Aller au contenu

am013

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    29

  • Inscription

  • Dernière visite

am013's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. am013
    Bonsoir Lien Rag, Voici le dernier rapport HijackThis; Scan saved at 19:16:28, on 02/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Documents and Settings\Admin\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\tuvvutq.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [bDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?921f74258d18415387940328e3e1ba25 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?921f74258d18415387940328e3e1ba25 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: tuvvutq - C:\WINDOWS\SYSTEM32\tuvvutq.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  2. am013
    Bonsoir Lien Rag, Voici le rapport que j'obtiens; LoadLibrary failed for C:\WINDOWS\SYSTEM32\tuvvutq.dll C:\WINDOWS\SYSTEM32\tuvvutq.dll NOT unregistered. File move failed. C:\WINDOWS\SYSTEM32\tuvvutq.dll scheduled to be moved on reboot. LoadLibrary failed for C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturo.dll NOT unregistered. File move failed. C:\WINDOWS\system32\vturo.dll scheduled to be moved on reboot. Created on 08/02/2007 00:29:05
  3. am013
  4. am013
    Et le dernier HijackThis Merci a toi pour ton aide Logfile of HijackThis v1.99.1 Scan saved at 20:24:19, on 31/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Admin\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} - C:\WINDOWS\system32\vturo.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: (no name) - {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} - C:\WINDOWS\system32\geebc.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {92656D96-3403-4246-80A9-F589A4BA5509} - C:\WINDOWS\system32\ddcyw.dll (file missing) O2 - BHO: (no name) - {B61D26B7-E69D-431E-95A9-2BCA55D1FDAA} - C:\WINDOWS\system32\ssttu.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\tuvvutq.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [bDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?921f74258d18415387940328e3e1ba25 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?921f74258d18415387940328e3e1ba25 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: tuvvutq - C:\WINDOWS\SYSTEM32\tuvvutq.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  5. am013
    Voici le rapport virtumundo; [07/31/2007, 20:18:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Admin\Bureau\VirtumundoBeGone.exe" ) [07/31/2007, 20:18:07] - Detected System Information: [07/31/2007, 20:18:07] - Windows Version: 5.1.2600, Service Pack 2 [07/31/2007, 20:18:07] - Current Username: Admin (Admin) [07/31/2007, 20:18:07] - Windows is in NORMAL mode. [07/31/2007, 20:18:07] - Searching for Browser Helper Objects: [07/31/2007, 20:18:07] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [07/31/2007, 20:18:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [07/31/2007, 20:18:07] - BHO 3: {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} () [07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\vturo [07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\vturo, continuing. [07/31/2007, 20:18:07] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [07/31/2007, 20:18:07] - BHO 5: {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} () [07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\geebc [07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\geebc, continuing. [07/31/2007, 20:18:07] - BHO 6: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} () [07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\jkkkhhf [07/31/2007, 20:18:07] - Found: HKLM\...\Winlogon\Notify\jkkkhhf - This is probably Virtumundo. [07/31/2007, 20:18:07] - Assigning {1FB63E52-4D6E-48C1-A08F-F630FE50F337} MSEvents Object [07/31/2007, 20:18:07] - BHO list has been changed! Starting over... [07/31/2007, 20:18:07] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [07/31/2007, 20:18:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [07/31/2007, 20:18:07] - BHO 3: {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} () [07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\vturo [07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\vturo, continuing. [07/31/2007, 20:18:07] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [07/31/2007, 20:18:07] - BHO 5: {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} () [07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\geebc [07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\geebc, continuing. [07/31/2007, 20:18:07] - BHO 6: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} (MSEvents Object) [07/31/2007, 20:18:07] - ALERT: Found MSEvents Object! [07/31/2007, 20:18:07] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} () [07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/31/2007, 20:18:07] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [07/31/2007, 20:18:07] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [07/31/2007, 20:18:07] - BHO 10: {92656D96-3403-4246-80A9-F589A4BA5509} () [07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\ddcyw [07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing. [07/31/2007, 20:18:07] - BHO 11: {B61D26B7-E69D-431E-95A9-2BCA55D1FDAA} () [07/31/2007, 20:18:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:07] - Checking for HKLM\...\Winlogon\Notify\ssttu [07/31/2007, 20:18:07] - Key not found: HKLM\...\Winlogon\Notify\ssttu, continuing. [07/31/2007, 20:18:07] - BHO 12: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) [07/31/2007, 20:18:07] - Finished Searching Browser Helper Objects [07/31/2007, 20:18:07] - *** Detected MSEvents Object [07/31/2007, 20:18:07] - Trying to remove MSEvents Object... [07/31/2007, 20:18:08] - Terminating Process: IEXPLORE.EXE [07/31/2007, 20:18:09] - Terminating Process: RUNDLL32.EXE [07/31/2007, 20:18:09] - Disabling Automatic Shell Restart [07/31/2007, 20:18:09] - Terminating Process: EXPLORER.EXE [07/31/2007, 20:18:09] - Suspending the NT Session Manager System Service [07/31/2007, 20:18:10] - Terminating Windows NT Logon/Logoff Manager [07/31/2007, 20:18:10] - Re-enabling Automatic Shell Restart [07/31/2007, 20:18:10] - File to disable: C:\WINDOWS\system32\jkkkhhf.dll [07/31/2007, 20:18:10] - Renaming C:\WINDOWS\system32\jkkkhhf.dll -> C:\WINDOWS\system32\jkkkhhf.dll.vir [07/31/2007, 20:18:10] - File successfully renamed! [07/31/2007, 20:18:10] - Removing HKLM\...\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337} [07/31/2007, 20:18:10] - Removing HKCR\CLSID\{1FB63E52-4D6E-48C1-A08F-F630FE50F337} [07/31/2007, 20:18:10] - Adding Kill Bit for ActiveX for GUID: {1FB63E52-4D6E-48C1-A08F-F630FE50F337} [07/31/2007, 20:18:10] - Deleting ATLEvents/MSEvents Registry entries [07/31/2007, 20:18:10] - Removing HKLM\...\Winlogon\Notify\jkkkhhf [07/31/2007, 20:18:10] - Searching for Browser Helper Objects: [07/31/2007, 20:18:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [07/31/2007, 20:18:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [07/31/2007, 20:18:10] - BHO 3: {07E28EC0-23EA-4541-84E1-D4EFE6E2CB9C} () [07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\vturo [07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\vturo, continuing. [07/31/2007, 20:18:10] - BHO 4: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [07/31/2007, 20:18:10] - BHO 5: {1CF8C455-6664-4BEE-BBB1-238F26D90EBF} () [07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\geebc [07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\geebc, continuing. [07/31/2007, 20:18:10] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} () [07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper [07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [07/31/2007, 20:18:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [07/31/2007, 20:18:10] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [07/31/2007, 20:18:10] - BHO 9: {92656D96-3403-4246-80A9-F589A4BA5509} () [07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\ddcyw [07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing. [07/31/2007, 20:18:10] - BHO 10: {B61D26B7-E69D-431E-95A9-2BCA55D1FDAA} () [07/31/2007, 20:18:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/31/2007, 20:18:10] - Checking for HKLM\...\Winlogon\Notify\ssttu [07/31/2007, 20:18:10] - Key not found: HKLM\...\Winlogon\Notify\ssttu, continuing. [07/31/2007, 20:18:10] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) [07/31/2007, 20:18:10] - Finished Searching Browser Helper Objects [07/31/2007, 20:18:10] - Finishing up... [07/31/2007, 20:18:10] - A restart is needed. [07/31/2007, 20:18:10] - Automatic Reboot on STOP Error is not set. User will have to manually restart. [07/31/2007, 20:18:25] - Attempting to Restart via STOP error (Blue Screen!)
  6. am013
    Voila deja le rapport vundofix; VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Scan started at 17:29:46 27/07/2007 Listing files found while scanning.... C:\windows\system32\apeflwcb.ini C:\windows\system32\bcwlfepa.dll C:\windows\system32\bhsvgdfl.ini C:\windows\system32\dmpvuice.dll C:\windows\system32\eapddxuj.ini C:\windows\system32\eciuvpmd.ini C:\windows\system32\eephbtht.dll C:\WINDOWS\system32\efcdaxx.dll C:\windows\system32\foqbdwos.dll C:\windows\system32\jclacigr.ini C:\windows\system32\juxddpae.dll C:\windows\system32\laoukffn.dll C:\windows\system32\lfdgvshb.dll C:\windows\system32\luvweydv.dll C:\windows\system32\nffkuoal.ini C:\windows\system32\rgicalcj.dll C:\windows\system32\rraerisw.dll C:\windows\system32\sowdbqof.ini C:\windows\system32\thtbhpee.ini C:\windows\system32\vdyewvul.ini C:\WINDOWS\system32\vturo.dll C:\windows\system32\wsirearr.ini Beginning removal... Attempting to delete C:\windows\system32\apeflwcb.ini C:\windows\system32\apeflwcb.ini Has been deleted! Attempting to delete C:\windows\system32\bcwlfepa.dll C:\windows\system32\bcwlfepa.dll Has been deleted! Attempting to delete C:\windows\system32\bhsvgdfl.ini C:\windows\system32\bhsvgdfl.ini Has been deleted! Attempting to delete C:\windows\system32\dmpvuice.dll C:\windows\system32\dmpvuice.dll Has been deleted! Attempting to delete C:\windows\system32\eapddxuj.ini C:\windows\system32\eapddxuj.ini Has been deleted! Attempting to delete C:\windows\system32\eciuvpmd.ini C:\windows\system32\eciuvpmd.ini Has been deleted! Attempting to delete C:\windows\system32\eephbtht.dll C:\windows\system32\eephbtht.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\efcdaxx.dll C:\WINDOWS\system32\efcdaxx.dll Could not be deleted. Attempting to delete C:\windows\system32\foqbdwos.dll C:\windows\system32\foqbdwos.dll Has been deleted! Attempting to delete C:\windows\system32\jclacigr.ini C:\windows\system32\jclacigr.ini Has been deleted! Attempting to delete C:\windows\system32\juxddpae.dll C:\windows\system32\juxddpae.dll Has been deleted! Attempting to delete C:\windows\system32\laoukffn.dll C:\windows\system32\laoukffn.dll Has been deleted! Attempting to delete C:\windows\system32\lfdgvshb.dll C:\windows\system32\lfdgvshb.dll Has been deleted! Attempting to delete C:\windows\system32\luvweydv.dll C:\windows\system32\luvweydv.dll Has been deleted! Attempting to delete C:\windows\system32\nffkuoal.ini C:\windows\system32\nffkuoal.ini Has been deleted! Attempting to delete C:\windows\system32\rgicalcj.dll C:\windows\system32\rgicalcj.dll Has been deleted! Attempting to delete C:\windows\system32\rraerisw.dll C:\windows\system32\rraerisw.dll Has been deleted! Attempting to delete C:\windows\system32\sowdbqof.ini C:\windows\system32\sowdbqof.ini Has been deleted! Attempting to delete C:\windows\system32\thtbhpee.ini C:\windows\system32\thtbhpee.ini Has been deleted! Attempting to delete C:\windows\system32\vdyewvul.ini C:\windows\system32\vdyewvul.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturo.dll Could not be deleted. Attempting to delete C:\windows\system32\wsirearr.ini C:\windows\system32\wsirearr.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Scan started at 23:15:00 29/07/2007 Listing files found while scanning.... C:\WINDOWS\system32\cbeeg.bak1 C:\WINDOWS\system32\cbeeg.bak2 C:\WINDOWS\system32\cbeeg.ini C:\WINDOWS\system32\geebc.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cbeeg.bak1 C:\WINDOWS\system32\cbeeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cbeeg.bak2 C:\WINDOWS\system32\cbeeg.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cbeeg.ini C:\WINDOWS\system32\cbeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\geebc.dll C:\WINDOWS\system32\geebc.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Scan started at 00:47:01 30/07/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddcyw.dll C:\WINDOWS\system32\wycdd.bak1 C:\WINDOWS\system32\wycdd.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyw.dll C:\WINDOWS\system32\ddcyw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wycdd.bak1 C:\WINDOWS\system32\wycdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\wycdd.ini C:\WINDOWS\system32\wycdd.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Scan started at 19:33:47 30/07/2007 Listing files found while scanning.... C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\uttss.bak1 C:\WINDOWS\system32\uttss.bak2 C:\WINDOWS\system32\uttss.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ssttu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\uttss.bak1 C:\WINDOWS\system32\uttss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\uttss.bak2 C:\WINDOWS\system32\uttss.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Scan started at 20:08:37 31/07/2007 Listing files found while scanning.... No infected files were found. Beginning removal...
  7. am013
  8. am013
    Personne ne peut m'aider??
  9. am013
    Bonjour a tous... Malgre plusieurs tentatives je n'arrive toujours pas a eliminer ce virus. Je ne connais pas gd chose Qqu'un peut jetter un oeil a mes derniers rapports ds mon article precedent "Help lectures rapports" svp et juste mme dire si il existe une solution.. Merci d'avance.
  10. am013
    Ya t'il encore qque chose a tenter?? J'ai l'impression que rien ne peut enlever ce virus du nom de trojan virtumonde.. :P:P
  11. am013
  12. am013
  13. am013
  14. am013

    Controle active X

    am013 a répondu à un(e) sujet de am013 dans Sécurisation, prévention

  15. am013

    Active X

    am013 a répondu à un(e) sujet de am013 dans Software

×
×
  • Créer...