Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business



|||-  

Winantivirus pro, drive cleaner, system doctor ...

 

1 utilisateur anonyme
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Winantivirus pro, drive cleaner, system doctor ...

Prévenir les modérateurs en cas d'abus 
Wormi
nico le d
wormi
  1. Posté le 30/08/2007 à 10:04:34  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour à tous,

 Je cherche à éliminer les chevaux de troie d'un petit paquet d'espiogiciels.

 Comme je l'ai vu dans un bon nombre de sujets, vous avez besoin d'un rapport HiJackThis. C'est pourquoi je le posterai ici si quelqu'un est disponible pour me répondre.


 Merci d'avance pour votre aide.

 PS:Je trouve lamentable cette méthode de vente de logiciels :hurle:

 Nota: d'après ce que j'ai vu sur un autre sujet Avast pourrai être la cause de non détection? Donc je vais de ce pas installer Antivir.

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 30/08/2007 à 10:12:50  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour, pour commencer suis cette procédure et post moi les rapports :

 http://mickael.barroux.free.fr [...] ontrol.php

 :hello:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
nico le d
wormi
  1. Posté le 30/08/2007 à 10:30:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voici le rapport HiJackThis :

 Logfile of Trend Micro HijackThis v2.0.0 (BETA)
 Scan saved at 11:01:52, on 30/08/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcIp.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcLog.exe
 C:\WINDOWS\System32\nvsvc32.ex​e
 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.e​xe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\wdfmgr.exe
 C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
 C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcAppFlt.exe
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\WINDOWS\System32\alg.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Java\jre1.6.0_02\bin\jus​ched.exe
 C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\regsvr32.e​xe
 C:\Program Files\SecCenter\scprot4.exe
 C:\Program Files\SuperCopier2\SuperCopier​2.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\WINDOWS\system32\unlksgwn.e​xe
 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
 C:\Documents and Settings\Wormi\Bureau\Scanner.​exe
 C:\WINDOWS\System32\wbem\wmipr​vse.exe
 C:\WINDOWS\System32\wbem\wmipr​vse.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.google.fr/
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-01884​5CDF059} - C:\Program Files\Rjrqgrir\jvqxnjcw.dll
 O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4} - C:\WINDOWS\system32\vtuurqq.dl​l
 O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D​4C9361F} - C:\WINDOWS\system32\gebawvu.dl​l (file missing)
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.​DLL
 O2 - BHO: (no name) - {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} - C:\WINDOWS\system32\ddayv.dll (file missing)
 O2 - BHO: (no name) - {F79A1D79-C5E7-4D92-8BBE-809D1​A15B092} - C:\WINDOWS\system32\mlljg.dll
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier​2.exe
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe AcRdB7_0_0
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adob​e Gamma Loader.exe
 O8 - Extra context menu item: &Tout télécharger en utilisant Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
 O8 - Extra context menu item: S'abonner avec RSS Bandit - C:\Documents and Settings\Wormi\Application Data\RssBandit\iecontext_subsc​ribebandit.htm
 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
 O8 - Extra context menu item: Télécharger en utilisant &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E​80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
 O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E​80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.d​ll
 O17 - HKLM\System\CCS\Services\Tcpip​\..\{6BF9B29D-8DA3-440F-8E71-3​26D26AF97F1}: NameServer = 192.168.1.1
 O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
 O20 - Winlogon Notify: gebawvu - gebawvu.dll (file missing)
 O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll
 O20 - Winlogon Notify: vtuurqq - C:\WINDOWS\SYSTEM32\vtuurqq.dl​l
 O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.d​ll
 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C​90312E1} - C:\WINDOWS\System32\browseui.d​ll
 O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-30783​02C2030} - C:\WINDOWS\System32\browseui.d​ll
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.ex​e
 O23 - Service: DomainService -   - C:\WINDOWS\system32\unlksgwn.e​xe
 O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.e​xe
 O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcAppFlt.exe
 O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe
 O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.ex​e
 O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcIp.exe
 O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcLog.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.e​xe
 O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.ex​e
 O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.e​xe
 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.e​xe
 O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.e​xe
 O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.ex​e
 O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
 O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiap​srv.exe
 O23 - Service: WMP54GSVC - GEMTEKS - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe

 --
 End of file - 9407 bytes


 Voici le rapport Magic.control :
 

 Search Navipromo version 2.0.9 commencé le 30/08/2007 à 11:21:16,37

 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
 !!! Poster ce rapport sur le forum pour le faire analyser !!!
 !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

 Fix lancé depuis C:\Program Files\navilog1
 Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO

 Executé en mode normal

 *** Recherche Programmes installes ***




 *** Recherche dossiers dans C:\WINDOWS ***




 *** Recherche dossiers dans C:\Program Files ***




 *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




 *** Recherche dossiers dans C:\Documents and Settings\Wormi\Application Data ***



 *** Recherche avec BlackLight Engine/F-secure ***
 BlackLight Engine est un produit de F-secure, pour + d'infos :
 http://www.f-secure.com/blackl [...] _help.html


 F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
 ==============================​========

 Copyright 2005-2006 F-Secure Corporation. All rights reserved.
 This is a beta version. It will expire on 1st of October, 2007.
 Version information: 2.2.1064.

 [+] Started on 08/30/07 at 11:21:18.
 [+] Initializing ...
 [+] Starting scan, press Ctrl-C to abort.
 [+] Scanning for hidden items ..............................​..........................
 [+] Scan complete.
 [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
 [+] Exited on 08/30/07 at 11:26:28 (return code = 0).


 *** Recherche avec GenericNaviSearch ***
 !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
 !!! A verifier impérativement avant toute suppression manuelle !!!

 Fichiers trouvés :

 Aucun Fichier trouvé !

 Fichiers suspects :

 Aucun Fichier suspect trouvé !



 *** Recherche fichiers ***




 *** Recherche cles registre ***


 Recherche dans [HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\SharedDLLs]



 Recherche dans [HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\ModuleUsage]



 Recherche Clé Magic Control



 *** Module de Recherche complémentaire ***
 (Recherche fichiers spécifiques)

 1)Recherche fichiers connus:

 C:\WINDOWS\system32\gjllm.ini2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.ini2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\gjllm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.bak1 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\gjllm.bak2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.bak2 trouvé ! infection Vundo possible non traité par cet outil !

 2)Recherche Heuristique :
 *
 **
 ***
 ****
 *****
 ******
 *******
 ********
 C:\WINDOWS\system32\unlksgwn.e​xe trouvé !


 3)Recherche Certificats :

 Certificat Egroup absent !


 *** Analyse Terminé le 30/08/2007 à 11:26:52,71 ***

 Merci beaucoup de répondre aussi rapidement

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 30/08/2007 à 10:41:26  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.

 Aide pour la désinfection : http://mickael.barroux.free.fr [...] sinfection

 Au menu principal, choisis 2 et valide.

 Le fix va t'informer qu'il va alors redémarrer ton PC
 Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
 Appuie sur une touche comme demandé.
 (si ton Pc ne redémarre pas automatiquement, fais le toi même)
 Au redémarrage de ton PC, choisis ta session habituelle.

 Patiente jusqu'au message :
 "*** Nettoyage Termine le ..... ***"
 Le bloc-notes va s'ouvrir.
 Sauvegarde le rapport de manière à le retrouver
 Referme le bloc-notes. Ton bureau va réapparaitre

 Démarrer -> panneau de configuration -> options internet
 Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

 electronic-group ; egroup ; Montorgueil ; VIP ; "Sunny Day Design Ltd"

 => Supprime-les tous

 Post le rapport cleannavi sauvegardé auparavant.

 NOTES :
 
  • Le rapport se trouve également ici : %root%\cleannavi.txt
  • Si ton Bureau ne réapparaît pas, fais ceci :
-> Clique simultanément sur Ctrl + Alt + Suppr.
 Clique sur l'onglet Fichier puis choisis Nouvelle tâche.
 Tape Explorer puis valide.
 -> Choisis Exécuter..., tape Explorer puis valide.

 ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
nico le d
wormi
  1. Posté le 30/08/2007 à 10:59:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voici le rapport cleanavi :

 Clean Navipromo version 2.0.9 commencé le 30/08/2007 à 11:47:14,70

 Fix lancé depuis C:\Program Files\navilog1
 Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO

 Mode suppression automatique avec prise en charge résultats Blacklight


 
 *** fsbl1.txt non trouvé ***
 (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
 


 *** Recherche avec GenericNaviSearch ***
 !!! Ces résultats peuvent révéler des fichiers légitimes !!!
 !!! A verifier impérativement avant toute suppression manuelle !!!

 Fichiers trouvés supprimés avec backups :

 Aucun Fichier trouvé !

 Fichiers suspects :

 Aucun Fichier suspect trouvé !


 *** Suppression dossiers dans C:\WINDOWS ***


 *** Suppression dossiers dans C:\Program Files ***


 *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


 *** Suppression dossiers dans C:\Documents and Settings\Wormi\Application Data ***



 *** Suppression fichiers ***


 *** Suppression fichiers temporaires ***

 Nettoyage contenu C:\WINDOWS\Temp effectué !
 Nettoyage contenu C:\Documents and Settings\Wormi\Local Settings\Temp effectué !

 *** Traitement Recherche complémentaire ***
 (Recherche fichiers spécifiques)

 1)Recherche fichiers connus:

 C:\WINDOWS\system32\gjllm.ini2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.ini2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\gjllm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.bak1 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\gjllm.bak2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.bak2 trouvé ! infection Vundo possible non traité par cet outil !

 2)Recherche et Suppression Heuristique :

 *
 **
 ***
 ****
 *****
 ******
 *******
 ********
 C:\WINDOWS\system32\unlksgwn.e​xe trouvé !
 Copie C:\WINDOWS\system32\unlksgwn.e​xe réalise avec succes !
 C:\WINDOWS\system32\unlksgwn.e​xe !!ERREUR SUPPRESSION!!


 3)Certificats :

 Certificat Egroup absent !

 *** Sauvegarde du registre vers dossier Backupnavi ***

 sauvegarde du registre réalise avec succes !


 *** Nettoyage registre ***


 Erreur application fixreg

 Le registre n'a pas été nettoyé !


 *** Nettoyage termine le 30/08/2007 à 11:55:03,59 ***

(Publicité)
  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 30/08/2007 à 11:07:34  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re, suis cette procédure :

 http://mickael.barroux.free.fr [...] sinfection

 et post moi les rapports ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
nico le d
wormi
  1. Posté le 30/08/2007 à 11:45:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voici le nouveau rapport HiJackThis

 Logfile of Trend Micro HijackThis v2.0.0 (BETA)
 Scan saved at 12:42:50, on 30/08/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcIp.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcLog.exe
 C:\WINDOWS\System32\nvsvc32.ex​e
 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.e​xe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\wdfmgr.exe
 C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcAppFlt.exe
 C:\WINDOWS\System32\wbem\wmipr​vse.exe
 C:\WINDOWS\System32\alg.exe
 C:\Program Files\Java\jre1.6.0_02\bin\jus​ched.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
 C:\Program Files\SuperCopier2\SuperCopier​2.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\WINDOWS\System32\wbem\wmipr​vse.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Documents and Settings\Wormi\Bureau\Scanner.​exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.google.fr/
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.​DLL
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier​2.exe
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe AcRdB7_0_0
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adob​e Gamma Loader.exe
 O8 - Extra context menu item: &Tout télécharger en utilisant Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
 O8 - Extra context menu item: S'abonner avec RSS Bandit - C:\Documents and Settings\Wormi\Application Data\RssBandit\iecontext_subsc​ribebandit.htm
 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
 O8 - Extra context menu item: Télécharger en utilisant &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E​80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
 O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E​80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.d​ll
 O17 - HKLM\System\CCS\Services\Tcpip​\..\{6BF9B29D-8DA3-440F-8E71-3​26D26AF97F1}: NameServer = 192.168.1.1
 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C​90312E1} - C:\WINDOWS\System32\browseui.d​ll
 O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-30783​02C2030} - C:\WINDOWS\System32\browseui.d​ll
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.ex​e
 O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.e​xe
 O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcAppFlt.exe
 O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe
 O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.ex​e
 O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcIp.exe
 O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcLog.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.e​xe
 O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.ex​e
 O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.e​xe
 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.e​xe
 O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.e​xe
 O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.ex​e
 O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
 O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiap​srv.exe
 O23 - Service: WMP54GSVC - GEMTEKS - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe

 --
 End of file - 8116 bytes


 Dois-je poster également les rapports cleannavi, magic.control, ...?

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 30/08/2007 à 12:14:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
et les rapports vundofix ? virtumondobegone ? combofix ? :)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
nico le d
wormi
  1. Posté le 30/08/2007 à 13:00:34  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voici cleannavi :

 Clean Navipromo version 2.0.9 commencé le 30/08/2007 à 11:47:14,70

 Fix lancé depuis C:\Program Files\navilog1
 Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO

 Mode suppression automatique avec prise en charge résultats Blacklight


 
 *** fsbl1.txt non trouvé ***
 (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
 


 *** Recherche avec GenericNaviSearch ***
 !!! Ces résultats peuvent révéler des fichiers légitimes !!!
 !!! A verifier impérativement avant toute suppression manuelle !!!

 Fichiers trouvés supprimés avec backups :

 Aucun Fichier trouvé !

 Fichiers suspects :

 Aucun Fichier suspect trouvé !


 *** Suppression dossiers dans C:\WINDOWS ***


 *** Suppression dossiers dans C:\Program Files ***


 *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


 *** Suppression dossiers dans C:\Documents and Settings\Wormi\Application Data ***



 *** Suppression fichiers ***


 *** Suppression fichiers temporaires ***

 Nettoyage contenu C:\WINDOWS\Temp effectué !
 Nettoyage contenu C:\Documents and Settings\Wormi\Local Settings\Temp effectué !

 *** Traitement Recherche complémentaire ***
 (Recherche fichiers spécifiques)

 1)Recherche fichiers connus:

 C:\WINDOWS\system32\gjllm.ini2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.ini2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\gjllm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.bak1 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\gjllm.bak2 trouvé ! infection Vundo possible non traité par cet outil !
 C:\WINDOWS\system32\vyadd.bak2 trouvé ! infection Vundo possible non traité par cet outil !

 2)Recherche et Suppression Heuristique :

 *
 **
 ***
 ****
 *****
 ******
 *******
 ********
 C:\WINDOWS\system32\unlksgwn.e​xe trouvé !
 Copie C:\WINDOWS\system32\unlksgwn.e​xe réalise avec succes !
 C:\WINDOWS\system32\unlksgwn.e​xe !!ERREUR SUPPRESSION!!


 3)Certificats :

 Certificat Egroup absent !

 *** Sauvegarde du registre vers dossier Backupnavi ***

 sauvegarde du registre réalise avec succes !


 *** Nettoyage registre ***


 Erreur application fixreg

 Le registre n'a pas été nettoyé !


 *** Nettoyage termine le 30/08/2007 à 11:55:03,59 ***

 VBG :


 [08/30/2007, 12:19:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Wormi\Bureau\Virtumun​doBeGone.exe" )
 [08/30/2007, 12:19:21] - Detected System Information:
 [08/30/2007, 12:19:21] -  Windows Version: 5.1.2600, Service Pack 2
 [08/30/2007, 12:19:21] -  Current Username: Wormi (Admin)
 [08/30/2007, 12:19:21] -  Windows is in NORMAL mode.
 [08/30/2007, 12:19:21] - Searching for Browser Helper Objects:
 [08/30/2007, 12:19:21] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:19:21] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:19:21] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:19:21] -  BHO 3: {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  Checking for HKLM\...\Winlogon\Notify\vtuur​qq
 [08/30/2007, 12:19:21] -  Found: HKLM\...\Winlogon\Notify\vtuur​qq - This is probably Virtumundo.
 [08/30/2007, 12:19:21] -  Assigning {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4} MSEvents Object
 [08/30/2007, 12:19:21] - BHO list has been changed! Starting over...
 [08/30/2007, 12:19:21] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:19:21] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:19:21] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:19:21] -  BHO 3: {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4} (MSEvents Object)
 [08/30/2007, 12:19:21] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:21] -  BHO 4: {67475B4D-150D-44A4-B5DD-BC80D​4C9361F} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  Checking for HKLM\...\Winlogon\Notify\gebaw​vu
 [08/30/2007, 12:19:21] -  Found: HKLM\...\Winlogon\Notify\gebaw​vu - This is probably Virtumundo.
 [08/30/2007, 12:19:21] -  Assigning {67475B4D-150D-44A4-B5DD-BC80D​4C9361F} MSEvents Object
 [08/30/2007, 12:19:21] - BHO list has been changed! Starting over...
 [08/30/2007, 12:19:21] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:19:21] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:19:21] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:19:21] -  BHO 3: {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4} (MSEvents Object)
 [08/30/2007, 12:19:21] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:21] -  BHO 4: {67475B4D-150D-44A4-B5DD-BC80D​4C9361F} (MSEvents Object)
 [08/30/2007, 12:19:21] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:21] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:19:21] -  BHO 6: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:19:21] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:19:21] -  BHO 7: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  No filename found. Continuing.
 [08/30/2007, 12:19:21] -  BHO 8: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:19:21] -  BHO 9: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  Checking for HKLM\...\Winlogon\Notify\ddayv
 [08/30/2007, 12:19:21] -  Found: HKLM\...\Winlogon\Notify\ddayv - This is probably Virtumundo.
 [08/30/2007, 12:19:21] -  Assigning {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} MSEvents Object
 [08/30/2007, 12:19:21] - BHO list has been changed! Starting over...
 [08/30/2007, 12:19:21] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:19:21] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:19:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:21] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:19:21] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:19:21] -  BHO 3: {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4} (MSEvents Object)
 [08/30/2007, 12:19:21] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:22] -  BHO 4: {67475B4D-150D-44A4-B5DD-BC80D​4C9361F} (MSEvents Object)
 [08/30/2007, 12:19:22] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:22] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:19:22] -  BHO 6: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:19:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:22] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:19:22] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:19:22] -  BHO 7: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:19:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:22] -  No filename found. Continuing.
 [08/30/2007, 12:19:22] -  BHO 8: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:19:22] -  BHO 9: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} (MSEvents Object)
 [08/30/2007, 12:19:22] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:22] - Finished Searching Browser Helper Objects
 [08/30/2007, 12:19:22] - *** Detected MSEvents Object
 [08/30/2007, 12:19:22] - Trying to remove MSEvents Object...
 [08/30/2007, 12:19:23] -    Terminating Process: IEXPLORE.EXE
 [08/30/2007, 12:19:23] -    Terminating Process: RUNDLL32.EXE
 [08/30/2007, 12:19:23] -    Disabling Automatic Shell Restart
 [08/30/2007, 12:19:23] -    Terminating Process: EXPLORER.EXE
 [08/30/2007, 12:19:23] -    Suspending the NT Session Manager System Service
 [08/30/2007, 12:19:23] -    Terminating Windows NT Logon/Logoff Manager
 [08/30/2007, 12:19:23] -    Re-enabling Automatic Shell Restart
 [08/30/2007, 12:19:23] -   File to disable: C:\WINDOWS\system32\vtuurqq.dl​l
 [08/30/2007, 12:19:23] -  Renaming C:\WINDOWS\system32\vtuurqq.dl​l -> C:\WINDOWS\system32\vtuurqq.dl​l.vir
 [08/30/2007, 12:19:24] -  File successfully renamed!
 [08/30/2007, 12:19:24] -   Removing HKLM\...\Browser Helper Objects\{57D6708C-88E2-4CAB-9F​A4-78BB8CA3A3C4}
 [08/30/2007, 12:19:24] -   Removing HKCR\CLSID\{57D6708C-88E2-4CAB​-9FA4-78BB8CA3A3C4}
 [08/30/2007, 12:19:24] -   Adding Kill Bit for ActiveX for GUID: {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4}
 [08/30/2007, 12:19:24] -   Deleting ATLEvents/MSEvents Registry entries
 [08/30/2007, 12:19:24] -   Removing HKLM\...\Winlogon\Notify\vtuur​qq
 [08/30/2007, 12:19:24] - Searching for Browser Helper Objects:
 [08/30/2007, 12:19:24] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:19:24] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:19:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:24] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:19:24] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:19:24] -  BHO 3: {67475B4D-150D-44A4-B5DD-BC80D​4C9361F} (MSEvents Object)
 [08/30/2007, 12:19:24] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:24] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:19:24] -  BHO 5: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:19:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:24] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:19:24] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:19:24] -  BHO 6: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:19:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:24] -  No filename found. Continuing.
 [08/30/2007, 12:19:24] -  BHO 7: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:19:24] -  BHO 8: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} (MSEvents Object)
 [08/30/2007, 12:19:24] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:24] - Finished Searching Browser Helper Objects
 [08/30/2007, 12:19:24] - *** Detected MSEvents Object
 [08/30/2007, 12:19:24] - Trying to remove MSEvents Object...
 [08/30/2007, 12:19:25] -    Terminating Process: IEXPLORE.EXE
 [08/30/2007, 12:19:25] -    Terminating Process: RUNDLL32.EXE
 [08/30/2007, 12:19:25] -    Disabling Automatic Shell Restart
 [08/30/2007, 12:19:25] -    Terminating Process: EXPLORER.EXE
 [08/30/2007, 12:19:25] -    Suspending the NT Session Manager System Service
 [08/30/2007, 12:19:26] -    Terminating Windows NT Logon/Logoff Manager
 [08/30/2007, 12:19:26] -    Re-enabling Automatic Shell Restart
 [08/30/2007, 12:19:26] -   File to disable: C:\WINDOWS\system32\gebawvu.dl​l
 [08/30/2007, 12:19:26] -   Removing HKLM\...\Browser Helper Objects\{67475B4D-150D-44A4-B5​DD-BC80D4C9361F}
 [08/30/2007, 12:19:26] -   Removing HKCR\CLSID\{67475B4D-150D-44A4​-B5DD-BC80D4C9361F}
 [08/30/2007, 12:19:26] -   Adding Kill Bit for ActiveX for GUID: {67475B4D-150D-44A4-B5DD-BC80D​4C9361F}
 [08/30/2007, 12:19:26] -   Deleting ATLEvents/MSEvents Registry entries
 [08/30/2007, 12:19:26] -   Removing HKLM\...\Winlogon\Notify\gebaw​vu
 [08/30/2007, 12:19:26] - Searching for Browser Helper Objects:
 [08/30/2007, 12:19:26] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:19:26] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:19:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:26] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:19:26] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:19:26] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:19:26] -  BHO 4: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:19:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:26] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:19:26] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:19:26] -  BHO 5: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:19:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:26] -  No filename found. Continuing.
 [08/30/2007, 12:19:26] -  BHO 6: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:19:26] -  BHO 7: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} (MSEvents Object)
 [08/30/2007, 12:19:26] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:19:26] - Finished Searching Browser Helper Objects
 [08/30/2007, 12:19:26] - *** Detected MSEvents Object
 [08/30/2007, 12:19:26] - Trying to remove MSEvents Object...
 [08/30/2007, 12:19:27] -    Terminating Process: IEXPLORE.EXE
 [08/30/2007, 12:19:27] -    Terminating Process: RUNDLL32.EXE
 [08/30/2007, 12:19:27] -    Disabling Automatic Shell Restart
 [08/30/2007, 12:19:27] -    Terminating Process: EXPLORER.EXE
 [08/30/2007, 12:19:27] -    Suspending the NT Session Manager System Service
 [08/30/2007, 12:19:27] -    Terminating Windows NT Logon/Logoff Manager
 [08/30/2007, 12:19:27] -    Re-enabling Automatic Shell Restart
 [08/30/2007, 12:19:27] -   File to disable: C:\WINDOWS\system32\ddayv.dll
 [08/30/2007, 12:19:27] -   Removing HKLM\...\Browser Helper Objects\{EFA8B4F6-3901-4B81-9B​AF-FC6775B90A78}
 [08/30/2007, 12:19:27] -   Removing HKCR\CLSID\{EFA8B4F6-3901-4B81​-9BAF-FC6775B90A78}
 [08/30/2007, 12:19:27] -   Adding Kill Bit for ActiveX for GUID: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78}
 [08/30/2007, 12:19:27] -   Deleting ATLEvents/MSEvents Registry entries
 [08/30/2007, 12:19:27] -   Removing HKLM\...\Winlogon\Notify\ddayv
 [08/30/2007, 12:19:27] - Searching for Browser Helper Objects:
 [08/30/2007, 12:19:27] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:19:27] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:19:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:27] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:19:27] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:19:27] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:19:27] -  BHO 4: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:19:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:27] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:19:27] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:19:27] -  BHO 5: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:19:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:19:27] -  No filename found. Continuing.
 [08/30/2007, 12:19:27] -  BHO 6: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:19:27] - Finished Searching Browser Helper Objects
 [08/30/2007, 12:19:27] - Finishing up...
 [08/30/2007, 12:19:27] - A restart is needed.
 [08/30/2007, 12:19:36] - Attempting to Restart via STOP error (Blue Screen!)

 [08/30/2007, 12:26:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Wormi\Bureau\Virtumun​doBeGone.exe" )
 [08/30/2007, 12:26:40] - Detected System Information:
 [08/30/2007, 12:26:40] -  Windows Version: 5.1.2600, Service Pack 2
 [08/30/2007, 12:26:40] -  Current Username: Wormi (Admin)
 [08/30/2007, 12:26:40] -  Windows is in NORMAL mode.
 [08/30/2007, 12:26:40] - Searching for Browser Helper Objects:
 [08/30/2007, 12:26:40] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:26:40] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:26:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:40] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:26:40] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:26:40] -  BHO 3: {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4} (MSEvents Object)
 [08/30/2007, 12:26:40] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:26:40] -  BHO 4: {67475B4D-150D-44A4-B5DD-BC80D​4C9361F} (MSEvents Object)
 [08/30/2007, 12:26:40] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:26:40] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:26:40] -  BHO 6: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:26:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:40] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:26:40] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:26:40] -  BHO 7: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:26:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:40] -  No filename found. Continuing.
 [08/30/2007, 12:26:40] -  BHO 8: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:26:40] -  BHO 9: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} (MSEvents Object)
 [08/30/2007, 12:26:40] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:26:40] - Finished Searching Browser Helper Objects
 [08/30/2007, 12:26:40] - *** Detected MSEvents Object
 [08/30/2007, 12:26:40] - Trying to remove MSEvents Object...
 [08/30/2007, 12:26:41] -    Terminating Process: IEXPLORE.EXE
 [08/30/2007, 12:26:41] -    Terminating Process: RUNDLL32.EXE
 [08/30/2007, 12:26:41] -    Disabling Automatic Shell Restart
 [08/30/2007, 12:26:41] -    Terminating Process: EXPLORER.EXE
 [08/30/2007, 12:26:41] -    Suspending the NT Session Manager System Service
 [08/30/2007, 12:26:41] -    Terminating Windows NT Logon/Logoff Manager
 [08/30/2007, 12:26:42] -    Re-enabling Automatic Shell Restart
 [08/30/2007, 12:26:42] -   File to disable: C:\WINDOWS\system32\vtuurqq.dl​l
 [08/30/2007, 12:26:42] -   Removing HKLM\...\Browser Helper Objects\{57D6708C-88E2-4CAB-9F​A4-78BB8CA3A3C4}
 [08/30/2007, 12:26:42] -   Removing HKCR\CLSID\{57D6708C-88E2-4CAB​-9FA4-78BB8CA3A3C4}
 [08/30/2007, 12:26:42] -   Adding Kill Bit for ActiveX for GUID: {57D6708C-88E2-4CAB-9FA4-78BB8​CA3A3C4}
 [08/30/2007, 12:26:42] -   Deleting ATLEvents/MSEvents Registry entries
 [08/30/2007, 12:26:42] -   Removing HKLM\...\Winlogon\Notify\vtuur​qq
 [08/30/2007, 12:26:42] - Searching for Browser Helper Objects:
 [08/30/2007, 12:26:42] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:26:42] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:26:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:42] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:26:42] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:26:42] -  BHO 3: {67475B4D-150D-44A4-B5DD-BC80D​4C9361F} (MSEvents Object)
 [08/30/2007, 12:26:42] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:26:42] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:26:42] -  BHO 5: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:26:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:42] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:26:42] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:26:42] -  BHO 6: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:26:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:42] -  No filename found. Continuing.
 [08/30/2007, 12:26:42] -  BHO 7: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:26:42] -  BHO 8: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} (MSEvents Object)
 [08/30/2007, 12:26:42] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:26:42] - Finished Searching Browser Helper Objects
 [08/30/2007, 12:26:42] - *** Detected MSEvents Object
 [08/30/2007, 12:26:42] - Trying to remove MSEvents Object...
 [08/30/2007, 12:26:44] -    Terminating Process: IEXPLORE.EXE
 [08/30/2007, 12:26:44] -    Terminating Process: RUNDLL32.EXE
 [08/30/2007, 12:26:44] -    Disabling Automatic Shell Restart
 [08/30/2007, 12:26:44] -    Terminating Process: EXPLORER.EXE
 [08/30/2007, 12:26:44] -    Suspending the NT Session Manager System Service
 [08/30/2007, 12:26:44] -    Terminating Windows NT Logon/Logoff Manager
 [08/30/2007, 12:26:44] -    Re-enabling Automatic Shell Restart
 [08/30/2007, 12:26:44] -   File to disable: C:\WINDOWS\system32\gebawvu.dl​l
 [08/30/2007, 12:26:44] -   Removing HKLM\...\Browser Helper Objects\{67475B4D-150D-44A4-B5​DD-BC80D4C9361F}
 [08/30/2007, 12:26:44] -   Removing HKCR\CLSID\{67475B4D-150D-44A4​-B5DD-BC80D4C9361F}
 [08/30/2007, 12:26:44] -   Adding Kill Bit for ActiveX for GUID: {67475B4D-150D-44A4-B5DD-BC80D​4C9361F}
 [08/30/2007, 12:26:44] -   Deleting ATLEvents/MSEvents Registry entries
 [08/30/2007, 12:26:44] -   Removing HKLM\...\Winlogon\Notify\gebaw​vu
 [08/30/2007, 12:26:44] - Searching for Browser Helper Objects:
 [08/30/2007, 12:26:44] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:26:44] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:26:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:44] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:26:44] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:26:44] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:26:44] -  BHO 4: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:26:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:44] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:26:44] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:26:44] -  BHO 5: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:26:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:44] -  No filename found. Continuing.
 [08/30/2007, 12:26:44] -  BHO 6: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:26:44] -  BHO 7: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78} (MSEvents Object)
 [08/30/2007, 12:26:44] - ALERT: Found MSEvents Object!
 [08/30/2007, 12:26:44] - Finished Searching Browser Helper Objects
 [08/30/2007, 12:26:44] - *** Detected MSEvents Object
 [08/30/2007, 12:26:44] - Trying to remove MSEvents Object...
 [08/30/2007, 12:26:45] -    Terminating Process: IEXPLORE.EXE
 [08/30/2007, 12:26:45] -    Terminating Process: RUNDLL32.EXE
 [08/30/2007, 12:26:45] -    Disabling Automatic Shell Restart
 [08/30/2007, 12:26:45] -    Terminating Process: EXPLORER.EXE
 [08/30/2007, 12:26:46] -    Suspending the NT Session Manager System Service
 [08/30/2007, 12:26:46] -    Terminating Windows NT Logon/Logoff Manager
 [08/30/2007, 12:26:46] -    Re-enabling Automatic Shell Restart
 [08/30/2007, 12:26:46] -   File to disable: C:\WINDOWS\system32\ddayv.dll
 [08/30/2007, 12:26:46] -   Removing HKLM\...\Browser Helper Objects\{EFA8B4F6-3901-4B81-9B​AF-FC6775B90A78}
 [08/30/2007, 12:26:46] -   Removing HKCR\CLSID\{EFA8B4F6-3901-4B81​-9BAF-FC6775B90A78}
 [08/30/2007, 12:26:46] -   Adding Kill Bit for ActiveX for GUID: {EFA8B4F6-3901-4B81-9BAF-FC677​5B90A78}
 [08/30/2007, 12:26:46] -   Deleting ATLEvents/MSEvents Registry entries
 [08/30/2007, 12:26:46] -   Removing HKLM\...\Winlogon\Notify\ddayv
 [08/30/2007, 12:26:46] - Searching for Browser Helper Objects:
 [08/30/2007, 12:26:46] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
 [08/30/2007, 12:26:46] -  BHO 2: {3F5E9987-FD12-408E-3612-01884​5CDF059} ()
 [08/30/2007, 12:26:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:46] -  Checking for HKLM\...\Winlogon\Notify\jvqxn​jcw
 [08/30/2007, 12:26:46] -  Key not found: HKLM\...\Winlogon\Notify\jvqxn​jcw, continuing.
 [08/30/2007, 12:26:46] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [08/30/2007, 12:26:46] -  BHO 4: {7C05D204-405C-4DD0-84C1-8129F​034ADDA} ()
 [08/30/2007, 12:26:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:46] -  Checking for HKLM\...\Winlogon\Notify\mlljg
 [08/30/2007, 12:26:46] -  Key not found: HKLM\...\Winlogon\Notify\mlljg​, continuing.
 [08/30/2007, 12:26:46] -  BHO 5: {7E853D72-626A-48EC-A868-BA8D5​E23E045} ()
 [08/30/2007, 12:26:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [08/30/2007, 12:26:46] -  No filename found. Continuing.
 [08/30/2007, 12:26:46] -  BHO 6: {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} (IECatcher Class)
 [08/30/2007, 12:26:46] - Finished Searching Browser Helper Objects
 [08/30/2007, 12:26:46] - Finishing up...
 [08/30/2007, 12:26:46] - A restart is needed.
 [08/30/2007, 12:27:00] - Attempting to Restart via STOP error (Blue Screen!)

 
 combo fix :


 ComboFix 07-08-30.3 - "Wormi" 2007-08-30 12:30:25.1 - NTFSx86
 Microsoft Windows XP Professionnel  5.1.2600.2.1252.33.1036.18.889 [GMT 2:00]
 * Created a new restore point


 ((((((((((((((((((((((((((((((​(((((((((   Other Deletions   ))))))))))))))))))))))))))))))​)))))))))))))))))))


 C:\Program Files\SecCenter
 C:\Program Files\SecCenter\scprot4.exe
 C:\Program Files\smbols~1
 C:\Program Files\smbols~1\s?mbols\
 C:\WINDOWS\Casino.ico
 C:\WINDOWS\Free Online Dating.ico
 C:\WINDOWS\Spyware Remover.ico
 C:\WINDOWS\system32\drivers\as​c3550u.sys
 C:\WINDOWS\system32\winzwr32.d​ll
 C:\WINDOWS\wr.txt


 ((((((((((((((((((((((((((((((​(((((((((   Drivers/Services   ))))))))))))))))))))))))))))))​)))))))))))))))))))


 -------\LEGACY_DOMAINSERVICE
 -------\LEGACY_NTMLSVC
 -------\DomainService
 -------\nm
 -------\NtmlSvc


 (((((((((((((((((((((((((   Files Created from 2007-07-28 to 2007-08-30  ))))))))))))))))))))))))))))))​)


 2007-08-30 12:29 51,200 --a------ C:\WINDOWS\nircmd.exe
 2007-08-30 12:13 <REP> d-------- C:\VundoFix Backups
 2007-08-30 12:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\​AntiVir PersonalEdition Classic
 2007-08-30 11:57 75,328 --a------ C:\WINDOWS\system32\ugdjgfso.e​xe
 2007-08-30 11:19 <REP> d-------- C:\Program Files\Navilog1
 2007-08-29 11:34 102,400 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\​bmvkhyfq.dll
 2007-08-29 11:34 <REP> d-------- C:\WINDOWS\system32\wdqpokti
 2007-08-29 11:34 <REP> d-------- C:\Program Files\Rjrqgrir
 2007-08-29 00:18 <REP> d-------- C:\Downloads
 2007-08-28 21:32 15,360 --a------ C:\WINDOWS\system32\drvsekr.dl​l
 2007-08-28 21:32 <REP> d-------- C:\Program Files\rmhgpelw
 2007-08-23 18:56 <REP> d-------- C:\DOCUME~1\Matthieu\APPLIC~1\​WinRAR
 2007-08-21 10:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\h​idserv.dll
 2007-08-21 10:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dl​l
 2007-08-21 10:54 12,288 --a--c--- C:\WINDOWS\system32\dllcache\m​ouhid.sys
 2007-08-21 10:54 12,288 --a------ C:\WINDOWS\system32\drivers\mo​uhid.sys
 2007-08-17 19:39 <REP> d--h----- C:\Program Files\Zero G Registry
 2007-08-17 19:39 <REP> d--h----- C:\DOCUME~1\Wormi\InstallAnywh​ere
 2007-08-16 00:00 43,542 --a------ C:\WINDOWS\system32\vtuurqq.dl​l.vir
 2007-08-12 18:03 <REP> d-------- C:\MONKEY
 2007-08-07 19:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\​NFS Underground
 2007-08-07 18:31 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
 2007-07-31 14:55 <REP> d-------- C:\Program Files\BitSpirit
 2007-07-30 12:21 <REP> d-------- C:\Program Files\RssBandit
 2007-07-30 12:21 <REP> d-------- C:\DOCUME~1\Wormi\APPLIC~1\Rss​Bandit
 2007-07-30 12:18 <REP> d-------- C:\Program Files\iPodder
 2007-07-30 12:18 <REP> d-------- C:\DOCUME~1\Wormi\APPLIC~1\iPo​dder
 2007-07-26 22:20 <REP> d-------- C:\Program Files\FileSubmit
 2007-07-26 17:33 <REP> d-------- C:\DOCUME~1\Wormi\Contacts
 2007-07-26 17:32 <REP> d-------- C:\Program Files\MSN Messenger
 2007-07-26 14:39 <REP> d-------- C:\Program Files\Calcute
 2007-07-25 18:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\​SecTaskMan
 2007-07-20 17:28 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DL​L
 2007-07-20 17:28 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DL​L
 2007-07-20 17:28 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DL​L
 2007-07-20 17:28 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.d​ll
 2007-07-20 17:28 <REP> d-------- C:\Program Files\PDFCreator
 2007-07-16 19:26 <REP> d-------- C:\DOCUME~1\EcLiPsE\APPLIC~1\W​inRAR
 2007-07-08 23:51 <REP> d-------- C:\Program Files\OGSConverter
 2007-07-05 19:29 <REP> d---s---- C:\DOCUME~1\Matthieu\UserData
 2007-07-04 01:11 <REP> d-------- C:\Program Files\DivX
 2007-07-03 19:40 <REP> d-------- C:\DOCUME~1\Wormi\APPLIC~1\Win​RAR
 2007-07-03 01:56 23,040 -----c--- C:\WINDOWS\system32\dllcache\f​ltmc.exe
 2007-07-03 01:56 16,896 -----c--- C:\WINDOWS\system32\dllcache\f​ltlib.dll
 2007-07-03 01:56 128,896 -----c--- C:\WINDOWS\system32\dllcache\f​ltmgr.sys
 2007-07-02 21:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dl​l
 2007-07-02 21:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dl​l
 2007-07-02 18:40 <REP> d-------- C:\DOCUME~1\Wormi\APPLIC~1\Jas​c
 2007-07-01 22:42 <REP> d--h----- C:\WINDOWS\$hf_mig$
 2007-07-01 00:55 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer
 2007-07-01 00:43 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
 2007-07-01 00:43 <REP> d-------- C:\WINDOWS\provisioning
 2007-07-01 00:43 <REP> d-------- C:\WINDOWS\peernet
 2007-07-01 00:41 <REP> d-------- C:\WINDOWS\ServicePackFiles
 2007-07-01 00:39 22,752 --a------ C:\WINDOWS\system32\spupdsvc.e​xe
 2007-07-01 00:38 <REP> d-------- C:\WINDOWS\EHome
 2007-07-01 00:18 <REP> d-------- C:\Program Files\MSXML 4.0


 ((((((((((((((((((((((((((((((​((((((((((   Find3M Report   ))))))))))))))))))))))))))))))​))))))))))))))))))))))

 2007-08-30 11:42 --------- d-------- C:\Program Files\NVIDIA Corporation
 2007-08-30 11:39 --------- d-------- C:\Program Files\SolidWorks
 2007-08-30 11:39 --------- d-------- C:\Program Files\Gigabyte
 2007-08-30 00:09 --------- d-------- C:\DOCUME~1\EcLiPsE\APPLIC~1\O​penOffice.org2
 2007-08-28 15:14 --------- d-------- C:\DOCUME~1\Wormi\APPLIC~1\Ado​beUM
 2007-08-24 19:01 --------- d-------- C:\DOCUME~1\Wormi\APPLIC~1\Ope​nOffice.org2
 2007-08-24 16:13 --------- d-------- C:\DOCUME~1\EcLiPsE\APPLIC~1\A​dobeUM
 2007-08-21 16:01 --------- d-------- C:\DOCUME~1\Matthieu\APPLIC~1\​OpenOffice.org2
 2007-08-20 17:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
 2007-08-16 16:27 --------- d-------- C:\DOCUME~1\Wormi\APPLIC~1\Ahe​ad
 2007-08-01 15:33 --------- d-------- C:\Program Files\SpeedSim
 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.ex​e
 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dl​l
 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dl​l
 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
 2007-07-26 21:45 163644 --a------ C:\WINDOWS\system32\drivers\se​cdrv.sys
 2007-07-02 21:57 --------- d-------- C:\DOCUME~1\Wormi\APPLIC~1\dvd​css
 2007-06-30 23:57 --------- d-------- C:\Program Files\Mass Downloader
 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
 2007-05-07 14:40 21954 --a------ C:\Program Files\SolidWorksswxJRNL.BAK
 1999-06-30 15:06 151552 -ra------ C:\WINDOWS\inf\AGFA\message.ex​e


 ((((((((((((((((((((((((((((((​(((((((   Reg Loading Points   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 
 
 *Note* empty entries & legit default entries are not shown

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}]
 2007-08-29 11:34 102400 --a------ C:\Program Files\Rjrqgrir\jvqxnjcw.dll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C05D204-405C-4DD0-84C1-8129F034ADDA}]
    C:\WINDOWS\system32\mlljg.dll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFA8B4F6-3901-4B81-9BAF-FC6775B90A78}]
    C:\WINDOWS\system32\ddayv.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_02\bin\jus​ched.exe" [2007-07-12 04:00]
 "Tweak UI"="TWEAKUI.CPL" [2003-03-25 06:49 C:\WINDOWS\system32\tweakui.cpl]
 "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
 "NvCplDaemon"="C:\WINDOWS\syst​em32\NvCpl.dll" [2006-06-01 17:22]
 "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier​2.exe" [2006-07-07 18:45]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\ctfmon.exe" [2004-08-20 01:09]
 "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe" []

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\ddayv]
 C:\WINDOWS\system32\ddayv.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\gebawvu]
 gebawvu.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\vtuurqq]
 vtuurqq.dll

 R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Dr​ivers\ousbehci.sys
 R3 ousb2hub;OrangeWare USB 2.0 Hub Support;C:\WINDOWS\system32\DR​IVERS\ousb2hub.sys
 R3 st3bus28;st3bus28;C:\WINDOWS\s​ystem32\DRIVERS\st3bus28.sys
 R3 st3mp28;st3mp28;C:\WINDOWS\sys​tem32\DRIVERS\st3mp28.sys
 S0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRI​VERS\AmdAcpi.sys
 S3 AMDPCI;AMDPCI;\??\C:\DOCUME~1\​Wormi\LOCALS~1\Temp\AMDPCI.sys
 S3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRI​VERS\amdtools.sys
 S3 FT8591;FT8591 Filter;C:\WINDOWS\system32\DRI​VERS\FT8591.sys
 S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVER​S\usbscan.sys
 S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVER​S\USBSTOR.SYS


 Contents of the 'Scheduled Tasks' folder
 2007-08-30 10:33:05 C:\WINDOWS\Tasks\Playlist Wormi.job - H:\MUSIQUE\Playlist Wormi.m3u
 2007-08-30 10:33:13 C:\WINDOWS\Tasks\Playlist Wormi2.job

 ******************************​******************************​**************

 catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2007-08-30 12:33:22
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************

 Completion time: 2007-08-30 12:35:07 - machine was rebooted
 C:\ComboFix-quarantined-files.​txt ... 2007-08-30 12:35

  --- E O F ---
 
 VundoFix :



 VundoFix V6.5.7

 Checking Java version...

 Java version is 1.5.0.6
 Old versions of java are exploitable and should be removed.

 Scan started at 12:13:08 30/08/2007

 Listing files found while scanning....

 C:\WINDOWS\system32\ddayv.dll
 C:\WINDOWS\system32\gjllm.bak1
 C:\WINDOWS\system32\gjllm.bak2
 C:\WINDOWS\system32\gjllm.ini
 C:\WINDOWS\system32\gjllm.ini2
 C:\WINDOWS\system32\gjllm.tmp
 C:\WINDOWS\system32\idyqsykv.d​ll
 C:\WINDOWS\system32\mlljg.dll
 C:\WINDOWS\system32\vyadd.bak1
 C:\WINDOWS\system32\vyadd.bak2
 C:\WINDOWS\system32\vyadd.ini
 C:\WINDOWS\system32\vyadd.ini2
 C:\WINDOWS\system32\vyadd.tmp

 Beginning removal...

 Attempting to delete C:\WINDOWS\system32\gjllm.bak1
 C:\WINDOWS\system32\gjllm.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gjllm.bak2
 C:\WINDOWS\system32\gjllm.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gjllm.ini
 C:\WINDOWS\system32\gjllm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gjllm.ini2
 C:\WINDOWS\system32\gjllm.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gjllm.tmp
 C:\WINDOWS\system32\gjllm.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\idyqsykv.d​ll
 C:\WINDOWS\system32\idyqsykv.d​ll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mlljg.dll
 C:\WINDOWS\system32\mlljg.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vyadd.bak1
 C:\WINDOWS\system32\vyadd.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vyadd.bak2
 C:\WINDOWS\system32\vyadd.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vyadd.ini
 C:\WINDOWS\system32\vyadd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vyadd.ini2
 C:\WINDOWS\system32\vyadd.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vyadd.tmp
 C:\WINDOWS\system32\vyadd.tmp Has been deleted!

 Performing Repairs to the registry.
 Done!


 combo fix quarantined files :

 [code]
 2004-08-04 08:14      71168    --a------    C:\Qoobox\Quarantine\C\WINDOWS​\system32\drivers\asc3550u.sys​.vir
 2007-07-08 21:23      15399    --a------    C:\Qoobox\Quarantine\C\ComboFi​x\FProps.vbs.vir
 2007-07-26 22:36      11    --a------    C:\Qoobox\Quarantine\C\WINDOWS​\wr.txt.vir
 2007-07-26 22:36      19968    --a------    C:\Qoobox\Quarantine\C\WINDOWS​\system32\winzwr32.dll.vir
 2007-07-26 22:44      1150    --a------    C:\Qoobox\Quarantine\C\WINDOWS​\Free Online Dating.ico.vir
 2007-07-26 22:44      2238    --a------    C:\Qoobox\Quarantine\C\WINDOWS​\Casino.ico.vir
 2007-07-26 22:44      4846    --a------    C:\Qoobox\Quarantine\C\WINDOWS​\Spyware Remover.ico.vir
 2007-08-29 11:34      274432    --a------    C:\Qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.vi​r
 2007-08-30 12:31      1026    --a------    C:\Qoobox\Quarantine\Registry_​backups\LEGACY_NTMLSVC.reg.cf
 2007-08-30 12:31      2956    --a------    C:\Qoobox\Quarantine\Registry_​backups\services_DomainService​.reg.cf
 2007-08-30 12:31      352    --a------    C:\Qoobox\Quarantine\Registry_​backups\services_nm.reg.cf
 2007-08-30 12:31      3766    --a------    C:\Qoobox\Quarantine\Registry_​backups\services_NtmlSvc.reg.c​f
 2007-08-30 12:31      846    --a------    C:\Qoobox\Quarantine\Registry_​backups\LEGACY_DOMAINSERVICE.r​eg.cf
 2007-08-30 12:34      757207    --a------    C:\Qoobox\snapshot_2007-08-30_​123446.48.cf


 Structure du dossier
 Le num‚ro de s‚rie du volume est D40B-6B06
 C:\QOOBOX
 |   snapshot_2007-08-30_123446.48.​cf
 |  
 \---Quarantine

+---C

|   +---ComboFix

|   |       FProps.vbs.vir

|   |

|   +---Program Files

|   |   \---SecCenter

|   |           scprot4.exe.vir

|   |

|   \---WINDOWS

|       |   Casino.ico.vir

|       |   Free Online Dating.ico.vir

|       |   Spyware Remover.ico.vir

|       |   wr.txt.vir

|       |

|       \---system32

|           |   winzwr32.dll.vir

|           |

|           \---drivers

|                   asc3550u.sys.vir

|

\---Registry_backups

LEGACY_DOMAINSERVICE.reg.cf

LEGACY_NTMLSVC.reg.cf

services_DomainService.reg.cf

services_nm.reg.cf

services_NtmlSvc.reg.cf


 [/code]

 J'espère que je n'en ai pas oublié...



  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 30/08/2007 à 14:46:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re, nickel :super:

 post un nouveau rapport hijackthis stp ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
nico le d
wormi
  1. Posté le 30/08/2007 à 19:55:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voici le rapport HiJackThis:
 (en espérant que mon frère n'a pas tout chamboulé en ouvrant sa session :/  )

 Logfile of Trend Micro HijackThis v2.0.0 (BETA)
 Scan saved at 20:53:53, on 30/08/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcIp.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcLog.exe
 C:\WINDOWS\System32\nvsvc32.ex​e
 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.e​xe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\wdfmgr.exe
 C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
 C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcAppFlt.exe
 C:\WINDOWS\System32\alg.exe
 C:\Program Files\Java\jre1.6.0_02\bin\jus​ched.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
 C:\Program Files\SuperCopier2\SuperCopier​2.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Java\jre1.6.0_02\bin\jus​ched.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
 C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Java\jre1.6.0_02\bin\jus​ched.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
 C:\WINDOWS\System32\wbem\wmipr​vse.exe
 C:\Program Files\Mass Downloader\massdown.exe
 C:\Documents and Settings\Wormi\Bureau\HiJackTh​is_v2.exe
 C:\WINDOWS\System32\wbem\wmipr​vse.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.google.fr/
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E​80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.​DLL
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier​2.exe
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe AcRdB7_0_0
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-21-1644491937-79052​5478-839522115-1004\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier​2.exe (User 'EcLiPsE')
 O4 - HKUS\S-1-5-21-1644491937-79052​5478-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Matthieu')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - S-1-5-21-1644491937-790525478-​839522115-1004 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'EcLiPsE')
 O4 - S-1-5-21-1644491937-790525478-​839522115-1004 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'EcLiPsE')
 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adob​e Gamma Loader.exe
 O8 - Extra context menu item: &Tout télécharger en utilisant Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
 O8 - Extra context menu item: S'abonner avec RSS Bandit - C:\Documents and Settings\Wormi\Application Data\RssBandit\iecontext_subsc​ribebandit.htm
 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
 O8 - Extra context menu item: Télécharger en utilisant &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv​.dll
 O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E​80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
 O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E​80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.d​ll
 O17 - HKLM\System\CCS\Services\Tcpip​\..\{6BF9B29D-8DA3-440F-8E71-3​26D26AF97F1}: NameServer = 192.168.1.1
 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C​90312E1} - C:\WINDOWS\System32\browseui.d​ll
 O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-30783​02C2030} - C:\WINDOWS\System32\browseui.d​ll
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.ex​e
 O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.e​xe
 O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcAppFlt.exe
 O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\Apache Group\Apache2\bin\apache.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe
 O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.ex​e
 O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcIp.exe
 O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManag​er\bin\nSvcLog.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.e​xe
 O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.ex​e
 O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.e​xe
 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.e​xe
 O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.e​xe
 O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.ex​e
 O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
 O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiap​srv.exe
 O23 - Service: WMP54GSVC - GEMTEKS - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe

 --
 End of file - 9582 bytes

(Publicité)
 Page :
1

Aller à :
 

Sujets relatifs
Advanced system Protector & RegCleanPro Quad Registry cleaner
[résolu] pub de win antivirus spyware, drive cleaner [Résolu] Errorsafe, System Doctor ... [Résolu]
Mon ordi est infecté, drivecleaner et winantivirus [résolu]. winantivirus pro 2007
[résolu] fenêtres de pub winantivirus sans arrêt ! sos ! winantivirus 2006, drivecleaner, systemdoctor need help
winantivirus pro 2007 Encore un avec des soucis Winantivirus pro2006
Plus de sujets relatifs à : Winantivirus pro, drive cleaner, system doctor ...

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
messenger + live inffecté 0
spyware secure ? 3
Mon PC est lent + pub bidon pour anti-virus 18
[résolu]help please Virus msn photos vacances 16
Envahi par win32:Dialer-970 : help les experts 5