Résultat de google redirigés

Hirua -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,

Mon pc doit être infecté par un spyware ou virus puisque depuis hier des que j'effectue une recherche sur google les resultats me redirige vers des autres sites. De plus mon ordinateur est beaucoup plus lent au démarrage. Mon anti-virus me détecte des trojans mais il n'arrive pas a les supprimer ils reviennent à chaque fois.

Trojan program Trojan.Win32.Monderd.gen D:\WINDOWS\system32\pmnlLfEU.dll
Trojan program Trojan.Win32.Monderd.gen D:\WINDOWS\system32\ljJBuvTK.dll

J'ai effectué un scan avec SmitFraudFix en mode 1 voici le rapport:

SmitFraudFix v2.380

Rapport fait à 9:54:21,48, 03/12/2008
Executé à partir de D:\Documents and Settings\Arnaud\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Search Settings\SearchSettings.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\UltraVNC\winvnc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\DOCUME~1\Arnaud\LOCALS~1\Temp\csrssc.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\IcoSauve.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Arnaud


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Arnaud\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Arnaud\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Arnaud\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="d:\\progra~1\\kasper~1\\kasper~1\\mzvkbd.dll,d:\\progra~1\\kasper~1\\kasper~1\\adialhk.dll,d:\\progra~1\\kasper~1\\kasper~1\\kloehk.dll "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci d'avance pour votre aide.
A voir également:

66 réponses

Réponse 1 / 66
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Salut,


commence par faire ceci stp :


Télécharge et installe le logiciel HijackThis :

ici HijackThis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

1- Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
Supprime le raccourcis stp ...

Important :
Renommer le prg HijackThis (pour contrer l'infection Vundo):
Rends toi sur ton PC ici "C:\ program files\Trend Micro\HijackThis\HijackThis.exe"<---clique droit sur ce dernier et choisis "renommer" : tape monjack et valide .
Puis clique droit sur "monjack.exe" et choisis "envoyer vers" -> le bureau ( créer un raccourci ).

tuto pour utilisation
Regarde ici, c'est parfaitement expliqué en images (merci balltrap34) :
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

2-!! Déconnecte toi et ferme toutes tes applications en cours !!

Clique sur le raccourci du bureau pour lancer le prg :
fais un scan "monjack" (ou HijackThis renommé) en cliquant sur : "Do a system scan and save a logfile"

---> Poste le rapport généré pour analyse ...



Une fois le rapport posté , enchaine directement avec ceci :

==========================

3- Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes sur 2 ( option " nettoyage " ) puis tape sur [Entrée].

Le nettoyage commence .
! ne touche à rien lors de la suppression !

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

( le rapport est en outre sauvegardé ici -> C:\TB.txt )
0
Touns
 
Bonsoir, je me permet de vous demander votre aide.. Mon ordinateur a l'air très infecté et je n'ai pas d'antivirus depuis un bon moment. J'espère donc que vous aurez un petit (ou long) moment à me consacrer.

Voilà, j'ai sûrement des centaines de virus sur mon PC, et ça doit être l'une des raisons pour laquelle il est si lent. Mais depuis qu'une amie a branché sa clé USB sur mon PC (il y a quelque jours), un virus appelé "W32.Rontokbro@mm" s'est installé dans absolument tous mes documents (sur le disque du "C:" ... "Démarrer/Démarrage/Empty"). Dans chaque dossier, on retrouve ce virus sous forme de fichier. Par exemple lorsque j'ouvre "Ma musique", il y a un dossier-virus appelé "Ma musique", lorsque j'ouvre "Artiste inconnu", il y a un dossier-virus appelé "Artiste inconnu", ainsi de suite.. en fait il est dans chaque dossier et prend le nom du dossier conteneur. J'ai essayé de la supprimer en allant dans le menu démarrer, puis démarrage, ou il se trouve, mais on me dit qu'il est en cours d'utilisation et donc impossible à supprimer. Et mtn Internet, msn etc.. marchent une fois sur dix (je dois souvent redémarrer mon ordi 3fois pour que ça fonctionne)


J'ai aussi un gros problème de publicités. Des dizaines de pages web s'ouvrent à peine ma session ouverte. Je les ferme, elle reviennent.. et tout beug. C'est ingérable :s
Et depuis plusieurs mois, lorsque j'effectue des recherches sur Google (ou sur d'autres moteurs de recherche) les résultats sont toujours redirigés vers des sites qui n'ont rien à voir avec ma demande (on me redirige souvent vers ce site : "newsreader")

Apparemment mon ordinateur est gravement malade.. Je suis étudiante et j'ai vraiment besoin de mon PC pour bosser. J'espère que vous pourrez m'aider. Merci d'avance.
0
Réponse 2 / 66
Hirua
 
Merci pour ton aide, voici le rapport hijacjthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:36, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Search Settings\SearchSettings.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\UltraVNC\winvnc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\DOCUME~1\Arnaud\LOCALS~1\Temp\csrssc.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
D:\WINDOWS\system32\IcoSauve.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
D:\WINDOWS\System32\svchost.exe
C:\Programme\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {0B5752BA-3518-4F96-93BB-201B95DD74D7} - (no file)
O2 - BHO: (no name) - {146E0D23-72F9-4202-873D-DAC54A67B11C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - D:\WINDOWS\system32\pmnlLfEU.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {87BB740A-CF95-4781-A51C-019EAFD56C7D} - D:\WINDOWS\system32\ljJBuvTK.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - D:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\9e739mk2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Quicker Help] "D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] D:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [rs32net] D:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] D:\WINDOWS\TEMP\winlogin.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Serveur VNC pour Win32] D:\Program Files\UltraVNC\winvnc.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Arnaud\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] D:\DOCUME~1\Arnaud\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [rs32net] D:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] D:\WINDOWS\TEMP\winlogin.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: IcoSauve.lnk = D:\WINDOWS\system32\IcoSauve.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: d:\progra~1\kasper~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\kasper~1\adialhk.dll,d:\progra~1\kasper~1\kasper~1\kloehk.dll
O20 - Winlogon Notify: dawvhhj - D:\WINDOWS\SYSTEM32\dawvhhj32.dll
O20 - Winlogon Notify: pmnlLfEU - D:\WINDOWS\SYSTEM32\pmnlLfEU.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FCI - Unknown owner - D:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c94b47bbec05fc) (gupdate1c94b47bbec05fc) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICF - Unknown owner - D:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
0
Réponse 3 / 66
Hirua
 
-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz )
BIOS : BIOS Date: 03/07/07 20:50:29 Ver: 08.00.12
USER : Arnaud ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:12 Go)
D:\ (Local Disk) - NTFS - Total:48 Go (Free:12 Go)
E:\ (Local Disk) - NTFS - Total:42 Go (Free:37 Go)
F:\ (Local Disk) - NTFS - Total:69 Go (Free:24 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (Local Disk) - NTFS - Total:170 Go (Free:3 Go)
M:\ (CD or DVD)
N:\ (Local Disk) - NTFS - Total:49 Go (Free:3 Go)

"D:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [2] ( 03/12/2008|10:32 )

-----------\\ SUPPRESSION

Supprime! - D:\DOCUME~1\Arnaud\APPLIC~1\Search Settings\kb127
Supprime! - D:\Program Files\Search Settings\kb127
Supprime! - D:\Program Files\Search Settings\SearchSettings.exe
Supprime! - D:\DOCUME~1\Arnaud\APPLIC~1\Search Settings
Supprime! - D:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Arnaud) - {07b2a769-ed19-4483-87ce-c643914c81b1} => vistaxp
(Arnaud) - {0b457cAA-602d-484a-8fe7-c1d894a011ba} => fireshot
(Arnaud) - {239c61a8-e55f-11db-8314-0800200c9a66} => blackx-inr
(Arnaud) - {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} => firefm
(Arnaud) - {c45c406e-ab73-11d8-be73-000a95be3b12} => webdeveloper
(Arnaud) - {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} => searchstatus


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Search Bar"="http://www.google.fr/toolbar/ie8/sidebar.html"
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="D:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

D:\WINDOWS\system32\KTvuBJjl.ini
D:\WINDOWS\system32\KTvuBJjl.ini2
D:\WINDOWS\system32\ljJBuvTK.dll
[b]==> VUNDO <==/b

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

--------------------\\ Cracks & Keygens ..

D:\DOCUME~1\ALLUSE~1\Application Data\TrackMania\Cache\D26A64954F17BBECA5B402F454B3572B_MediaTracker%5cSounds%5cEvil+crack+02.ogg
D:\DOCUME~1\ALLUSE~1\Application Data\TrackMania\Cache\D26A64954F17BBECA5B402F454B3572B_MediaTracker%5cSounds%5cEvil+crack+02.ogg.loc



1 - "D:\ToolBar SD\TB_1.txt" - 03/12/2008|10:38 - Option : [2]

-----------\\ Fin du rapport a 10:38:29,10
0
Réponse 4 / 66
Hirua
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:03, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\UltraVNC\winvnc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\DOCUME~1\Arnaud\LOCALS~1\Temp\csrssc.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
D:\WINDOWS\system32\IcoSauve.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
D:\WINDOWS\System32\svchost.exe
C:\Programme\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {0B5752BA-3518-4F96-93BB-201B95DD74D7} - (no file)
O2 - BHO: (no name) - {146E0D23-72F9-4202-873D-DAC54A67B11C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - D:\WINDOWS\system32\pmnlLfEU.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {87BB740A-CF95-4781-A51C-019EAFD56C7D} - D:\WINDOWS\system32\ljJBuvTK.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - D:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\9e739mk2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Quicker Help] "D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [rs32net] D:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] D:\WINDOWS\TEMP\winlogin.exe
O4 - HKLM\..\Run: [SearchSettings] D:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Serveur VNC pour Win32] D:\Program Files\UltraVNC\winvnc.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Arnaud\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] D:\DOCUME~1\Arnaud\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [rs32net] D:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] D:\WINDOWS\TEMP\winlogin.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: IcoSauve.lnk = D:\WINDOWS\system32\IcoSauve.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: d:\progra~1\kasper~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\kasper~1\adialhk.dll,d:\progra~1\kasper~1\kasper~1\kloehk.dll
O20 - Winlogon Notify: dawvhhj - D:\WINDOWS\SYSTEM32\dawvhhj32.dll
O20 - Winlogon Notify: pmnlLfEU - D:\WINDOWS\SYSTEM32\pmnlLfEU.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FCI - Unknown owner - D:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c94b47bbec05fc) (gupdate1c94b47bbec05fc) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICF - Unknown owner - D:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 66
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Et bien ...


très infecté ! ...

Version de Windows non légitime ...
info à prendre en compte :
http://www.commentcamarche.net/faq/sujet 2981 windows j utilise une version piratee



commence par t'inscrir sur le site : il y aura une manipe à faire à un moment, et je pourrais te la donner qu'en " Message Privé " ... et pour se faire , il faut que tu sois inscrit ... ^^




Reviens sur le topic puis fais ceci dans l'ordre :


1- Important :
Désactive le "tea timer" de Spybot S&D en t'aidant de ce tuto animé (merci Balltrap ;) ) :
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
( sur la 1er image , clique sur "tea timer" pour lancer l'animation ).

En effet , il risque de géner dans le bon déroulement des outils de désinfections ...

Tu le réactiveras une fois qu'on aura finis de désinfecter ( et pas avant ! ) .
Attention , à ce moment là, Spybot te demandera des modifs de registres :
tu les accepteras toutes ! ...



une fois ceci fais ( et pas avant ! ) , la suite :

=========================


2- Télécharge MSNFix.zip (de !aur3n7) :
http://sosvirus.changelog.fr/MSNFix.zip
--> décompresse-le sur le Bureau ( = extraire tout ).

Déplace ensuite le dossier que tu viens d'extraire directement sous ton disque dure ,
c'est à dire ici -> C:\MSNFix .
( c'est très important pour le bon fonctionnement de l'outil ! ).

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R (recherche).
- Si l'infection est détectée, exécute l'option N (nettoyage) .

-> Une fois finit, sauvegardes le rapport généré sur ton bureau .
Redémarre ton PC ( = retour au mode normal ).

-> il se peut aussi que l'infection doit être nettoyer au redémarrage du PC : avant l'arrivée du bureau , une fenêtre demandant l'exécution de "MSNfix" s'ouvre .
-> clique sur ok pour que l'outil puisse finir de travailler (patiente jusqu'à l'apparition du bureau ... ceci peut s'avérer relativement long).
le rapport s'ouvrira à l'arrivée du bureau ...


---> poste moi ce rapport accompagné d'un nouveau rapport hijackthis ( fait en mode normal ) dans ta prochaine réponse pour analyse ...


( PS : le rapport est en outre sauvegardé ici C:\MSNFix\"date_heure".txt et ici C:\WINDOWS\msnfix.txt )
0
Réponse 6 / 66
Hirua Messages postés 37 Statut Membre
 
Ah c'est si grave que ça alors mon infection :s
Sinon je me suis inscrit donc tu peux m'envoyé le MP ;)
Je vais faire de suite ce que tu m'as indiqué merci
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Ah c'est si grave que ça alors mon infection :s
--> non : TES infections lol ! ... ^^

0
Réponse 7 / 66
Hirua Messages postés 37 Statut Membre
 
J'ai l'impression que le nettoyage avec MSNFix c'est arrêté il n'a plus l'air de faire grand chose... Il m'affiche
Le système ne peut trouver le fichier incl\msnRK.txt

Dois-je l'arrêté à la main parce qu'il ne trouve pas se fichier ou alors il travail quand même en fond?
0
Réponse 8 / 66
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Ferme cette fen^tre pour que l'outil continu de bosser ...


puis postes moi les rapports demandés ....


là je dois m'absenter un moment ... A tout' pour la suite ... ;)


0
Réponse 9 / 66
Hirua Messages postés 37 Statut Membre
 
Mais c'est la fenetre de l'outil justement donc l'outil c'est arrêté. J'ai essayé une deuxième mais il m'a toujours affiché le même message donc j'ai pas pu faire le nettoyage.
0
Réponse 10 / 66
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Bon ... on s'occupera de ceci après ...


fais ceci :

Télécharge VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

!! Se déconnecter et fermer toutes ses applications le temps de la manipe !!

Double-cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).

Poste le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...
0
Réponse 11 / 66
Hirua Messages postés 37 Statut Membre
 
[12/03/2008, 19:10:47] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Arnaud\Bureau\VirtumundoBeGone.exe" )
[12/03/2008, 19:10:54] - Detected System Information:
[12/03/2008, 19:10:54] - Windows Version: 5.1.2600, Service Pack 2
[12/03/2008, 19:10:54] - Current Username: Arnaud (Admin)
[12/03/2008, 19:10:54] - Windows is in NORMAL mode.
[12/03/2008, 19:10:54] - Searching for Browser Helper Objects:
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:54] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:54] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:54] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:54] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:54] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:54] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:54] - No filename found. Continuing.
[12/03/2008, 19:10:54] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03/2008, 19:10:55] - BHO list has been changed! Starting over...
[12/03/2008, 19:10:55] - BHO 1: {0B5752BA-3518-4F96-93BB-201B95DD74D7} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 2: {146E0D23-72F9-4202-873D-DAC54A67B11C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - No filename found. Continuing.
[12/03/2008, 19:10:55] - BHO 3: {36554C2C-A5A7-4541-B1A7-9BC4FC7B873F} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\ljJBuvTK
[12/03/2008, 19:10:55] - Key not found: HKLM\...\Winlogon\Notify\ljJBuvTK, continuing.
[12/03/2008, 19:10:55] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/03/2008, 19:10:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/03/2008, 19:10:55] - Checking for HKLM\...\Winlogon\Notify\pmnlLfEU
[12/03/2008, 19:10:55] - Found: HKLM\...\Winlogon\Notify\pmnlLfEU - This is probably Virtumundo.
[12/03/2008, 19:10:55] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/03
0
Réponse 12 / 66
Hirua Messages postés 37 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:11, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\UltraVNC\winvnc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\DOCUME~1\Arnaud\LOCALS~1\Temp\csrssc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\IcoSauve.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rsvp.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\SPYWARE\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {0B5752BA-3518-4F96-93BB-201B95DD74D7} - (no file)
O2 - BHO: (no name) - {146E0D23-72F9-4202-873D-DAC54A67B11C} - (no file)
O2 - BHO: (no name) - {5C7B25A7-1583-45BF-9E1E-F5F21651678C} - D:\WINDOWS\system32\ljJBuvTK.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - D:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\9e739mk2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Quicker Help] "D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [rs32net] D:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] D:\WINDOWS\TEMP\winlogin.exe
O4 - HKLM\..\Run: [SearchSettings] D:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Serveur VNC pour Win32] D:\Program Files\UltraVNC\winvnc.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Arnaud\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] D:\DOCUME~1\Arnaud\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [rs32net] D:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] D:\WINDOWS\TEMP\winlogin.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: IcoSauve.lnk = D:\WINDOWS\system32\IcoSauve.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: d:\progra~1\kasper~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\kasper~1\adialhk.dll,d:\progra~1\kasper~1\kasper~1\kloehk.dll
O20 - Winlogon Notify: dawvhhj - D:\WINDOWS\SYSTEM32\dawvhhj32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FCI - Unknown owner - D:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c94b47bbec05fc) (gupdate1c94b47bbec05fc) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICF - Unknown owner - D:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
0
Réponse 13 / 66
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Bien ... je t'envoye un " Message Privé " ... ;)


0
Réponse 14 / 66
Hirua Messages postés 37 Statut Membre
 
Voila j'ai fais ce que tu m'as dis pas MP.
0
Réponse 15 / 66
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Voilà la suite :



1- Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "francais" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.


Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )




2- Télécharge SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://sdfix.net/SDFix.exe

--> Double-clique sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...


Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...


0
Réponse 16 / 66
Hirua Messages postés 37 Statut Membre
 
SDFix est entrain de tourner la je pose le rapport des qu'il a terminé. Mais déjà est ce que tout ça eu un effet positif sur mon problème ? Enfin je voudrai savoir si mon nombre d'infection diminue ou on est toujours au même stade.

En tout cas merci beaucoup de m'aider ^^
0
Réponse 17 / 66
Hirua Messages postés 37 Statut Membre
 
[b]SDFix: Version 1.240 [/b]
Run by Arnaud on 03/12/2008 at 20:08

Microsoft Windows XP [version 5.1.2600]
Running From: D:\SDFix

[b]Checking Services [/b]:

Rootkit Found :
D:\WINDOWS\system32\drivers\ATI4MSXX.sys - Rootkit Pandex/Cutwail - Protect.sys
D:\WINDOWS\system32\drivers\TDSSmqlt.sys - Rootkit.Win32.Agent.cku

[b]Name [/b]:
FCI
ICF
restore
TDSSserv.sys
ATI4MSXX

[b]Path [/b]:
D:\WINDOWS\system32\svchost.exe:ext.exe
D:\WINDOWS\system32\svchost.exe:ext.exe
\??\D:\WINDOWS\system32\drivers\restore.sys
\systemroot\system32\drivers\TDSSmqlt.sys
System32\Drivers\ati4msxx.sys

FCI - Deleted
ICF - Deleted
restore - Deleted
TDSSserv.sys - Deleted
ATI4MSXX - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service

Rebooting

Service ATI4MSXX - Deleted after Reboot

[b]Checking Files [/b]:

Trojan Files Found:

D:\WINDOWS\system32\DAWVHHJ.dll - Deleted
D:\WINDOWS\system32\DAWVHH~1.dll - Deleted
D:\DOCUME~1\Arnaud\LOCALS~1\Temp\tmp9.tmp - Deleted
D:\DOCUME~1\Arnaud\LOCALS~1\Temp\tmpA6.tmp - Deleted
D:\DOCUME~1\Arnaud\LOCALS~1\Temp\Csrssc.exe - Deleted
D:\WINDOWS\Temp\csrssc.exe - Deleted
D:\WINDOWS\system32\drivers\TDSSmqlt.sys - Deleted
D:\WINDOWS\SYSTEM32\DRIVERS\TDSSMQLT.sys - Deleted
D:\WINDOWS\system32\TDSSotty.dll - Deleted
D:\WINDOWS\system32\TDSSarxx.dll - Deleted
D:\WINDOWS\system32\TDSSvoql.dll - Deleted
D:\WINDOWS\system32\TDSSnvuo.dll - Deleted
D:\WINDOWS\system32\TDSSdxcp.dll - Deleted
D:\WINDOWS\SYSTEM32\TDSSARXX.dll - Deleted
D:\WINDOWS\SYSTEM32\TDSSVOQL.dll - Deleted
D:\WINDOWS\system32\TDSSmtve.dat - Deleted
D:\WINDOWS\SYSTEM32\TDSSMTVE.dat - Deleted
D:\WINDOWS\system32\TDSSkkai.log - Deleted
D:\WINDOWS\SYSTEM32\TDSSKKAI.log - Deleted
D:\WINDOWS\system32\drivers\ATI4MSXX.sys - Deleted





Removing Temp Files

[b]ADS Check [/b]:


D:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 25600 bytes in 1 streams.

Checking for remaining Streams

D:\WINDOWS\system32\svchost.exe
No streams found.



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 20:30:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:2e,dd,00,48,97,12,51,45,7e,b4,9f,91,7d,36,3b,47,7f,18,f7,62,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4a,8c,cf,9b,12,5b,64,1c,16,b9,28,bf,3a,68,9e,e4,6c,..
"khjeh"=hex:44,27,28,0d,12,43,e8,d4,b9,4f,91,76,01,03,f1,af,6f,24,6e,93,2b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,0f,c2,c6,18,25,ea,57,6d,c4,4b,b9,6d,98,6b,c4,61,ab,12,12,2b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"=str(7):"\??\d:\windows\system32\dllcache\OLD348.tmp\0\0\??\d:\windows\system32\dllcache\OLD34B.tmp\0\0\??\d:\windows\system32\dllcache\OLD34E.tmp\0\0\??\d:\windows\system32\dllcache\OLD351.tmp\0\0\??\d:\windows\system32\dllcache\OLD354.tmp\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:2e,dd,00,48,97,12,51,45,7e,b4,9f,91,7d,36,3b,47,7f,18,f7,62,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4a,8c,cf,9b,12,5b,64,1c,16,b9,28,bf,3a,68,9e,e4,6c,..
"khjeh"=hex:44,27,28,0d,12,43,e8,d4,b9,4f,91,76,01,03,f1,af,6f,24,6e,93,2b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3d,d8,76,de,a9,76,aa,2d,09,be,28,4e,99,98,3b,7f,95,53,ed,bf,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:2e,dd,00,48,97,12,51,45,7e,b4,9f,91,7d,36,3b,47,7f,18,f7,62,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4a,8c,cf,9b,12,5b,64,1c,16,b9,28,bf,3a,68,9e,e4,6c,..
"khjeh"=hex:44,27,28,0d,12,43,e8,d4,b9,4f,91,76,01,03,f1,af,6f,24,6e,93,2b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3d,d8,76,de,a9,76,aa,2d,09,be,28,4e,99,98,3b,7f,95,53,ed,bf,17,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CBBE1BC-B249-4AD5-8F09-5DF3B24B2EBC}]
"oafjlmmcmipphkdjaiklmlddkfjlkj"=hex:6a,61,6b,62,64,6a,67,6a,62,63,66,6d,66,62,69,61,61,61,68,65,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"L:\\Programs Files\\mIRC\\mirc.exe"="L:\\Programs Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"="c:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"K:\\Programs Files\\Pro Evolution Soccer 2009\\pes2009.exe"="K:\\Programs Files\\Pro Evolution Soccer 2009\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"K:\\Programs Files\\Far Cry 2\\bin\\FarCry2.exe"="K:\\Programs Files\\Far Cry 2\\bin\\FarCry2.exe:*:Enabled:Far Cry 2"
"K:\\Programs Files\\Far Cry 2\\bin\\FC2Launcher.exe"="K:\\Programs Files\\Far Cry 2\\bin\\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"K:\\Programs Files\\Far Cry 2\\bin\\FC2Editor.exe"="K:\\Programs Files\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:Editeur"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"="c:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[b]Remaining Files [/b]:


File Backups: - D:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 2 Sep 2008 6,108,728 A..H. --- "D:\Program Files\Picasa2\setup.exe"
Mon 10 Mar 2008 275,456 ...H. --- "D:\Documents and Settings\Arnaud\Application Data\Microsoft\Word\~WRL2880.tmp"
Fri 14 Nov 2008 888 ...HR --- "D:\Documents and Settings\Arnaud\Application Data\SecuROM\UserData\securom_v7_01.bak"
Wed 3 Dec 2008 65,536 A..H. --- "D:\Documents and Settings\Arnaud\Local Settings\Application Data\Microsoft\Outlook\~archive.pst.tmp"
Wed 3 Dec 2008 196,608 A..H. --- "D:\Documents and Settings\Arnaud\Local Settings\Application Data\Microsoft\Outlook\~Outlacoste02@etudiant.univ-mlv.fr-0000000a.pst.tmp"
Wed 3 Dec 2008 393,216 A..H. --- "D:\Documents and Settings\Arnaud\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp"

[b]Finished![/b]
0
Réponse 18 / 66
Hirua Messages postés 37 Statut Membre
 
Certaines choses commencent a revenir dans l'ordre, mes resultats de recherche google ne sont plus redirigé c'est une bonne chose, par contre maintenant a chaque démarrage de mon pc il me fait une analyse de protection de fichier windows pourtant je l'ai laissé faire une fois en entier mais il continue de me le faire.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:17, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\UltraVNC\winvnc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Documents and Settings\Arnaud\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\WINDOWS\system32\IcoSauve.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rsvp.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\svchost.exe
C:\Programme\SPYWARE\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {4851528E-752F-443E-8569-9B07765F5FAF} - D:\WINDOWS\system32\ljJBuvTK.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - D:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\9e739mk2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Quicker Help] "D:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Serveur VNC pour Win32] D:\Program Files\UltraVNC\winvnc.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Arnaud\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: IcoSauve.lnk = D:\WINDOWS\system32\IcoSauve.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{73D5C146-71D9-4459-A2C4-80D13A37102B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: d:\progra~1\kasper~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\kasper~1\adialhk.dll,d:\progra~1\kasper~1\kasper~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c94b47bbec05fc) (gupdate1c94b47bbec05fc) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
0
Réponse 19 / 66
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Impec .... on avance !


la suite dans l'ordre :


1- refais uncoup de CCleaner ( registre compris ).



2- Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport hijackthis pour analyse ...


0
Réponse 20 / 66
Hirua Messages postés 37 Statut Membre
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2

03/12/2008 22:28:53
mbam-log-2008-12-03 (22-28-53).txt

Type de recherche: Examen rapide
Eléments examinés: 50884
Temps écoulé: 2 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
0