01net    Web


Actuellement en ligne : 140 Utilisateurs dont 24 dans Sécurité, virus et assimilés >S'inscrire      >S'identifier      >Recherche      >Aide  
modéré par A.Ouloube, naheulbeuk, Mérillym, bibou0007, Malekal_morte, IL-MAFIOSO  
01net > Forum de 01net > Sécurité, virus et assimilés > Trojan et spywares
> Vundo laisse des traces [résolu]
Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...
Auteur
Message
 
<     1       >
mymi79
  
   
      ?   @     Posté le 14/07/2008 11:25:29  
Voter pour ce message
bonjour, je suis nouvelle dans ce forum..j'ai vraiment besoin de l'aide de quelqun...jai attrapé Vundo , et mê^me apres combofix, malwarebytes, vundofix, etc, je crois quil ya encore quelque fichiers de vundo, que mon anti virus detecte a toutes les fois que je redemarre mon ordi..jaimerais vraiment avoir l'Avis de quelqun qui s'y connait plus que moi ...merci !!!
-->Message édité par mymi79 le 29/07/2008 21:24:12<--
kmisol
  Imagine ...
  :-)
      ?   @     Posté le 14/07/2008 11:31:58  
Voter pour ce message
:hello: mymi79

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique "YES".
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique "OK".
* Redémarre ton PC.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Note : Il est possible que VundoFix soit confronté à un fichier qu'il
ne peut supprimer.
Si tel est le cas, l'outil se lancera au prochain redémarrage ; il faut
simplement suivre les instructions ci-haut, à partir de "clique sur
le bouton Scan for Vundo".

-------
Télécharge VirtumondeBegone : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

* Lance VirtumondeBegone.exe puis, suis les instructions.
* Une fois son travail terminé, redémarre puis, poste le rapport.

PS : si tu es sous Vista, désactive l'UAC jusqu'à la résolution du problème.


-------
"Le soleil se lève avant moi ; moi, je me couche après lui : nous sommes quittes !" ;) Jules Renard
La Terre : faîtes gaffe, on n' en a qu' une ! http://www.defipourlaterre.org/jemengage/ -> http://malamp
mymi79
  
   
      ?   @     Posté le 14/07/2008 18:53:33  
Voter pour ce message
MErci beaucoup d'avoir répndu si vite a mon message...je fonctionne avec XP

voici le rapport VundoFix


VundoFix V7.0.6

Scan started at 3:31:38 AM 7/13/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.6

Scan started at 10:40:26 PM 7/14/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

--------------------------

et voici Vertumondebegone...

[07/14/2008, 22:56:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dell\Desktop\VirtumundoBeGone.exe" )
[07/14/2008, 22:57:01] - Detected System Information:
[07/14/2008, 22:57:01] - Windows Version: 5.1.2600, Service Pack 3
[07/14/2008, 22:57:01] - Current Username: Dell (Admin)
[07/14/2008, 22:57:01] - Windows is in NORMAL mode.
[07/14/2008, 22:57:01] - Searching for Browser Helper Objects:
[07/14/2008, 22:57:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/14/2008, 22:57:01] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/14/2008, 22:57:01] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[07/14/2008, 22:57:01] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2008, 22:57:01] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[07/14/2008, 22:57:01] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2008, 22:57:01] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/14/2008, 22:57:01] - Finished Searching Browser Helper Objects
[07/14/2008, 22:57:01] - Finishing up...
[07/14/2008, 22:57:01] - Nothing found! Exiting...

-------------------------------------

voici celui de HijackThis, au cas ou ca serait nécessaire..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:04 PM, on 7/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Dell\Desktop\Scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=ae&l=en&s=bsd
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE FlyCam Classic
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Host Booter] hostbooter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://tropmymi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8420 bytes
--------------------------------

ok et voici celui de Combofix...

ComboFix 08-07-11.1 - Dell 2008-07-13 22:53:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1051 [GMT 8:00]
Running from: C:\Documents and Settings\Dell\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-13 04:30 . 2008-07-13 04:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 04:30 . 2008-07-13 04:30 <DIR> d-------- C:\Documents and Settings\Dell\Application Data\Malwarebytes
2008-07-13 04:30 . 2008-07-13 04:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 04:30 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 04:30 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 04:02 . 2006-08-02 07:44 <DIR> d-------- C:\Documents and Settings\Administrator\Bluetooth Software
2008-07-13 04:02 . 2006-08-02 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-13 04:02 . 2006-08-02 07:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-13 04:02 . 2008-07-13 04:02 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-13 03:31 . 2008-07-13 03:31 <DIR> d-------- C:\VundoFix Backups
2008-07-11 13:03 . 2008-07-11 19:31 110,428 --a------ C:\WINDOWS\BM6749c395.xml
2008-07-11 13:03 . 2008-07-12 03:39 91,648 --------- C:\WINDOWS\system32\dlayetyp.dll_old
2008-07-09 21:01 . 2008-07-09 13:05 43,520 -rahs---- C:\WINDOWS\system32\hostbooter.exe
2008-06-21 01:46 . 2008-06-21 01:46 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-21 01:46 . 2008-06-21 01:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 19:51 . 2008-06-20 19:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 19:40 . 2008-06-20 19:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 19:08 . 2008-06-20 19:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 16:53 . 2008-07-10 03:53 <DIR> d-------- C:\Program Files\SpywareBlaster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 14:49 --------- d-----w C:\Documents and Settings\Dell\Application Data\Skype
2008-07-11 19:41 --------- d-----w C:\Documents and Settings\Dell\Application Data\uTorrent
2008-07-10 05:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-10 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-09 19:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 09:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-12 09:34 --------- d-----w C:\Program Files\Piano Lessons Unlimited
2008-05-25 06:09 --------- d-----w C:\Program Files\MétéoMédia
2008-05-19 19:13 --------- d-----w C:\Program Files\uTorrent
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 14:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 00:10 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 00:10 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 00:10 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
2008-04-14 00:10 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
2008-04-13 21:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 21:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 21:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:43 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-13_ 4.25.53.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 20:22:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 13:10:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-12 20:06:02 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-13 13:15:12 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-12 20:06:02 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-13 13:15:12 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 17:31 22880040]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 20:19 53248]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 02:05 1117184]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 12:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 17:39 136768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2005-11-28 17:32 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]
"Windows Host Booter"="hostbooter.exe" [2008-07-09 13:05 43520 C:\WINDOWS\system32\hostbooter.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 12:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-04-06 21:58 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 12:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-11-01 10:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 09:41 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 09:45 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 09:44 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-12-28 18:56 602182 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-12-28 18:55 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 23:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 23:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 09:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-13 02:05 1117184 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-20 00:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 18:48 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=


*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 10:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-13 14:10:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 22:55:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\hostbooter.exe [2088] 0x8A1977E8

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
Completion time: 2008-07-13 22:56:24
ComboFix-quarantined-files.txt 2008-07-13 14:55:58
ComboFix2.txt 2008-07-12 20:26:10

Pre-Run: 17,860,628,480 bytes free
Post-Run: 17,843,978,240 bytes free

226 --- E O F --- 2008-07-09 11:32:44
-------------------------------------

merci!!

Myriam



kmisol
  Imagine ...
  :-)
      ?   @     Posté le 14/07/2008 18:57:41  
Voter pour ce message
...

Merci de ne poster que les rapports qui sont demandés :/ !

Fais un scan avec Malwarebytes et poste le rapport.
-------
"Le soleil se lève avant moi ; moi, je me couche après lui : nous sommes quittes !" ;) Jules Renard
La Terre : faîtes gaffe, on n' en a qu' une ! http://www.defipourlaterre.org/jemengage/ -> http://malamp
mymi79
  
   
      ?   @     Posté le 15/07/2008 08:46:43  
Voter pour ce message
Voici mon rapport Malwarebytes...
----------------------------
Malwarebytes' Anti-Malware 1.19
Database version: 899
Windows 5.1.2600 Service Pack 3

8:19:56 AM 7/15/2008
mbam-log-7-15-2008 (08-19-56).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 90966
Time elapsed: 33 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
kmisol
  Imagine ...
  :-)
      ?   @     Posté le 15/07/2008 17:56:13  
Voter pour ce message
:hello: mymi79

je crois quil ya encore quelque fichiers de vundo, que mon
anti virus detecte a toutes les fois que je redemarre

Tjrs des séquelles de Vundo ?
-------
"Le soleil se lève avant moi ; moi, je me couche après lui : nous sommes quittes !" ;) Jules Renard
La Terre : faîtes gaffe, on n' en a qu' une ! http://www.defipourlaterre.org/jemengage/ -> http://malamp
mymi79
  
   
      ?   @     Posté le 17/07/2008 07:54:39  
Voter pour ce message
salut kmisol, jai toujours la presence de fichiers vundo, jai fait un scan avec mon anti virus (mcAfee) et il a trouvé quelques fichiers,

1hMRWLMN.DLL.VIR
1hmrwlmn.dll.vir
TFYSMEEP.DLL.VIR
tfysmeep.dll.vir dans quarantine windows system32

et aussi

A0030106.dll
A0030106.dll dans vol information restore RP369 `{876823648}

aussi , a toutes les fois que je branche une clef USB ou bien mon disques dur externe dans une de mes prises USB, mon anti virus apparait , detectant un fichier autorun.inf, et aussi, quand je suis sur MSN Messenger pendant un petit bout, lorsque je vien pour fermer le programme , il me demande si je veux vraiment quitter les conversations actives, meme si je n'ai parlé a personne, et ce entre 5 a 10 fois de suite (comme si javais 10 conversations actives ),
aaaaaaa ce tres fatiguant ...as tu une idée de ce que ca pourrait etre ..?

merci kmisol

Myriam
kmisol
  Imagine ...
  :-)
      ?   @     Posté le 17/07/2008 08:39:59  
Voter pour ce message
:hello: mymi79

Repasse un coup de VundoFix, de VirtumondeBegone et de Malwarebytes.

Poste les rapports.

-------
Télécharge Flash Disinfector sur ton Bureau

Si tu as une alerte de ton antivirus, n' en tient pas compte !

Branche tes supports amovibles (tous les périphériques externes : DD, USB, etc),
démarre les (disques dur externes par exemple) pour ceux qui le devraient.
Double-clique sur Flash_Disinfector.exe et laisse toi guider.
Cela sera très rapide, un message t'informera de la fin du fix.

ATTENTION : celui-ci stoppe le processus explorer.exe puis le redémarre.

Prends soin de ne pas laisser de documents : ferme toutes les
applications et sauvegarde tes documents (word, excel) sur lesquels
tu travailles ouvert à ce moment la.

Si tu as beaucoup de clés à désinfecter, tu peux renouveler l'opération en
branchant les clés non traitées une à une.

-------
Reposte aussi un rapport HijackThis.

-------
"Le soleil se lève avant moi ; moi, je me couche après lui : nous sommes quittes !" ;) Jules Renard
La Terre : faîtes gaffe, on n' en a qu' une ! http://www.defipourlaterre.org/jemengage/ -> http://malamp
mymi79
  
   
      ?   @     Posté le 17/07/2008 18:55:46  
Voter pour ce message
ok, voici mes 4 rapports demandés, je crois que cest de pire en pire ...

(hijackthis a trouvé 17 fichiers vundo a peu pres, je ne les ai pas effacé)

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:02 PM, on 7/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dell\Desktop\Scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=ae&l=en&s=bsd
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: {5be20e08-bf96-810a-9084-95fcdd32e256} - {652e23dd-cf59-4809-a018-69fb80e02eb5} - C:\WINDOWS\system32\qofxty.dll
O2 - BHO: (no name) - {6A0F33AE-AE25-4A7A-829C-47C41094EB66} - C:\WINDOWS\system32\karqroei.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\pmnkHWOh.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BD3F9929-51DD-4E7C-A5DC-949D3224ABE0} - C:\WINDOWS\system32\nnnmLCRL.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE FlyCam Classic
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Host Booter] hostbooter.exe
O4 - HKLM\..\Run: [647af009] rundll32.exe "C:\WINDOWS\system32\mvtkxybp.dll",b
O4 - HKLM\..\Run: [BM6749c395] Rundll32.exe "C:\WINDOWS\system32\apwxlycf.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://tropmymi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnkHWOh - C:\WINDOWS\SYSTEM32\pmnkHWOh.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8746 bytes

---------------------------------------------------------

VundoFix


VundoFix V7.0.6

Scan started at 3:31:38 AM 7/13/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.6

Scan started at 10:40:26 PM 7/14/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

VundoFix V7.0.6

Scan started at 7:00:34 PM 7/17/2008

Listing files found while scanning....

C:\Windows\system32\karqroei.dll
---------------------------------------------------------


Virtumondebegone

[07/17/2008, 19:21:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dell\Desktop\VirtumundoBeGone.exe" )
[07/17/2008, 19:21:19] - User choose NOT to continue. Exiting...

[07/17/2008, 19:21:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dell\Desktop\VirtumundoBeGone.exe" )
[07/17/2008, 19:21:49] - Detected System Information:
[07/17/2008, 19:21:49] - Windows Version: 5.1.2600, Service Pack 3
[07/17/2008, 19:21:49] - Current Username: Dell (Admin)
[07/17/2008, 19:21:49] - Windows is in NORMAL mode.
[07/17/2008, 19:21:49] - Searching for Browser Helper Objects:
[07/17/2008, 19:21:50] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/17/2008, 19:21:50] - BHO 2: {652e23dd-cf59-4809-a018-69fb80e02eb5} ()
[07/17/2008, 19:21:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:50] - Checking for HKLM\...\Winlogon\Notify\qofxty
[07/17/2008, 19:21:50] - Key not found: HKLM\...\Winlogon\Notify\qofxty, continuing.
[07/17/2008, 19:21:50] - BHO 3: {6A0F33AE-AE25-4A7A-829C-47C41094EB66} ()
[07/17/2008, 19:21:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:50] - Checking for HKLM\...\Winlogon\Notify\karqroei
[07/17/2008, 19:21:50] - Key not found: HKLM\...\Winlogon\Notify\karqroei, continuing.
[07/17/2008, 19:21:50] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/17/2008, 19:21:50] - BHO 5: {7EBB7DA6-2369-450D-980F-9A2311A99ACF} ()
[07/17/2008, 19:21:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:50] - Checking for HKLM\...\Winlogon\Notify\pmnkHWOh
[07/17/2008, 19:21:50] - Found: HKLM\...\Winlogon\Notify\pmnkHWOh - This is probably Virtumundo.
[07/17/2008, 19:21:50] - Assigning {7EBB7DA6-2369-450D-980F-9A2311A99ACF} MSEvents Object
[07/17/2008, 19:21:50] - BHO list has been changed! Starting over...
[07/17/2008, 19:21:50] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/17/2008, 19:21:50] - BHO 2: {652e23dd-cf59-4809-a018-69fb80e02eb5} ()
[07/17/2008, 19:21:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:50] - Checking for HKLM\...\Winlogon\Notify\qofxty
[07/17/2008, 19:21:50] - Key not found: HKLM\...\Winlogon\Notify\qofxty, continuing.
[07/17/2008, 19:21:50] - BHO 3: {6A0F33AE-AE25-4A7A-829C-47C41094EB66} ()
[07/17/2008, 19:21:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:50] - Checking for HKLM\...\Winlogon\Notify\karqroei
[07/17/2008, 19:21:50] - Key not found: HKLM\...\Winlogon\Notify\karqroei, continuing.
[07/17/2008, 19:21:50] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/17/2008, 19:21:50] - BHO 5: {7EBB7DA6-2369-450D-980F-9A2311A99ACF} (MSEvents Object)
[07/17/2008, 19:21:50] - ALERT: Found MSEvents Object!
[07/17/2008, 19:21:50] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/17/2008, 19:21:50] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/17/2008, 19:21:50] - BHO 8: {E88DF0C1-E2A6-479E-BF98-3E9F8E9CC61C} ()
[07/17/2008, 19:21:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:50] - Checking for HKLM\...\Winlogon\Notify\nnnmLCRL
[07/17/2008, 19:21:50] - Key not found: HKLM\...\Winlogon\Notify\nnnmLCRL, continuing.
[07/17/2008, 19:21:50] - Finished Searching Browser Helper Objects
[07/17/2008, 19:21:50] - *** Detected MSEvents Object
[07/17/2008, 19:21:50] - Trying to remove MSEvents Object...
[07/17/2008, 19:21:51] - Terminating Process: IEXPLORE.EXE
[07/17/2008, 19:21:51] - Terminating Process: RUNDLL32.EXE
[07/17/2008, 19:21:51] - Disabling Automatic Shell Restart
[07/17/2008, 19:21:51] - Terminating Process: EXPLORER.EXE
[07/17/2008, 19:21:51] - Suspending the NT Session Manager System Service
[07/17/2008, 19:21:51] - Terminating Windows NT Logon/Logoff Manager
[07/17/2008, 19:21:51] - Re-enabling Automatic Shell Restart
[07/17/2008, 19:21:51] - File to disable: C:\WINDOWS\system32\pmnkHWOh.dll
[07/17/2008, 19:21:51] - Renaming C:\WINDOWS\system32\pmnkHWOh.dll -> C:\WINDOWS\system32\pmnkHWOh.dll.vir
[07/17/2008, 19:21:51] - ! File rename was unsucessful.
[07/17/2008, 19:21:51] - Attempting to Deny Access to C:\WINDOWS\system32\pmnkHWOh.dll
[07/17/2008, 19:21:52] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[07/17/2008, 19:21:52] - processed file: C:\WINDOWS\system32\pmnkHWOh.dll

[07/17/2008, 19:21:52] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[07/17/2008, 19:21:52] - Removing HKLM\...\Browser Helper Objects\{7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:21:52] - Removing HKCR\CLSID\{7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:21:53] - Adding Kill Bit for ActiveX for GUID: {7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:21:54] - Deleting ATLEvents/MSEvents Registry entries
[07/17/2008, 19:21:54] - Removing HKLM\...\Winlogon\Notify\pmnkHWOh
[07/17/2008, 19:21:54] - Searching for Browser Helper Objects:
[07/17/2008, 19:21:55] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/17/2008, 19:21:55] - BHO 2: {652e23dd-cf59-4809-a018-69fb80e02eb5} ()
[07/17/2008, 19:21:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:55] - Checking for HKLM\...\Winlogon\Notify\qofxty
[07/17/2008, 19:21:56] - Key not found: HKLM\...\Winlogon\Notify\qofxty, continuing.
[07/17/2008, 19:21:56] - BHO 3: {6A0F33AE-AE25-4A7A-829C-47C41094EB66} ()
[07/17/2008, 19:21:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:56] - Checking for HKLM\...\Winlogon\Notify\karqroei
[07/17/2008, 19:21:56] - Key not found: HKLM\...\Winlogon\Notify\karqroei, continuing.
[07/17/2008, 19:21:56] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/17/2008, 19:21:56] - BHO 5: {7EBB7DA6-2369-450D-980F-9A2311A99ACF} ()
[07/17/2008, 19:21:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:56] - Checking for HKLM\...\Winlogon\Notify\pmnkHWOh
[07/17/2008, 19:21:57] - Found: HKLM\...\Winlogon\Notify\pmnkHWOh - This is probably Virtumundo.
[07/17/2008, 19:21:57] - Assigning {7EBB7DA6-2369-450D-980F-9A2311A99ACF} MSEvents Object
[07/17/2008, 19:21:57] - BHO list has been changed! Starting over...
[07/17/2008, 19:21:57] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/17/2008, 19:21:57] - BHO 2: {652e23dd-cf59-4809-a018-69fb80e02eb5} ()
[07/17/2008, 19:21:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:58] - Checking for HKLM\...\Winlogon\Notify\qofxty
[07/17/2008, 19:21:58] - Key not found: HKLM\...\Winlogon\Notify\qofxty, continuing.
[07/17/2008, 19:21:58] - BHO 3: {6A0F33AE-AE25-4A7A-829C-47C41094EB66} ()
[07/17/2008, 19:21:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:58] - Checking for HKLM\...\Winlogon\Notify\karqroei
[07/17/2008, 19:21:58] - Key not found: HKLM\...\Winlogon\Notify\karqroei, continuing.
[07/17/2008, 19:21:58] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/17/2008, 19:21:58] - BHO 5: {7EBB7DA6-2369-450D-980F-9A2311A99ACF} (MSEvents Object)
[07/17/2008, 19:21:58] - ALERT: Found MSEvents Object!
[07/17/2008, 19:21:59] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/17/2008, 19:21:59] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/17/2008, 19:21:59] - BHO 8: {E88DF0C1-E2A6-479E-BF98-3E9F8E9CC61C} ()
[07/17/2008, 19:21:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:21:59] - Checking for HKLM\...\Winlogon\Notify\nnnmLCRL
[07/17/2008, 19:21:59] - Key not found: HKLM\...\Winlogon\Notify\nnnmLCRL, continuing.
[07/17/2008, 19:21:59] - Finished Searching Browser Helper Objects
[07/17/2008, 19:21:59] - *** Detected MSEvents Object
[07/17/2008, 19:21:59] - Trying to remove MSEvents Object...
[07/17/2008, 19:22:00] - Terminating Process: IEXPLORE.EXE
[07/17/2008, 19:22:01] - Terminating Process: RUNDLL32.EXE
[07/17/2008, 19:22:01] - Disabling Automatic Shell Restart
[07/17/2008, 19:22:01] - Terminating Process: EXPLORER.EXE
[07/17/2008, 19:22:01] - Suspending the NT Session Manager System Service
[07/17/2008, 19:22:01] - Terminating Windows NT Logon/Logoff Manager
[07/17/2008, 19:22:02] - Re-enabling Automatic Shell Restart
[07/17/2008, 19:22:02] - File to disable: C:\WINDOWS\system32\pmnkHWOh.dll
[07/17/2008, 19:22:02] - Renaming C:\WINDOWS\system32\pmnkHWOh.dll -> C:\WINDOWS\system32\pmnkHWOh.dll.vir
[07/17/2008, 19:22:03] - ! File rename was unsucessful.
[07/17/2008, 19:22:03] - Attempting to Deny Access to C:\WINDOWS\system32\pmnkHWOh.dll
[07/17/2008, 19:22:03] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[07/17/2008, 19:22:03] - processed file: C:\WINDOWS\system32\pmnkHWOh.dll

[07/17/2008, 19:22:03] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[07/17/2008, 19:22:03] - Removing HKLM\...\Browser Helper Objects\{7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:22:03] - Removing HKCR\CLSID\{7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:22:05] - Adding Kill Bit for ActiveX for GUID: {7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:22:06] - Deleting ATLEvents/MSEvents Registry entries
[07/17/2008, 19:22:06] - Removing HKLM\...\Winlogon\Notify\pmnkHWOh
[07/17/2008, 19:22:07] - Searching for Browser Helper Objects:
[07/17/2008, 19:22:07] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/17/2008, 19:22:08] - BHO 2: {652e23dd-cf59-4809-a018-69fb80e02eb5} ()
[07/17/2008, 19:22:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:08] - Checking for HKLM\...\Winlogon\Notify\qofxty
[07/17/2008, 19:22:08] - Key not found: HKLM\...\Winlogon\Notify\qofxty, continuing.
[07/17/2008, 19:22:08] - BHO 3: {6A0F33AE-AE25-4A7A-829C-47C41094EB66} ()
[07/17/2008, 19:22:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:08] - Checking for HKLM\...\Winlogon\Notify\karqroei
[07/17/2008, 19:22:09] - Key not found: HKLM\...\Winlogon\Notify\karqroei, continuing.
[07/17/2008, 19:22:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/17/2008, 19:22:09] - BHO 5: {7EBB7DA6-2369-450D-980F-9A2311A99ACF} ()
[07/17/2008, 19:22:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:09] - Checking for HKLM\...\Winlogon\Notify\pmnkHWOh
[07/17/2008, 19:22:09] - Found: HKLM\...\Winlogon\Notify\pmnkHWOh - This is probably Virtumundo.
[07/17/2008, 19:22:09] - Assigning {7EBB7DA6-2369-450D-980F-9A2311A99ACF} MSEvents Object
[07/17/2008, 19:22:09] - BHO list has been changed! Starting over...
[07/17/2008, 19:22:10] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/17/2008, 19:22:10] - BHO 2: {652e23dd-cf59-4809-a018-69fb80e02eb5} ()
[07/17/2008, 19:22:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:10] - Checking for HKLM\...\Winlogon\Notify\qofxty
[07/17/2008, 19:22:10] - Key not found: HKLM\...\Winlogon\Notify\qofxty, continuing.
[07/17/2008, 19:22:10] - BHO 3: {6A0F33AE-AE25-4A7A-829C-47C41094EB66} ()
[07/17/2008, 19:22:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:10] - Checking for HKLM\...\Winlogon\Notify\karqroei
[07/17/2008, 19:22:10] - Key not found: HKLM\...\Winlogon\Notify\karqroei, continuing.
[07/17/2008, 19:22:11] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/17/2008, 19:22:11] - BHO 5: {7EBB7DA6-2369-450D-980F-9A2311A99ACF} (MSEvents Object)
[07/17/2008, 19:22:11] - ALERT: Found MSEvents Object!
[07/17/2008, 19:22:11] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/17/2008, 19:22:11] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/17/2008, 19:22:11] - BHO 8: {E88DF0C1-E2A6-479E-BF98-3E9F8E9CC61C} ()
[07/17/2008, 19:22:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:12] - Checking for HKLM\...\Winlogon\Notify\nnnmLCRL
[07/17/2008, 19:22:12] - Key not found: HKLM\...\Winlogon\Notify\nnnmLCRL, continuing.
[07/17/2008, 19:22:12] - Finished Searching Browser Helper Objects
[07/17/2008, 19:22:12] - *** Detected MSEvents Object
[07/17/2008, 19:22:12] - Trying to remove MSEvents Object...
[07/17/2008, 19:22:13] - Terminating Process: IEXPLORE.EXE
[07/17/2008, 19:22:13] - Terminating Process: RUNDLL32.EXE
[07/17/2008, 19:22:13] - Disabling Automatic Shell Restart
[07/17/2008, 19:22:13] - Terminating Process: EXPLORER.EXE
[07/17/2008, 19:22:13] - Suspending the NT Session Manager System Service
[07/17/2008, 19:22:13] - Terminating Windows NT Logon/Logoff Manager
[07/17/2008, 19:22:13] - Re-enabling Automatic Shell Restart
[07/17/2008, 19:22:13] - File to disable: C:\WINDOWS\system32\pmnkHWOh.dll
[07/17/2008, 19:22:13] - Renaming C:\WINDOWS\system32\pmnkHWOh.dll -> C:\WINDOWS\system32\pmnkHWOh.dll.vir
[07/17/2008, 19:22:13] - ! File rename was unsucessful.
[07/17/2008, 19:22:13] - Attempting to Deny Access to C:\WINDOWS\system32\pmnkHWOh.dll
[07/17/2008, 19:22:14] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[07/17/2008, 19:22:14] - processed file: C:\WINDOWS\system32\pmnkHWOh.dll

[07/17/2008, 19:22:14] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[07/17/2008, 19:22:14] - Removing HKLM\...\Browser Helper Objects\{7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:22:14] - Removing HKCR\CLSID\{7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:22:14] - Adding Kill Bit for ActiveX for GUID: {7EBB7DA6-2369-450D-980F-9A2311A99ACF}
[07/17/2008, 19:22:14] - Deleting ATLEvents/MSEvents Registry entries
[07/17/2008, 19:22:14] - Removing HKLM\...\Winlogon\Notify\pmnkHWOh
[07/17/2008, 19:22:14] - Searching for Browser Helper Objects:
[07/17/2008, 19:22:14] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/17/2008, 19:22:14] - BHO 2: {652e23dd-cf59-4809-a018-69fb80e02eb5} ()
[07/17/2008, 19:22:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:14] - Checking for HKLM\...\Winlogon\Notify\qofxty
[07/17/2008, 19:22:14] - Key not found: HKLM\...\Winlogon\Notify\qofxty, continuing.
[07/17/2008, 19:22:14] - BHO 3: {6A0F33AE-AE25-4A7A-829C-47C41094EB66} ()
[07/17/2008, 19:22:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:14] - Checking for HKLM\...\Winlogon\Notify\karqroei
[07/17/2008, 19:22:14] - Key not found: HKLM\...\Winlogon\Notify\karqroei, continuing.
[07/17/2008, 19:22:14] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/17/2008, 19:22:14] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/17/2008, 19:22:14] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/17/2008, 19:22:14] - BHO 7: {E88DF0C1-E2A6-479E-BF98-3E9F8E9CC61C} ()
[07/17/2008, 19:22:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/17/2008, 19:22:14] - Checking for HKLM\...\Winlogon\Notify\nnnmLCRL
[07/17/2008, 19:22:14] - Key not found: HKLM\...\Winlogon\Notify\nnnmLCRL, continuing.
[07/17/2008, 19:22:14] - Finished Searching Browser Helper Objects
[07/17/2008, 19:22:14] - Finishing up...
[07/17/2008, 19:22:14] - A restart is needed.
[07/17/2008, 19:22:14] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/17/2008, 19:22:42] - Attempting to Restart via STOP error (Blue Screen!)
--------------------------------------------------------

et Malwarebytes....


Malwarebytes' Anti-Malware 1.20
Database version: 951
Windows 5.1.2600 Service Pack 3

10:48:35 PM 7/17/2008
mbam-log-7-17-2008 (22-48-25).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 91174
Time elapsed: 38 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\mvtkxybp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnmLCRL.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd3f9929-51dd-4e7c-a5dc-949d3224abe0} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bd3f9929-51dd-4e7c-a5dc-949d3224abe0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7ebb7da6-2369-450d-980f-9a2311a99acf} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ebb7da6-2369-450d-980f-9a2311a99acf} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkhwoh (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\647af009 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows host booter (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm6749c395 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7ebb7da6-2369-450d-980f-9a2311a99acf} (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnmlcrl -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnmlcrl -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nnnmLCRL.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\LRCLmnnn.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\LRCLmnnn.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mvtkxybp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pbyxktvm.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hostbooter.exe (Backdoor.Bot) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtRlMFY.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0030105.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\apwxlycf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pmnkHWOh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\awttrpQH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM6749c395.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM6749c395.txt (Trojan.Vundo) -> No action taken.

-------------------------------------------


kmisol
  Imagine ...
  :-)
      ?   @     Posté le 17/07/2008 19:15:10  
Voter pour ce message
:hello: mymi79

Avec Malwarebytes, choisis l'option Supprimer la sélection pour supprimer
les infections ; ou clique sur le bouton Remove Selected (version anglaise)
en bas à gauche.

(si ce n’ est déjà fait) Télécharge CCleaner
("Download Latest Version", sur la droite) et laisse-toi guider.
Ne coche pas >>> "Ajouter la barre d' outils Yahoo".
Laisse-le s’ installer tel que …

Télécharge OTMoveIt1 (de Old_Timer) sur ton bureau...

-------
Ferme toutes les fenêtres et applications.
Relance HijackThis et clique sur > Do a system scan only puis, coche
les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

O2 - BHO: {5be20e08-bf96-810a-9084-95fcdd32e256} - {652e23dd-cf59-4809-a018-69fb80e02eb5} - C:\WINDOWS\system32\qofxty.dll
O2 - BHO: (no name) - {6A0F33AE-AE25-4A7A-829C-47C41094EB66} - C:\WINDOWS\system32\karqroei.dll
O2 - BHO: (no name) - {7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\pmnkHWOh.dll
O2 - BHO: (no name) - {BD3F9929-51DD-4E7C-A5DC-949D3224ABE0} - C:\WINDOWS\system32\nnnmLCRL.dll
O4 - HKLM\..\Run: [Windows Host Booter] hostbooter.exe
O4 - HKLM\..\Run: [647af009] rundll32.exe "C:\WINDOWS\system32\mvtkxybp.dll",b
O4 - HKLM\..\Run: [BM6749c395] Rundll32.exe "C:\WINDOWS\system32\apwxlycf.dll",s
O20 - Winlogon Notify: pmnkHWOh - C:\WINDOWS\SYSTEM32\pmnkHWOh.dll

Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

Double-clique sur OTMoveIt.exe pour le lancer.
Assures-toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
Copie le texte qui se trouve dans la citation, ci-dessous, et colle-le dans le cadre
de gauche de OTMoveIt nommé Paste Standard List of Files/Folders to move.

C:\WINDOWS\system32\qofxty.dll
C:\WINDOWS\system32\karqroei.dll
C:\WINDOWS\system32\pmnkHWOh.dll
C:\WINDOWS\system32\nnnmLCRL.dll
C:\WINDOWS\system32\mvtkxybp.dll
C:\WINDOWS\system32\apwxlycf.dll
C:\WINDOWS\SYSTEM32\pmnkHWOh.dll

Clique sur MoveIt! pour lancer la suppression.
Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
Copie-colle le rapport dans ta réponse ; tu le trouveras
sous … --> C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demandé de redémarrer le PC pour achever la suppression.
Si c'est le cas, attends la fin de la procédure pour redémarrer.

Lance CCleaner ...
Clique sur > Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
(re)Lance le nettoyage et (re)confirme par OK.

Poste le rapport OTMoveIt et un nouveau HijackThis, stp.

-------
"Le soleil se lève avant moi ; moi, je me couche après lui : nous sommes quittes !" ;) Jules Renard
La Terre : faîtes gaffe, on n' en a qu' une ! http://www.defipourlaterre.org/jemengage/ -> http://malamp
mymi79
  
   
      ?   @     Posté le 18/07/2008 07:34:33  
Voter pour ce message
wow, je crois que ca en a enlevé pas mal ...

OT moveit...


File/Folder C:\WINDOWS\system32\qofxty.dll not found.
File/Folder C:\WINDOWS\system32\karqroei.dll not found.
File/Folder C:\WINDOWS\system32\pmnkHWOh.dll not found.
File/Folder C:\WINDOWS\system32\nnnmLCRL.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\mvtkxybp.dll
C:\WINDOWS\system32\mvtkxybp.dll NOT unregistered.
C:\WINDOWS\system32\mvtkxybp.dll moved successfully.
File/Folder C:\WINDOWS\system32\apwxlycf.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\pmnkHWOh.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07182008_044133

----------------------------------------

Hijack this..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:31 AM, on 7/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dell\Desktop\Vondu\Scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=ae&l=en&s=bsd
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6A0F33AE-AE25-4A7A-829C-47C41094EB66} - C:\WINDOWS\system32\karqroei.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE FlyCam Classic
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://tropmymi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8221 bytes
kmisol
  Imagine ...
  :-)
      ?   @     Posté le 18/07/2008 08:22:46  
Voter pour ce message
:hello: mymi79

Refais un scan Malwarebytes.

N' oublie pas de choisir l'option Supprimer la sélection pour supprimer
les infections (ou clique sur le bouton Remove Selected).

Poste le rapport.

Et dis moi comment se comporte le PC !

Est-ce de pire en pire comme tu le disais + haut ?


-->Message édité par kmisol le 18/07/2008 08:23:20<--
-------
"Le soleil se lève avant moi ; moi, je me couche après lui : nous sommes quittes !" ;) Jules Renard
La Terre : faîtes gaffe, on n' en a qu' une ! http://www.defipourlaterre.org/jemengage/ -> http://malamp
mymi79
  
   
      ?   @     Posté le 18/07/2008 18:56:30  
Voter pour ce message
salut, ok voici le rapport Malwarebytes (le premier a detecté 1 fichier, jai supprimer, et le 2e rapport n'a plus rien détecté...jai refait un scan avec mon anti virus...et plus rien ..jai rebranché mon cable internet..et tout me semble aller normalement !!! :) je vais voir comment ca va aller pour la prochaine journée..je me croise les doigts ..ai-je dautres choses a faire?)
-----------------------------------------------

Malwarebytes' Anti-Malware 1.20
Database version: 951
Windows 5.1.2600 Service Pack 3

5:27:51 PM 7/18/2008
mbam-log-7-18-2008 (17-27-51).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 90680
Time elapsed: 29 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
kmisol
  Imagine ...
  :-)