tu as en eddet quelques infections vundo :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Et refais un nouveau rapport hijackthis stp
tu as en eddet quelques infections vundo :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Et refais un nouveau rapport hijackthis stp
log malware:
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 993
Windows 5.1.2600 Service Pack 2
14:53:53 26/07/2008
mbam-log-7-26-2008 (14-53-53).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 294676
Temps écoulé: 53 minute(s), 6 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 24
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ssqNFYPG.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnfypg (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqNFYPG.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\07EK3JOH\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\07EK3JOH\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\SR67A196\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\SR67A196\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMDvUMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeDULe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkjJYS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnMEtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNDUlM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqPhghG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywXOHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM97b68974.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM97b68974.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
log vbg:
[07/26/2008, 15:01:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\dany\Bureau\VirtumundoBeGone.exe" )
[07/26/2008, 15:01:12] - Detected System Information:
[07/26/2008, 15:01:12] - Windows Version: 5.1.2600, Service Pack 2
[07/26/2008, 15:01:12] - Current Username: dany (Admin)
[07/26/2008, 15:01:12] - Windows is in NORMAL mode.
[07/26/2008, 15:01:12] - Searching for Browser Helper Objects:
[07/26/2008, 15:01:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:12] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 6: {522E0112-EDD9-413D-A99E-C311A54B6676} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - Checking for HKLM\...\Winlogon\Notify\ssqNFYPG
[07/26/2008, 15:01:12] - Found: HKLM\...\Winlogon\Notify\ssqNFYPG - This is probably Virtumundo.
[07/26/2008, 15:01:12] - Assigning {522E0112-EDD9-413D-A99E-C311A54B6676} MSEvents Object
[07/26/2008, 15:01:12] - BHO list has been changed! Starting over...
[07/26/2008, 15:01:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:12] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 6: {522E0112-EDD9-413D-A99E-C311A54B6676} (MSEvents Object)
[07/26/2008, 15:01:12] - ALERT: Found MSEvents Object!
[07/26/2008, 15:01:12] - BHO 7: {543644A6-0785-4475-B9CC-82EE890523E1} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 8: {5EB63855-6479-4FAE-AF99-6B71CCD5F933} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 9: {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 10: {73B8C00F-2830-4566-8014-ABD80206FC56} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/26/2008, 15:01:12] - BHO 12: {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 13: {88E74924-A962-47A1-B372-B97831471667} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 14: {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 15: {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 16: {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - Finished Searching Browser Helper Objects
[07/26/2008, 15:01:12] - *** Detected MSEvents Object
[07/26/2008, 15:01:12] - Trying to remove MSEvents Object...
[07/26/2008, 15:01:13] - Terminating Process: IEXPLORE.EXE
[07/26/2008, 15:01:13] - Terminating Process: RUNDLL32.EXE
[07/26/2008, 15:01:13] - Disabling Automatic Shell Restart
[07/26/2008, 15:01:13] - Terminating Process: EXPLORER.EXE
[07/26/2008, 15:01:14] - Suspending the NT Session Manager System Service
[07/26/2008, 15:01:14] - Terminating Windows NT Logon/Logoff Manager
[07/26/2008, 15:01:14] - Re-enabling Automatic Shell Restart
[07/26/2008, 15:01:14] - File to disable: C:\WINDOWS\system32\ssqNFYPG.dll
[07/26/2008, 15:01:14] - Renaming C:\WINDOWS\system32\ssqNFYPG.dll -> C:\WINDOWS\system32\ssqNFYPG.dll.vir
[07/26/2008, 15:01:14] - File successfully renamed!
[07/26/2008, 15:01:14] - Removing HKLM\...\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Removing HKCR\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Adding Kill Bit for ActiveX for GUID: {522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Deleting ATLEvents/MSEvents Registry entries
[07/26/2008, 15:01:14] - Removing HKLM\...\Winlogon\Notify\ssqNFYPG
[07/26/2008, 15:01:14] - Searching for Browser Helper Objects:
[07/26/2008, 15:01:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:14] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 6: {543644A6-0785-4475-B9CC-82EE890523E1} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 7: {5EB63855-6479-4FAE-AF99-6B71CCD5F933} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 8: {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 9: {73B8C00F-2830-4566-8014-ABD80206FC56} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/26/2008, 15:01:14] - BHO 11: {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 12: {88E74924-A962-47A1-B372-B97831471667} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 13: {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 14: {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 15: {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - Finished Searching Browser Helper Objects
[07/26/2008, 15:01:14] - Finishing up...
[07/26/2008, 15:01:14] - A restart is needed.
[07/26/2008, 15:01:36] - Attempting to Restart via STOP error (Blue Screen!)
log HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:38, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
D:\unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\PowerIso\PWRISOVM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wallpaper\Wallpaper.exe
D:\D-Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
D:\firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Documents and Settings\dany\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] D:\unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerIso\PWRISOVM.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [DAEMON Tools] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 993
Windows 5.1.2600 Service Pack 2
14:53:53 26/07/2008
mbam-log-7-26-2008 (14-53-53).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 294676
Temps écoulé: 53 minute(s), 6 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 24
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ssqNFYPG.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnfypg (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqNFYPG.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\07EK3JOH\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\07EK3JOH\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\SR67A196\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\SR67A196\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMDvUMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeDULe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkjJYS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnMEtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNDUlM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqPhghG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywXOHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM97b68974.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM97b68974.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
log vbg:
[07/26/2008, 15:01:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\dany\Bureau\VirtumundoBeGone.exe" )
[07/26/2008, 15:01:12] - Detected System Information:
[07/26/2008, 15:01:12] - Windows Version: 5.1.2600, Service Pack 2
[07/26/2008, 15:01:12] - Current Username: dany (Admin)
[07/26/2008, 15:01:12] - Windows is in NORMAL mode.
[07/26/2008, 15:01:12] - Searching for Browser Helper Objects:
[07/26/2008, 15:01:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:12] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 6: {522E0112-EDD9-413D-A99E-C311A54B6676} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - Checking for HKLM\...\Winlogon\Notify\ssqNFYPG
[07/26/2008, 15:01:12] - Found: HKLM\...\Winlogon\Notify\ssqNFYPG - This is probably Virtumundo.
[07/26/2008, 15:01:12] - Assigning {522E0112-EDD9-413D-A99E-C311A54B6676} MSEvents Object
[07/26/2008, 15:01:12] - BHO list has been changed! Starting over...
[07/26/2008, 15:01:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:12] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 6: {522E0112-EDD9-413D-A99E-C311A54B6676} (MSEvents Object)
[07/26/2008, 15:01:12] - ALERT: Found MSEvents Object!
[07/26/2008, 15:01:12] - BHO 7: {543644A6-0785-4475-B9CC-82EE890523E1} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 8: {5EB63855-6479-4FAE-AF99-6B71CCD5F933} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 9: {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 10: {73B8C00F-2830-4566-8014-ABD80206FC56} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/26/2008, 15:01:12] - BHO 12: {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 13: {88E74924-A962-47A1-B372-B97831471667} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 14: {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 15: {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 16: {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - Finished Searching Browser Helper Objects
[07/26/2008, 15:01:12] - *** Detected MSEvents Object
[07/26/2008, 15:01:12] - Trying to remove MSEvents Object...
[07/26/2008, 15:01:13] - Terminating Process: IEXPLORE.EXE
[07/26/2008, 15:01:13] - Terminating Process: RUNDLL32.EXE
[07/26/2008, 15:01:13] - Disabling Automatic Shell Restart
[07/26/2008, 15:01:13] - Terminating Process: EXPLORER.EXE
[07/26/2008, 15:01:14] - Suspending the NT Session Manager System Service
[07/26/2008, 15:01:14] - Terminating Windows NT Logon/Logoff Manager
[07/26/2008, 15:01:14] - Re-enabling Automatic Shell Restart
[07/26/2008, 15:01:14] - File to disable: C:\WINDOWS\system32\ssqNFYPG.dll
[07/26/2008, 15:01:14] - Renaming C:\WINDOWS\system32\ssqNFYPG.dll -> C:\WINDOWS\system32\ssqNFYPG.dll.vir
[07/26/2008, 15:01:14] - File successfully renamed!
[07/26/2008, 15:01:14] - Removing HKLM\...\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Removing HKCR\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Adding Kill Bit for ActiveX for GUID: {522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Deleting ATLEvents/MSEvents Registry entries
[07/26/2008, 15:01:14] - Removing HKLM\...\Winlogon\Notify\ssqNFYPG
[07/26/2008, 15:01:14] - Searching for Browser Helper Objects:
[07/26/2008, 15:01:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:14] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 6: {543644A6-0785-4475-B9CC-82EE890523E1} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 7: {5EB63855-6479-4FAE-AF99-6B71CCD5F933} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 8: {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 9: {73B8C00F-2830-4566-8014-ABD80206FC56} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/26/2008, 15:01:14] - BHO 11: {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 12: {88E74924-A962-47A1-B372-B97831471667} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 13: {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 14: {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 15: {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - Finished Searching Browser Helper Objects
[07/26/2008, 15:01:14] - Finishing up...
[07/26/2008, 15:01:14] - A restart is needed.
[07/26/2008, 15:01:36] - Attempting to Restart via STOP error (Blue Screen!)
log HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:38, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
D:\unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\PowerIso\PWRISOVM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wallpaper\Wallpaper.exe
D:\D-Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
D:\firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Documents and Settings\dany\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] D:\unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerIso\PWRISOVM.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [DAEMON Tools] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok...avec de l exprérience et un programme spécifique ;-)
fais ceci stp :
télécharge combofix (par sUBs) ici :
https://forospyware.com
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite refais un nouveau rapport hijackthis stp
fais ceci stp :
télécharge combofix (par sUBs) ici :
https://forospyware.com
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite refais un nouveau rapport hijackthis stp
1- combofix ne fonctionne pas, il me dit que le programme n'est pas bien installé
2- je n'arrive pas a désactiver mon antivirus Mc-Affe (meme en tuant le processus, ca ne fonctionne pas)
2- je n'arrive pas a désactiver mon antivirus Mc-Affe (meme en tuant le processus, ca ne fonctionne pas)
ok pas grave...fais ceci stp :
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
puis tu cliques sur fix checked.
vas faire les mises à niveau de java et adobe reader à ces adresses :
java : https://www.java.com/fr/download/manual.jsp
adobe reader XP : https://get2.adobe.com/reader/otherversions/
et ensuite désinstalle les versions antérieures.
est ce que tu as encore des problemes ??
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
puis tu cliques sur fix checked.
vas faire les mises à niveau de java et adobe reader à ces adresses :
java : https://www.java.com/fr/download/manual.jsp
adobe reader XP : https://get2.adobe.com/reader/otherversions/
et ensuite désinstalle les versions antérieures.
est ce que tu as encore des problemes ??
ok c'est fait.
ça a l'air d'être mieux merci beaucoup.
J'ai quand même 2 messages d'erreur au démarrage maintenant.
1-nvcpll.dll ne peut pas démarrer correctement
2-sw20.exe ne peut pas démarrer correctement
une idée?
ça a l'air d'être mieux merci beaucoup.
J'ai quand même 2 messages d'erreur au démarrage maintenant.
1-nvcpll.dll ne peut pas démarrer correctement
2-sw20.exe ne peut pas démarrer correctement
une idée?
je ne vois pas ce que ca pourrait etre...refais quand meme une analyse complete avec malwarebytes mais en mode sans échec cette fois ci stp
Mais de rien...viens poster le rapport de malwarebytes exécuté en mode sans échec car apres ce n est pas fini..
@+
@+
