Log HiJack
Fermé
Darjeeling
Messages postés
32
Date d'inscription
mardi 10 juillet 2007
Statut
Membre
Dernière intervention
28 juillet 2008
-
26 juil. 2008 à 12:08
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 29 juil. 2008 à 14:17
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 29 juil. 2008 à 14:17
A voir également:
- Log HiJack
- Ti college plus log - Forum calculatrices
- Audio hijack - Télécharger - Création musicale
- The windows event log service must be running - Forum Windows 10
- Log me in - Télécharger - Connexion à distance
- Log freebox - Forum Freebox
14 réponses
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
26 juil. 2008 à 12:11
26 juil. 2008 à 12:11
Salut !!
tu as en eddet quelques infections vundo :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Et refais un nouveau rapport hijackthis stp
tu as en eddet quelques infections vundo :
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
déconnecte internet et désactive ton antivirus le temps de la manipulation
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Et refais un nouveau rapport hijackthis stp
Darjeeling
Messages postés
32
Date d'inscription
mardi 10 juillet 2007
Statut
Membre
Dernière intervention
28 juillet 2008
1
26 juil. 2008 à 12:35
26 juil. 2008 à 12:35
merci pour la réponse rapide, je fait ca de suite.
Darjeeling
Messages postés
32
Date d'inscription
mardi 10 juillet 2007
Statut
Membre
Dernière intervention
28 juillet 2008
1
26 juil. 2008 à 15:09
26 juil. 2008 à 15:09
log malware:
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 993
Windows 5.1.2600 Service Pack 2
14:53:53 26/07/2008
mbam-log-7-26-2008 (14-53-53).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 294676
Temps écoulé: 53 minute(s), 6 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 24
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ssqNFYPG.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnfypg (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqNFYPG.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\07EK3JOH\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\07EK3JOH\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\SR67A196\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\SR67A196\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMDvUMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeDULe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkjJYS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnMEtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNDUlM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqPhghG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywXOHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM97b68974.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM97b68974.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
log vbg:
[07/26/2008, 15:01:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\dany\Bureau\VirtumundoBeGone.exe" )
[07/26/2008, 15:01:12] - Detected System Information:
[07/26/2008, 15:01:12] - Windows Version: 5.1.2600, Service Pack 2
[07/26/2008, 15:01:12] - Current Username: dany (Admin)
[07/26/2008, 15:01:12] - Windows is in NORMAL mode.
[07/26/2008, 15:01:12] - Searching for Browser Helper Objects:
[07/26/2008, 15:01:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:12] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 6: {522E0112-EDD9-413D-A99E-C311A54B6676} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - Checking for HKLM\...\Winlogon\Notify\ssqNFYPG
[07/26/2008, 15:01:12] - Found: HKLM\...\Winlogon\Notify\ssqNFYPG - This is probably Virtumundo.
[07/26/2008, 15:01:12] - Assigning {522E0112-EDD9-413D-A99E-C311A54B6676} MSEvents Object
[07/26/2008, 15:01:12] - BHO list has been changed! Starting over...
[07/26/2008, 15:01:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:12] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 6: {522E0112-EDD9-413D-A99E-C311A54B6676} (MSEvents Object)
[07/26/2008, 15:01:12] - ALERT: Found MSEvents Object!
[07/26/2008, 15:01:12] - BHO 7: {543644A6-0785-4475-B9CC-82EE890523E1} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 8: {5EB63855-6479-4FAE-AF99-6B71CCD5F933} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 9: {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 10: {73B8C00F-2830-4566-8014-ABD80206FC56} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/26/2008, 15:01:12] - BHO 12: {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 13: {88E74924-A962-47A1-B372-B97831471667} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 14: {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 15: {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 16: {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - Finished Searching Browser Helper Objects
[07/26/2008, 15:01:12] - *** Detected MSEvents Object
[07/26/2008, 15:01:12] - Trying to remove MSEvents Object...
[07/26/2008, 15:01:13] - Terminating Process: IEXPLORE.EXE
[07/26/2008, 15:01:13] - Terminating Process: RUNDLL32.EXE
[07/26/2008, 15:01:13] - Disabling Automatic Shell Restart
[07/26/2008, 15:01:13] - Terminating Process: EXPLORER.EXE
[07/26/2008, 15:01:14] - Suspending the NT Session Manager System Service
[07/26/2008, 15:01:14] - Terminating Windows NT Logon/Logoff Manager
[07/26/2008, 15:01:14] - Re-enabling Automatic Shell Restart
[07/26/2008, 15:01:14] - File to disable: C:\WINDOWS\system32\ssqNFYPG.dll
[07/26/2008, 15:01:14] - Renaming C:\WINDOWS\system32\ssqNFYPG.dll -> C:\WINDOWS\system32\ssqNFYPG.dll.vir
[07/26/2008, 15:01:14] - File successfully renamed!
[07/26/2008, 15:01:14] - Removing HKLM\...\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Removing HKCR\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Adding Kill Bit for ActiveX for GUID: {522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Deleting ATLEvents/MSEvents Registry entries
[07/26/2008, 15:01:14] - Removing HKLM\...\Winlogon\Notify\ssqNFYPG
[07/26/2008, 15:01:14] - Searching for Browser Helper Objects:
[07/26/2008, 15:01:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:14] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 6: {543644A6-0785-4475-B9CC-82EE890523E1} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 7: {5EB63855-6479-4FAE-AF99-6B71CCD5F933} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 8: {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 9: {73B8C00F-2830-4566-8014-ABD80206FC56} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/26/2008, 15:01:14] - BHO 11: {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 12: {88E74924-A962-47A1-B372-B97831471667} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 13: {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 14: {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 15: {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - Finished Searching Browser Helper Objects
[07/26/2008, 15:01:14] - Finishing up...
[07/26/2008, 15:01:14] - A restart is needed.
[07/26/2008, 15:01:36] - Attempting to Restart via STOP error (Blue Screen!)
log HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:38, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
D:\unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\PowerIso\PWRISOVM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wallpaper\Wallpaper.exe
D:\D-Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
D:\firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Documents and Settings\dany\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] D:\unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerIso\PWRISOVM.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [DAEMON Tools] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 993
Windows 5.1.2600 Service Pack 2
14:53:53 26/07/2008
mbam-log-7-26-2008 (14-53-53).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 294676
Temps écoulé: 53 minute(s), 6 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 24
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ssqNFYPG.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnfypg (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqNFYPG.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\07EK3JOH\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\07EK3JOH\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\6SNAMNOR\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\JV1WQG8T\ico[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\MT167YXB\ico[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\SR67A196\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dany\Local Settings\Temporary Internet Files\Content.IE5\SR67A196\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMDvUMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeDULe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkjJYS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnMEtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNDUlM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqPhghG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywXOHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM97b68974.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM97b68974.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
log vbg:
[07/26/2008, 15:01:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\dany\Bureau\VirtumundoBeGone.exe" )
[07/26/2008, 15:01:12] - Detected System Information:
[07/26/2008, 15:01:12] - Windows Version: 5.1.2600, Service Pack 2
[07/26/2008, 15:01:12] - Current Username: dany (Admin)
[07/26/2008, 15:01:12] - Windows is in NORMAL mode.
[07/26/2008, 15:01:12] - Searching for Browser Helper Objects:
[07/26/2008, 15:01:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:12] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 6: {522E0112-EDD9-413D-A99E-C311A54B6676} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - Checking for HKLM\...\Winlogon\Notify\ssqNFYPG
[07/26/2008, 15:01:12] - Found: HKLM\...\Winlogon\Notify\ssqNFYPG - This is probably Virtumundo.
[07/26/2008, 15:01:12] - Assigning {522E0112-EDD9-413D-A99E-C311A54B6676} MSEvents Object
[07/26/2008, 15:01:12] - BHO list has been changed! Starting over...
[07/26/2008, 15:01:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:12] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 6: {522E0112-EDD9-413D-A99E-C311A54B6676} (MSEvents Object)
[07/26/2008, 15:01:12] - ALERT: Found MSEvents Object!
[07/26/2008, 15:01:12] - BHO 7: {543644A6-0785-4475-B9CC-82EE890523E1} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 8: {5EB63855-6479-4FAE-AF99-6B71CCD5F933} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 9: {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 10: {73B8C00F-2830-4566-8014-ABD80206FC56} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/26/2008, 15:01:12] - BHO 12: {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 13: {88E74924-A962-47A1-B372-B97831471667} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 14: {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 15: {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - BHO 16: {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} ()
[07/26/2008, 15:01:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:12] - No filename found. Continuing.
[07/26/2008, 15:01:12] - Finished Searching Browser Helper Objects
[07/26/2008, 15:01:12] - *** Detected MSEvents Object
[07/26/2008, 15:01:12] - Trying to remove MSEvents Object...
[07/26/2008, 15:01:13] - Terminating Process: IEXPLORE.EXE
[07/26/2008, 15:01:13] - Terminating Process: RUNDLL32.EXE
[07/26/2008, 15:01:13] - Disabling Automatic Shell Restart
[07/26/2008, 15:01:13] - Terminating Process: EXPLORER.EXE
[07/26/2008, 15:01:14] - Suspending the NT Session Manager System Service
[07/26/2008, 15:01:14] - Terminating Windows NT Logon/Logoff Manager
[07/26/2008, 15:01:14] - Re-enabling Automatic Shell Restart
[07/26/2008, 15:01:14] - File to disable: C:\WINDOWS\system32\ssqNFYPG.dll
[07/26/2008, 15:01:14] - Renaming C:\WINDOWS\system32\ssqNFYPG.dll -> C:\WINDOWS\system32\ssqNFYPG.dll.vir
[07/26/2008, 15:01:14] - File successfully renamed!
[07/26/2008, 15:01:14] - Removing HKLM\...\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Removing HKCR\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Adding Kill Bit for ActiveX for GUID: {522E0112-EDD9-413D-A99E-C311A54B6676}
[07/26/2008, 15:01:14] - Deleting ATLEvents/MSEvents Registry entries
[07/26/2008, 15:01:14] - Removing HKLM\...\Winlogon\Notify\ssqNFYPG
[07/26/2008, 15:01:14] - Searching for Browser Helper Objects:
[07/26/2008, 15:01:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2008, 15:01:14] - BHO 2: {0B422E94-291F-4BC5-A8E4-992859F4197C} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 3: {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 4: {2248DFB4-2C01-45BE-B44F-79E17F54587E} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 5: {37B0C83B-05FB-4B00-A72B-9ACDA809D648} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 6: {543644A6-0785-4475-B9CC-82EE890523E1} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 7: {5EB63855-6479-4FAE-AF99-6B71CCD5F933} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 8: {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 9: {73B8C00F-2830-4566-8014-ABD80206FC56} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/26/2008, 15:01:14] - BHO 11: {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 12: {88E74924-A962-47A1-B372-B97831471667} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 13: {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 14: {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - BHO 15: {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} ()
[07/26/2008, 15:01:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2008, 15:01:14] - No filename found. Continuing.
[07/26/2008, 15:01:14] - Finished Searching Browser Helper Objects
[07/26/2008, 15:01:14] - Finishing up...
[07/26/2008, 15:01:14] - A restart is needed.
[07/26/2008, 15:01:36] - Attempting to Restart via STOP error (Blue Screen!)
log HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:38, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
D:\unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\PowerIso\PWRISOVM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wallpaper\Wallpaper.exe
D:\D-Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
D:\firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Documents and Settings\dany\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] D:\unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerIso\PWRISOVM.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [DAEMON Tools] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
26 juil. 2008 à 15:13
26 juil. 2008 à 15:13
ok...est ce que tu as redémarrer ton pc pour terminer les suppressions ??
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Darjeeling
Messages postés
32
Date d'inscription
mardi 10 juillet 2007
Statut
Membre
Dernière intervention
28 juillet 2008
1
26 juil. 2008 à 15:39
26 juil. 2008 à 15:39
oui, j'ai redémarré.
PS: comment fait tu pour analyser la log HiJack?
PS: comment fait tu pour analyser la log HiJack?
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
26 juil. 2008 à 15:42
26 juil. 2008 à 15:42
ok...avec de l exprérience et un programme spécifique ;-)
fais ceci stp :
télécharge combofix (par sUBs) ici :
https://forospyware.com
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite refais un nouveau rapport hijackthis stp
fais ceci stp :
télécharge combofix (par sUBs) ici :
https://forospyware.com
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite refais un nouveau rapport hijackthis stp
Darjeeling
Messages postés
32
Date d'inscription
mardi 10 juillet 2007
Statut
Membre
Dernière intervention
28 juillet 2008
1
26 juil. 2008 à 15:57
26 juil. 2008 à 15:57
1- combofix ne fonctionne pas, il me dit que le programme n'est pas bien installé
2- je n'arrive pas a désactiver mon antivirus Mc-Affe (meme en tuant le processus, ca ne fonctionne pas)
2- je n'arrive pas a désactiver mon antivirus Mc-Affe (meme en tuant le processus, ca ne fonctionne pas)
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
26 juil. 2008 à 16:04
26 juil. 2008 à 16:04
ok pas grave...fais ceci stp :
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
puis tu cliques sur fix checked.
vas faire les mises à niveau de java et adobe reader à ces adresses :
java : https://www.java.com/fr/download/manual.jsp
adobe reader XP : https://get2.adobe.com/reader/otherversions/
et ensuite désinstalle les versions antérieures.
est ce que tu as encore des problemes ??
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0B422E94-291F-4BC5-A8E4-992859F4197C} - (no file)
O2 - BHO: (no name) - {17D0FC62-8B4E-4EF5-B2C4-A7E9E5738BE0} - (no file)
O2 - BHO: (no name) - {2248DFB4-2C01-45BE-B44F-79E17F54587E} - (no file)
O2 - BHO: (no name) - {37B0C83B-05FB-4B00-A72B-9ACDA809D648} - (no file)
O2 - BHO: (no name) - {543644A6-0785-4475-B9CC-82EE890523E1} - (no file)
O2 - BHO: (no name) - {5EB63855-6479-4FAE-AF99-6B71CCD5F933} - (no file)
O2 - BHO: (no name) - {66D2C1AE-66BA-40CC-8A6B-D909436A8BB4} - (no file)
O2 - BHO: (no name) - {73B8C00F-2830-4566-8014-ABD80206FC56} - (no file)
O2 - BHO: (no name) - {85bfd1bb-bb49-4aec-93d9-9e157f7d0ec0} - (no file)
O2 - BHO: (no name) - {88E74924-A962-47A1-B372-B97831471667} - (no file)
O2 - BHO: (no name) - {9C0D9BC1-7CFD-42D4-BB62-EA48EFC1643B} - (no file)
O2 - BHO: (no name) - {9EB209A1-A227-4D61-B978-EC62AD5DC8C1} - (no file)
O2 - BHO: (no name) - {C22C0167-62F1-4E3F-9627-FF08ED5C87DB} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O23 - Service: NMTP Service (nmtps) - Unknown owner - C:\WINDOWS\system32\nmtps.exe (file missing)
puis tu cliques sur fix checked.
vas faire les mises à niveau de java et adobe reader à ces adresses :
java : https://www.java.com/fr/download/manual.jsp
adobe reader XP : https://get2.adobe.com/reader/otherversions/
et ensuite désinstalle les versions antérieures.
est ce que tu as encore des problemes ??
Darjeeling
Messages postés
32
Date d'inscription
mardi 10 juillet 2007
Statut
Membre
Dernière intervention
28 juillet 2008
1
26 juil. 2008 à 16:31
26 juil. 2008 à 16:31
ok c'est fait.
ça a l'air d'être mieux merci beaucoup.
J'ai quand même 2 messages d'erreur au démarrage maintenant.
1-nvcpll.dll ne peut pas démarrer correctement
2-sw20.exe ne peut pas démarrer correctement
une idée?
ça a l'air d'être mieux merci beaucoup.
J'ai quand même 2 messages d'erreur au démarrage maintenant.
1-nvcpll.dll ne peut pas démarrer correctement
2-sw20.exe ne peut pas démarrer correctement
une idée?
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
26 juil. 2008 à 16:44
26 juil. 2008 à 16:44
je ne vois pas ce que ca pourrait etre...refais quand meme une analyse complete avec malwarebytes mais en mode sans échec cette fois ci stp
Darjeeling
Messages postés
32
Date d'inscription
mardi 10 juillet 2007
Statut
Membre
Dernière intervention
28 juillet 2008
1
26 juil. 2008 à 16:46
26 juil. 2008 à 16:46
Ok merci pour tout.
Bonne continuation.
Bonne continuation.
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
26 juil. 2008 à 16:51
26 juil. 2008 à 16:51
Mais de rien...viens poster le rapport de malwarebytes exécuté en mode sans échec car apres ce n est pas fini..
@+
@+
Darjeeling
Messages postés
32
Date d'inscription
mardi 10 juillet 2007
Statut
Membre
Dernière intervention
28 juillet 2008
1
28 juil. 2008 à 14:01
28 juil. 2008 à 14:01
ha bon c'est pas fini? je viens juste de voir ton message, mais la, j suis au boulot, je posterais le log ce soir si j y pense.
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
29 juil. 2008 à 14:17
29 juil. 2008 à 14:17
Salut !!
as tu fais malwarebytes en mode sans échec ??
as tu fais malwarebytes en mode sans échec ??