Virtumonde
anidel
Messages postés
2
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
impossible de me debarrasser de virtumonde meme avec vunofix
voici ce que me dit Hijackthis :
[08/25/2008, 22:56:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OD01XQ93\VirtumundoBeGone[1].exe" )
[08/25/2008, 22:57:07] - Detected System Information:
[08/25/2008, 22:57:07] - Windows Version: 5.1.2600, Service Pack 2
[08/25/2008, 22:57:07] - Current Username: Compaq_Administrator (Admin)
[08/25/2008, 22:57:07] - Windows is in NORMAL mode.
[08/25/2008, 22:57:07] - Searching for Browser Helper Objects:
[08/25/2008, 22:57:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 22:57:07] - BHO 2: {19c28509-76ba-4ddb-9f3c-d6a0d5e09465} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - Checking for HKLM\...\Winlogon\Notify\ikocth
[08/25/2008, 22:57:07] - Key not found: HKLM\...\Winlogon\Notify\ikocth, continuing.
[08/25/2008, 22:57:07] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 22:57:07] - BHO 4: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - No filename found. Continuing.
[08/25/2008, 22:57:07] - BHO 5: {53301152-F0CB-4A4F-8281-42D2EBE39DCF} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - Checking for HKLM\...\Winlogon\Notify\khfFVLDw
[08/25/2008, 22:57:07] - Found: HKLM\...\Winlogon\Notify\khfFVLDw - This is probably Virtumundo.
[08/25/2008, 22:57:07] - Assigning {53301152-F0CB-4A4F-8281-42D2EBE39DCF} MSEvents Object
[08/25/2008, 22:57:07] - BHO list has been changed! Starting over...
[08/25/2008, 22:57:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 22:57:07] - BHO 2: {19c28509-76ba-4ddb-9f3c-d6a0d5e09465} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - Checking for HKLM\...\Winlogon\Notify\ikocth
[08/25/2008, 22:57:07] - Key not found: HKLM\...\Winlogon\Notify\ikocth, continuing.
[08/25/2008, 22:57:07] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 22:57:07] - BHO 4: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - No filename found. Continuing.
[08/25/2008, 22:57:07] - BHO 5: {53301152-F0CB-4A4F-8281-42D2EBE39DCF} (MSEvents Object)
[08/25/2008, 22:57:07] - ALERT: Found MSEvents Object!
[08/25/2008, 22:57:07] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 22:57:07] - BHO 7: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[08/25/2008, 22:57:07] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 22:57:07] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/25/2008, 22:57:08] - BHO 11: {90b2f1fe-58ef-402c-b6f4-1a56f7666ef6} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - BHO 12: {953EF9D0-C975-4F85-9BEB-34573416DE78} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - Checking for HKLM\...\Winlogon\Notify\rQhhfFxY
[08/25/2008, 22:57:08] - Key not found: HKLM\...\Winlogon\Notify\rQhhfFxY, continuing.
[08/25/2008, 22:57:08] - BHO 13: {9DA292FC-46CD-4E37-A818-B1FF327055F3} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - Checking for HKLM\...\Winlogon\Notify\fjrfciem
[08/25/2008, 22:57:08] - Key not found: HKLM\...\Winlogon\Notify\fjrfciem, continuing.
[08/25/2008, 22:57:08] - BHO 14: {A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - Checking for HKLM\...\Winlogon\Notify\3077htsbdjyf[1]
[08/25/2008, 22:57:08] - Key not found: HKLM\...\Winlogon\Notify\3077htsbdjyf[1], continuing.
[08/25/2008, 22:57:08] - BHO 15: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 22:57:08] - BHO 16: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - BHO 17: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/25/2008, 22:57:08] - BHO 18: {BD6E35DF-BDFE-46C1-8D2E-417121ABEC7F} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - BHO 19: {C4F725D3-D56A-4A71-B775-B3ABAD60E46A} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - Finished Searching Browser Helper Objects
[08/25/2008, 22:57:08] - *** Detected MSEvents Object
[08/25/2008, 22:57:08] - Trying to remove MSEvents Object...
[08/25/2008, 22:57:09] - Terminating Process: IEXPLORE.EXE
[08/25/2008, 22:57:10] - Terminating Process: RUNDLL32.EXE
[08/25/2008, 22:57:10] - Disabling Automatic Shell Restart
[08/25/2008, 22:57:10] - Terminating Process: EXPLORER.EXE
[08/25/2008, 22:57:10] - Suspending the NT Session Manager System Service
[08/25/2008, 22:57:11] - Terminating Windows NT Logon/Logoff Manager
[08/25/2008, 22:57:11] - Re-enabling Automatic Shell Restart
[08/25/2008, 22:57:11] - File to disable: C:\WINDOWS\system32\khfFVLDw.dll
[08/25/2008, 22:57:11] - Renaming C:\WINDOWS\system32\khfFVLDw.dll -> C:\WINDOWS\system32\khfFVLDw.dll.vir
[08/25/2008, 22:57:11] - File successfully renamed!
[08/25/2008, 22:57:11] - Removing HKLM\...\Browser Helper Objects\{53301152-F0CB-4A4F-8281-42D2EBE39DCF}
[08/25/2008, 22:57:11] - Removing HKCR\CLSID\{53301152-F0CB-4A4F-8281-42D2EBE39DCF}
[08/25/2008, 22:57:11] - Adding Kill Bit for ActiveX for GUID: {53301152-F0CB-4A4F-8281-42D2EBE39DCF}
[08/25/2008, 22:57:12] - Deleting ATLEvents/MSEvents Registry entries
[08/25/2008, 22:57:12] - Removing HKLM\...\Winlogon\Notify\khfFVLDw
[08/25/2008, 22:57:12] - Searching for Browser Helper Objects:
[08/25/2008, 22:57:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 22:57:12] - BHO 2: {19c28509-76ba-4ddb-9f3c-d6a0d5e09465} ()
[08/25/2008, 22:57:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:12] - Checking for HKLM\...\Winlogon\Notify\ikocth
[08/25/2008, 22:57:12] - Key not found: HKLM\...\Winlogon\Notify\ikocth, continuing.
[08/25/2008, 22:57:12] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 22:57:12] - BHO 4: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 22:57:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:12] - No filename found. Continuing.
[08/25/2008, 22:57:12] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 22:57:12] - BHO 6: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[08/25/2008, 22:57:12] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 22:57:12] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 22:57:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:12] - No filename found. Continuing.
[08/25/2008, 22:57:12] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/25/2008, 22:57:12] - BHO 10: {90b2f1fe-58ef-402c-b6f4-1a56f7666ef6} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - No filename found. Continuing.
[08/25/2008, 22:57:13] - BHO 11: {953EF9D0-C975-4F85-9BEB-34573416DE78} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - Checking for HKLM\...\Winlogon\Notify\rQhhfFxY
[08/25/2008, 22:57:13] - Key not found: HKLM\...\Winlogon\Notify\rQhhfFxY, continuing.
[08/25/2008, 22:57:13] - BHO 12: {9DA292FC-46CD-4E37-A818-B1FF327055F3} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - Checking for HKLM\...\Winlogon\Notify\fjrfciem
[08/25/2008, 22:57:13] - Key not found: HKLM\...\Winlogon\Notify\fjrfciem, continuing.
[08/25/2008, 22:57:13] - BHO 13: {A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - Checking for HKLM\...\Winlogon\Notify\3077htsbdjyf[1]
[08/25/2008, 22:57:13] - Key not found: HKLM\...\Winlogon\Notify\3077htsbdjyf[1], continuing.
[08/25/2008, 22:57:13] - BHO 14: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 22:57:13] - BHO 15: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - No filename found. Continuing.
[08/25/2008, 22:57:13] - BHO 16: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/25/2008, 22:57:13] - BHO 17: {BD6E35DF-BDFE-46C1-8D2E-417121ABEC7F} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - No filename found. Continuing.
[08/25/2008, 22:57:13] - BHO 18: {C4F725D3-D56A-4A71-B775-B3ABAD60E46A} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - No filename found. Continuing.
[08/25/2008, 22:57:13] - Finished Searching Browser Helper Objects
[08/25/2008, 22:57:13] - Finishing up...
[08/25/2008, 22:57:13] - A restart is needed.
[08/25/2008, 22:57:20] - Attempting to Restart via STOP error (Blue Screen!)
[08/25/2008, 23:17:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OD01XQ93\VirtumundoBeGone[1].exe" )
[08/25/2008, 23:17:20] - Detected System Information:
[08/25/2008, 23:17:20] - Windows Version: 5.1.2600, Service Pack 2
[08/25/2008, 23:17:20] - Current Username: Compaq_Administrator (Admin)
[08/25/2008, 23:17:20] - Windows is in NORMAL mode.
[08/25/2008, 23:17:20] - Searching for Browser Helper Objects:
[08/25/2008, 23:17:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 23:17:20] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 23:17:20] - BHO 3: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 23:17:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:20] - No filename found. Continuing.
[08/25/2008, 23:17:20] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 23:17:20] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[08/25/2008, 23:17:20] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 23:17:20] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 23:17:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:20] - No filename found. Continuing.
[08/25/2008, 23:17:20] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/25/2008, 23:17:20] - BHO 9: {90b2f1fe-58ef-402c-b6f4-1a56f7666ef6} ()
[08/25/2008, 23:17:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:20] - No filename found. Continuing.
[08/25/2008, 23:17:20] - BHO 10: {9DA292FC-46CD-4E37-A818-B1FF327055F3} ()
[08/25/2008, 23:17:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - Checking for HKLM\...\Winlogon\Notify\atithbhh
[08/25/2008, 23:17:21] - Key not found: HKLM\...\Winlogon\Notify\atithbhh, continuing.
[08/25/2008, 23:17:21] - BHO 11: {A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - Checking for HKLM\...\Winlogon\Notify\3077htsbdjyf[1]
[08/25/2008, 23:17:21] - Key not found: HKLM\...\Winlogon\Notify\3077htsbdjyf[1], continuing.
[08/25/2008, 23:17:21] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 23:17:21] - BHO 13: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - No filename found. Continuing.
[08/25/2008, 23:17:21] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/25/2008, 23:17:21] - BHO 15: {B2325FE2-90DF-449A-8F26-FF3D4C0055E9} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - Checking for HKLM\...\Winlogon\Notify\rQhhfFxY
[08/25/2008, 23:17:21] - Key not found: HKLM\...\Winlogon\Notify\rQhhfFxY, continuing.
[08/25/2008, 23:17:21] - BHO 16: {BD6E35DF-BDFE-46C1-8D2E-417121ABEC7F} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - No filename found. Continuing.
[08/25/2008, 23:17:21] - BHO 17: {C4F725D3-D56A-4A71-B775-B3ABAD60E46A} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - No filename found. Continuing.
[08/25/2008, 23:17:21] - BHO 18: {d1b3dd4a-4037-4afe-8a5d-d0aa36781864} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - Checking for HKLM\...\Winlogon\Notify\enbwod
[08/25/2008, 23:17:21] - Key not found: HKLM\...\Winlogon\Notify\enbwod, continuing.
[08/25/2008, 23:17:21] - Finished Searching Browser Helper Objects
[08/25/2008, 23:17:21] - Finishing up...
[08/25/2008, 23:17:21] - Nothing found! Exiting...
[08/25/2008, 23:19:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OD01XQ93\VirtumundoBeGone[1].exe" )
[08/25/2008, 23:19:51] - Detected System Information:
[08/25/2008, 23:19:51] - Windows Version: 5.1.2600, Service Pack 2
[08/25/2008, 23:19:51] - Current Username: Compaq_Administrator (Admin)
[08/25/2008, 23:19:51] - Windows is in NORMAL mode.
[08/25/2008, 23:19:51] - Searching for Browser Helper Objects:
[08/25/2008, 23:19:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 23:19:51] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 23:19:52] - BHO 3: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 23:19:52] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[08/25/2008, 23:19:52] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 23:19:52] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/25/2008, 23:19:52] - BHO 9: {90b2f1fe-58ef-402c-b6f4-1a56f7666ef6} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 10: {9DA292FC-46CD-4E37-A818-B1FF327055F3} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - Checking for HKLM\...\Winlogon\Notify\atithbhh
[08/25/2008, 23:19:52] - Key not found: HKLM\...\Winlogon\Notify\atithbhh, continuing.
[08/25/2008, 23:19:52] - BHO 11: {A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - Checking for HKLM\...\Winlogon\Notify\3077htsbdjyf[1]
[08/25/2008, 23:19:52] - Key not found: HKLM\...\Winlogon\Notify\3077htsbdjyf[1], continuing.
[08/25/2008, 23:19:52] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 23:19:52] - BHO 13: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/25/2008, 23:19:52] - BHO 15: {B2325FE2-90DF-449A-8F26-FF3D4C0055E9} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - Checking for HKLM\...\Winlogon\Notify\rQhhfFxY
[08/25/2008, 23:19:52] - Key not found: HKLM\...\Winlogon\Notify\rQhhfFxY, continuing.
[08/25/2008, 23:19:52] - BHO 16: {BD6E35DF-BDFE-46C1-8D2E-417121ABEC7F} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 17: {C4F725D3-D56A-4A71-B775-B3ABAD60E46A} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 18: {d1b3dd4a-4037-4afe-8a5d-d0aa36781864} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - Checking for HKLM\...\Winlogon\Notify\enbwod
[08/25/2008, 23:19:52] - Key not found: HKLM\...\Winlogon\Notify\enbwod, continuing.
[08/25/2008, 23:19:52] - Finished Searching Browser Helper Objects
[08/25/2008, 23:19:52] - Finishing up...
[08/25/2008, 23:19:52] - Nothing found! Exiting...
impossible de me debarrasser de virtumonde meme avec vunofix
voici ce que me dit Hijackthis :
[08/25/2008, 22:56:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OD01XQ93\VirtumundoBeGone[1].exe" )
[08/25/2008, 22:57:07] - Detected System Information:
[08/25/2008, 22:57:07] - Windows Version: 5.1.2600, Service Pack 2
[08/25/2008, 22:57:07] - Current Username: Compaq_Administrator (Admin)
[08/25/2008, 22:57:07] - Windows is in NORMAL mode.
[08/25/2008, 22:57:07] - Searching for Browser Helper Objects:
[08/25/2008, 22:57:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 22:57:07] - BHO 2: {19c28509-76ba-4ddb-9f3c-d6a0d5e09465} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - Checking for HKLM\...\Winlogon\Notify\ikocth
[08/25/2008, 22:57:07] - Key not found: HKLM\...\Winlogon\Notify\ikocth, continuing.
[08/25/2008, 22:57:07] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 22:57:07] - BHO 4: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - No filename found. Continuing.
[08/25/2008, 22:57:07] - BHO 5: {53301152-F0CB-4A4F-8281-42D2EBE39DCF} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - Checking for HKLM\...\Winlogon\Notify\khfFVLDw
[08/25/2008, 22:57:07] - Found: HKLM\...\Winlogon\Notify\khfFVLDw - This is probably Virtumundo.
[08/25/2008, 22:57:07] - Assigning {53301152-F0CB-4A4F-8281-42D2EBE39DCF} MSEvents Object
[08/25/2008, 22:57:07] - BHO list has been changed! Starting over...
[08/25/2008, 22:57:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 22:57:07] - BHO 2: {19c28509-76ba-4ddb-9f3c-d6a0d5e09465} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - Checking for HKLM\...\Winlogon\Notify\ikocth
[08/25/2008, 22:57:07] - Key not found: HKLM\...\Winlogon\Notify\ikocth, continuing.
[08/25/2008, 22:57:07] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 22:57:07] - BHO 4: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:07] - No filename found. Continuing.
[08/25/2008, 22:57:07] - BHO 5: {53301152-F0CB-4A4F-8281-42D2EBE39DCF} (MSEvents Object)
[08/25/2008, 22:57:07] - ALERT: Found MSEvents Object!
[08/25/2008, 22:57:07] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 22:57:07] - BHO 7: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[08/25/2008, 22:57:07] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 22:57:07] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 22:57:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/25/2008, 22:57:08] - BHO 11: {90b2f1fe-58ef-402c-b6f4-1a56f7666ef6} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - BHO 12: {953EF9D0-C975-4F85-9BEB-34573416DE78} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - Checking for HKLM\...\Winlogon\Notify\rQhhfFxY
[08/25/2008, 22:57:08] - Key not found: HKLM\...\Winlogon\Notify\rQhhfFxY, continuing.
[08/25/2008, 22:57:08] - BHO 13: {9DA292FC-46CD-4E37-A818-B1FF327055F3} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - Checking for HKLM\...\Winlogon\Notify\fjrfciem
[08/25/2008, 22:57:08] - Key not found: HKLM\...\Winlogon\Notify\fjrfciem, continuing.
[08/25/2008, 22:57:08] - BHO 14: {A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - Checking for HKLM\...\Winlogon\Notify\3077htsbdjyf[1]
[08/25/2008, 22:57:08] - Key not found: HKLM\...\Winlogon\Notify\3077htsbdjyf[1], continuing.
[08/25/2008, 22:57:08] - BHO 15: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 22:57:08] - BHO 16: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - BHO 17: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/25/2008, 22:57:08] - BHO 18: {BD6E35DF-BDFE-46C1-8D2E-417121ABEC7F} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - BHO 19: {C4F725D3-D56A-4A71-B775-B3ABAD60E46A} ()
[08/25/2008, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:08] - No filename found. Continuing.
[08/25/2008, 22:57:08] - Finished Searching Browser Helper Objects
[08/25/2008, 22:57:08] - *** Detected MSEvents Object
[08/25/2008, 22:57:08] - Trying to remove MSEvents Object...
[08/25/2008, 22:57:09] - Terminating Process: IEXPLORE.EXE
[08/25/2008, 22:57:10] - Terminating Process: RUNDLL32.EXE
[08/25/2008, 22:57:10] - Disabling Automatic Shell Restart
[08/25/2008, 22:57:10] - Terminating Process: EXPLORER.EXE
[08/25/2008, 22:57:10] - Suspending the NT Session Manager System Service
[08/25/2008, 22:57:11] - Terminating Windows NT Logon/Logoff Manager
[08/25/2008, 22:57:11] - Re-enabling Automatic Shell Restart
[08/25/2008, 22:57:11] - File to disable: C:\WINDOWS\system32\khfFVLDw.dll
[08/25/2008, 22:57:11] - Renaming C:\WINDOWS\system32\khfFVLDw.dll -> C:\WINDOWS\system32\khfFVLDw.dll.vir
[08/25/2008, 22:57:11] - File successfully renamed!
[08/25/2008, 22:57:11] - Removing HKLM\...\Browser Helper Objects\{53301152-F0CB-4A4F-8281-42D2EBE39DCF}
[08/25/2008, 22:57:11] - Removing HKCR\CLSID\{53301152-F0CB-4A4F-8281-42D2EBE39DCF}
[08/25/2008, 22:57:11] - Adding Kill Bit for ActiveX for GUID: {53301152-F0CB-4A4F-8281-42D2EBE39DCF}
[08/25/2008, 22:57:12] - Deleting ATLEvents/MSEvents Registry entries
[08/25/2008, 22:57:12] - Removing HKLM\...\Winlogon\Notify\khfFVLDw
[08/25/2008, 22:57:12] - Searching for Browser Helper Objects:
[08/25/2008, 22:57:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 22:57:12] - BHO 2: {19c28509-76ba-4ddb-9f3c-d6a0d5e09465} ()
[08/25/2008, 22:57:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:12] - Checking for HKLM\...\Winlogon\Notify\ikocth
[08/25/2008, 22:57:12] - Key not found: HKLM\...\Winlogon\Notify\ikocth, continuing.
[08/25/2008, 22:57:12] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 22:57:12] - BHO 4: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 22:57:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:12] - No filename found. Continuing.
[08/25/2008, 22:57:12] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 22:57:12] - BHO 6: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[08/25/2008, 22:57:12] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 22:57:12] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 22:57:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:12] - No filename found. Continuing.
[08/25/2008, 22:57:12] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/25/2008, 22:57:12] - BHO 10: {90b2f1fe-58ef-402c-b6f4-1a56f7666ef6} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - No filename found. Continuing.
[08/25/2008, 22:57:13] - BHO 11: {953EF9D0-C975-4F85-9BEB-34573416DE78} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - Checking for HKLM\...\Winlogon\Notify\rQhhfFxY
[08/25/2008, 22:57:13] - Key not found: HKLM\...\Winlogon\Notify\rQhhfFxY, continuing.
[08/25/2008, 22:57:13] - BHO 12: {9DA292FC-46CD-4E37-A818-B1FF327055F3} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - Checking for HKLM\...\Winlogon\Notify\fjrfciem
[08/25/2008, 22:57:13] - Key not found: HKLM\...\Winlogon\Notify\fjrfciem, continuing.
[08/25/2008, 22:57:13] - BHO 13: {A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - Checking for HKLM\...\Winlogon\Notify\3077htsbdjyf[1]
[08/25/2008, 22:57:13] - Key not found: HKLM\...\Winlogon\Notify\3077htsbdjyf[1], continuing.
[08/25/2008, 22:57:13] - BHO 14: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 22:57:13] - BHO 15: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - No filename found. Continuing.
[08/25/2008, 22:57:13] - BHO 16: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/25/2008, 22:57:13] - BHO 17: {BD6E35DF-BDFE-46C1-8D2E-417121ABEC7F} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - No filename found. Continuing.
[08/25/2008, 22:57:13] - BHO 18: {C4F725D3-D56A-4A71-B775-B3ABAD60E46A} ()
[08/25/2008, 22:57:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 22:57:13] - No filename found. Continuing.
[08/25/2008, 22:57:13] - Finished Searching Browser Helper Objects
[08/25/2008, 22:57:13] - Finishing up...
[08/25/2008, 22:57:13] - A restart is needed.
[08/25/2008, 22:57:20] - Attempting to Restart via STOP error (Blue Screen!)
[08/25/2008, 23:17:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OD01XQ93\VirtumundoBeGone[1].exe" )
[08/25/2008, 23:17:20] - Detected System Information:
[08/25/2008, 23:17:20] - Windows Version: 5.1.2600, Service Pack 2
[08/25/2008, 23:17:20] - Current Username: Compaq_Administrator (Admin)
[08/25/2008, 23:17:20] - Windows is in NORMAL mode.
[08/25/2008, 23:17:20] - Searching for Browser Helper Objects:
[08/25/2008, 23:17:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 23:17:20] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 23:17:20] - BHO 3: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 23:17:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:20] - No filename found. Continuing.
[08/25/2008, 23:17:20] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 23:17:20] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[08/25/2008, 23:17:20] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 23:17:20] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 23:17:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:20] - No filename found. Continuing.
[08/25/2008, 23:17:20] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/25/2008, 23:17:20] - BHO 9: {90b2f1fe-58ef-402c-b6f4-1a56f7666ef6} ()
[08/25/2008, 23:17:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:20] - No filename found. Continuing.
[08/25/2008, 23:17:20] - BHO 10: {9DA292FC-46CD-4E37-A818-B1FF327055F3} ()
[08/25/2008, 23:17:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - Checking for HKLM\...\Winlogon\Notify\atithbhh
[08/25/2008, 23:17:21] - Key not found: HKLM\...\Winlogon\Notify\atithbhh, continuing.
[08/25/2008, 23:17:21] - BHO 11: {A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - Checking for HKLM\...\Winlogon\Notify\3077htsbdjyf[1]
[08/25/2008, 23:17:21] - Key not found: HKLM\...\Winlogon\Notify\3077htsbdjyf[1], continuing.
[08/25/2008, 23:17:21] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 23:17:21] - BHO 13: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - No filename found. Continuing.
[08/25/2008, 23:17:21] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/25/2008, 23:17:21] - BHO 15: {B2325FE2-90DF-449A-8F26-FF3D4C0055E9} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - Checking for HKLM\...\Winlogon\Notify\rQhhfFxY
[08/25/2008, 23:17:21] - Key not found: HKLM\...\Winlogon\Notify\rQhhfFxY, continuing.
[08/25/2008, 23:17:21] - BHO 16: {BD6E35DF-BDFE-46C1-8D2E-417121ABEC7F} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - No filename found. Continuing.
[08/25/2008, 23:17:21] - BHO 17: {C4F725D3-D56A-4A71-B775-B3ABAD60E46A} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - No filename found. Continuing.
[08/25/2008, 23:17:21] - BHO 18: {d1b3dd4a-4037-4afe-8a5d-d0aa36781864} ()
[08/25/2008, 23:17:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:17:21] - Checking for HKLM\...\Winlogon\Notify\enbwod
[08/25/2008, 23:17:21] - Key not found: HKLM\...\Winlogon\Notify\enbwod, continuing.
[08/25/2008, 23:17:21] - Finished Searching Browser Helper Objects
[08/25/2008, 23:17:21] - Finishing up...
[08/25/2008, 23:17:21] - Nothing found! Exiting...
[08/25/2008, 23:19:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OD01XQ93\VirtumundoBeGone[1].exe" )
[08/25/2008, 23:19:51] - Detected System Information:
[08/25/2008, 23:19:51] - Windows Version: 5.1.2600, Service Pack 2
[08/25/2008, 23:19:51] - Current Username: Compaq_Administrator (Admin)
[08/25/2008, 23:19:51] - Windows is in NORMAL mode.
[08/25/2008, 23:19:51] - Searching for Browser Helper Objects:
[08/25/2008, 23:19:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[08/25/2008, 23:19:51] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 23:19:52] - BHO 3: {30DF6789-1047-41E6-9DFE-E438783AF415} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[08/25/2008, 23:19:52] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[08/25/2008, 23:19:52] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 23:19:52] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/25/2008, 23:19:52] - BHO 9: {90b2f1fe-58ef-402c-b6f4-1a56f7666ef6} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 10: {9DA292FC-46CD-4E37-A818-B1FF327055F3} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - Checking for HKLM\...\Winlogon\Notify\atithbhh
[08/25/2008, 23:19:52] - Key not found: HKLM\...\Winlogon\Notify\atithbhh, continuing.
[08/25/2008, 23:19:52] - BHO 11: {A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - Checking for HKLM\...\Winlogon\Notify\3077htsbdjyf[1]
[08/25/2008, 23:19:52] - Key not found: HKLM\...\Winlogon\Notify\3077htsbdjyf[1], continuing.
[08/25/2008, 23:19:52] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 23:19:52] - BHO 13: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/25/2008, 23:19:52] - BHO 15: {B2325FE2-90DF-449A-8F26-FF3D4C0055E9} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - Checking for HKLM\...\Winlogon\Notify\rQhhfFxY
[08/25/2008, 23:19:52] - Key not found: HKLM\...\Winlogon\Notify\rQhhfFxY, continuing.
[08/25/2008, 23:19:52] - BHO 16: {BD6E35DF-BDFE-46C1-8D2E-417121ABEC7F} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 17: {C4F725D3-D56A-4A71-B775-B3ABAD60E46A} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - No filename found. Continuing.
[08/25/2008, 23:19:52] - BHO 18: {d1b3dd4a-4037-4afe-8a5d-d0aa36781864} ()
[08/25/2008, 23:19:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 23:19:52] - Checking for HKLM\...\Winlogon\Notify\enbwod
[08/25/2008, 23:19:52] - Key not found: HKLM\...\Winlogon\Notify\enbwod, continuing.
[08/25/2008, 23:19:52] - Finished Searching Browser Helper Objects
[08/25/2008, 23:19:52] - Finishing up...
[08/25/2008, 23:19:52] - Nothing found! Exiting...
3 réponses
Salut,
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
J'ai fait ce que tu m'as dit.... je viens seulement de me reconnecter a internet, je pense que ca a du marcher.. du moins j'espère... voici le rapport ,, par contre je n'ai pas ete en mesure de stopper norton durant le processus je ne savais pas comment le désactiver et après le reboot j'ai beaucoup de programmes qui se mettent en route systematiquement a l'allumage, je les fermais au fur et a mesure j'espere que cela n'a pas eu d'incidences..
ComboFix 08-08-24.03 - Compaq_Administrator 2008-08-26 0:59:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447 [GMT 2:00]
Running from: C:\Documents and Settings\Compaq_Administrator\My Documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
C:\temp\tn3
C:\WINDOWS\BM97849268.txt
C:\WINDOWS\BM97849268.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\enbwod.dll
C:\WINDOWS\system32\fnabjdfa.exe
C:\WINDOWS\system32\hkcmiwrt.ini
C:\WINDOWS\system32\kxeguwod.exe
C:\WINDOWS\system32\ldgxwiyo.exe
C:\WINDOWS\system32\qcxvlbsx.ini
C:\WINDOWS\system32\qXGQrqss.ini
C:\WINDOWS\system32\qXGQrqss.ini2
C:\WINDOWS\system32\wutgqfpq.dll
C:\WINDOWS\system32\xnipjihr.dll
C:\WINDOWS\system32\xsblvxcq.dll
C:\WINDOWS\system32\ytsklgyw.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
http://premium.virginmega.fr
.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.
2008-08-26 00:17 . 2008-08-26 00:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-08-25 21:10 . 2008-08-26 00:18 <DIR> d-------- C:\VundoFix Backups
2008-08-24 20:04 . 2007-10-24 01:47 282,112 --a------ C:\WINDOWS\system32\TBD95.tmp
2008-08-21 21:37 . 2008-08-21 21:37 40,448 --a------ C:\WINDOWS\system32\khfFVLDw.dll.vir
2008-08-20 22:53 . 2008-08-20 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-12 21:24 . 2008-08-12 21:24 <DIR> d-------- C:\WINDOWS\Elite Mahjong
2008-08-12 21:24 . 2008-08-19 08:34 <DIR> d-------- C:\Program Files\Elite Mahjong
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 23:05 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Skype
2008-08-25 23:02 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\DNA
2008-08-25 22:22 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\skypePM
2008-08-25 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-24 18:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-24 17:50 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
2008-08-21 11:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-19 21:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-13 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-08 10:51 --------- d-----w C:\Program Files\Java
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-11 10:10 --------- d-----w C:\Program Files\Winamp
2008-07-11 10:09 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Winamp
2008-07-02 16:50 --------- d-----w C:\Program Files\Caribbean Mah Jong
2008-02-19 21:58 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
2008-02-12 08:04 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-31 16:22 2,354,472 ----a-w C:\Documents and Settings\Compaq_Administrator\SVGView.exe
2008-01-12 18:05 251 ----a-w C:\Program Files\wt3d.ini
2007-11-29 22:32 0 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-08-19 15:02 11,520 ----a-w C:\Documents and Settings\Compaq_Administrator\kwbbmk.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:27 21686568]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 20:44 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-08-23 16:20 20480]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 09:06 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 06:56 64512]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 08:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 02:29 249856]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 23:32 221184]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 22:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-18 15:37 77824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 16:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 21:14 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 21:24 458752]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 22:44 61440]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 14:38 241664]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 19:01 90112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 09:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 09:50 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 09:19 77312 C:\WINDOWS\arpwrmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-02-23 03:14:55 36903]
Connexions Compaq.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-02-23 03:14:55 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 11:19:24 237568]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-23 16:20:50 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=enbwod.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1234:UDP"= 1234:UDP:freeplayer udp
"2860:UDP"= 2860:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"2861:UDP"= 2861:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"2866:UDP"= 2866:UDP:Windows Media Format SDK (IEXPLORE.EXE)
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
.
Contents of the 'Scheduled Tasks' folder
2008-08-25 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe []
2008-08-23 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-27 03:19]
.
- - - - ORPHANS REMOVED - - - -
BHO-{3258464D-5A01-44DB-B98B-4B281282C92A} - C:\WINDOWS\system32\rQhhfFxY.dll
BHO-{9DA292FC-46CD-4E37-A818-B1FF327055F3} - C:\WINDOWS\system32\atithbhh.dll
BHO-{A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} - C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8R5FRNV3\3077htsbdjyf[1].dll
HKLM-Run-94b7a1f4 - C:\WINDOWS\system32\xsblvxcq.dll
HKLM-Run-PCDrProfiler - (no file)
ShellExecuteHooks-{53301152-F0CB-4A4F-8281-42D2EBE39DCF} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\gouih66c.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 01:04:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-26 1:08:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-25 23:08:40
ComboFix2.txt 2008-01-31 14:03:16
Pre-Run: 82,886,553,600 bytes free
Post-Run: 84,315,955,200 bytes free
204 --- E O F --- 2008-08-24 18:05:02
ComboFix 08-08-24.03 - Compaq_Administrator 2008-08-26 0:59:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447 [GMT 2:00]
Running from: C:\Documents and Settings\Compaq_Administrator\My Documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
C:\temp\tn3
C:\WINDOWS\BM97849268.txt
C:\WINDOWS\BM97849268.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\enbwod.dll
C:\WINDOWS\system32\fnabjdfa.exe
C:\WINDOWS\system32\hkcmiwrt.ini
C:\WINDOWS\system32\kxeguwod.exe
C:\WINDOWS\system32\ldgxwiyo.exe
C:\WINDOWS\system32\qcxvlbsx.ini
C:\WINDOWS\system32\qXGQrqss.ini
C:\WINDOWS\system32\qXGQrqss.ini2
C:\WINDOWS\system32\wutgqfpq.dll
C:\WINDOWS\system32\xnipjihr.dll
C:\WINDOWS\system32\xsblvxcq.dll
C:\WINDOWS\system32\ytsklgyw.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
http://premium.virginmega.fr
.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.
2008-08-26 00:17 . 2008-08-26 00:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-08-25 21:10 . 2008-08-26 00:18 <DIR> d-------- C:\VundoFix Backups
2008-08-24 20:04 . 2007-10-24 01:47 282,112 --a------ C:\WINDOWS\system32\TBD95.tmp
2008-08-21 21:37 . 2008-08-21 21:37 40,448 --a------ C:\WINDOWS\system32\khfFVLDw.dll.vir
2008-08-20 22:53 . 2008-08-20 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-12 21:24 . 2008-08-12 21:24 <DIR> d-------- C:\WINDOWS\Elite Mahjong
2008-08-12 21:24 . 2008-08-19 08:34 <DIR> d-------- C:\Program Files\Elite Mahjong
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 23:05 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Skype
2008-08-25 23:02 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\DNA
2008-08-25 22:22 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\skypePM
2008-08-25 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-24 18:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-24 17:50 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
2008-08-21 11:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-19 21:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-13 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-08 10:51 --------- d-----w C:\Program Files\Java
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-11 10:10 --------- d-----w C:\Program Files\Winamp
2008-07-11 10:09 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Winamp
2008-07-02 16:50 --------- d-----w C:\Program Files\Caribbean Mah Jong
2008-02-19 21:58 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
2008-02-12 08:04 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-31 16:22 2,354,472 ----a-w C:\Documents and Settings\Compaq_Administrator\SVGView.exe
2008-01-12 18:05 251 ----a-w C:\Program Files\wt3d.ini
2007-11-29 22:32 0 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-08-19 15:02 11,520 ----a-w C:\Documents and Settings\Compaq_Administrator\kwbbmk.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:27 21686568]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 20:44 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-08-23 16:20 20480]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 09:06 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 06:56 64512]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 08:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 02:29 249856]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 23:32 221184]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 22:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-18 15:37 77824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 16:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 21:14 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 21:24 458752]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 22:44 61440]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 14:38 241664]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 19:01 90112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 09:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 09:50 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 09:19 77312 C:\WINDOWS\arpwrmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-02-23 03:14:55 36903]
Connexions Compaq.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-02-23 03:14:55 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 11:19:24 237568]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-23 16:20:50 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=enbwod.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1234:UDP"= 1234:UDP:freeplayer udp
"2860:UDP"= 2860:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"2861:UDP"= 2861:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"2866:UDP"= 2866:UDP:Windows Media Format SDK (IEXPLORE.EXE)
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
.
Contents of the 'Scheduled Tasks' folder
2008-08-25 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe []
2008-08-23 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-27 03:19]
.
- - - - ORPHANS REMOVED - - - -
BHO-{3258464D-5A01-44DB-B98B-4B281282C92A} - C:\WINDOWS\system32\rQhhfFxY.dll
BHO-{9DA292FC-46CD-4E37-A818-B1FF327055F3} - C:\WINDOWS\system32\atithbhh.dll
BHO-{A2F8CD4F-C713-4E4A-8563-4312FCA3A75E} - C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8R5FRNV3\3077htsbdjyf[1].dll
HKLM-Run-94b7a1f4 - C:\WINDOWS\system32\xsblvxcq.dll
HKLM-Run-PCDrProfiler - (no file)
ShellExecuteHooks-{53301152-F0CB-4A4F-8281-42D2EBE39DCF} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\gouih66c.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 01:04:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-26 1:08:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-25 23:08:40
ComboFix2.txt 2008-01-31 14:03:16
Pre-Run: 82,886,553,600 bytes free
Post-Run: 84,315,955,200 bytes free
204 --- E O F --- 2008-08-24 18:05:02
