Flux rss
Collection CommentCaMarche.net
Rechercher : dans
Par : Pertinence Date Nom d'utilisateur
Statut : Non résolu

Warning spyware threat has been detected on

tony marny, le samedi 5 juillet 2008 à 14:28:55
Bonjour,
je tiens tout d'abord à remercier celui ou celle qui pourra m'aider. Mon problème est donc le suivant:
j'ai contracté le même virus que les autres internautes dont les topics traitent du même sujet: le cheval de Troie ou encore Trojan, ce virus intrevient dans le fond d'écran (la phrase inscrit sur mon écran, c est le titre de mon message) et dans une fenêtre qui apparait en bas a droite de l ecran. J'ai donc suivie les étapes que j ai trouver dans un autre topic à la lettre c'est à dire:
1. CCLEAN pour virer tous les fichiers unitilisés
2. installation- mise à jour de AVG-ANTISPYWARE
3. installation de SmitfraudFix.exe à la racine c:/ puis j'ai lancé l'analyse (1) qui m'a rendu un rapport (ci-dessous).


Puis j'ai redémaré en mode sans échec.
4. analyse et nettoyage avec AVG-ANTISPYWARE (qui m'a pris 5heures) désolé mais le rapport je ne l'ai plus car je l'ai supprimer par erreur en désinstallant AVG. J'espère que cela n'est assez important pour l'extermination de ce virus.
5. Smitfraudfix.exe, option 2 (rapport ci-dessous)
6. enfin Hijackthis toujours en mode sans échec (rapport ci-dessous)

------------------------------------------------------------­--------------------

SmitfraudFix.exe rapport de l'analyse (1) en mode normale :

SmitFraudFix v2.328

Rapport fait à 17:02:44,71, 04/07/2008
Executé à partir de C:\Documents and Settings\Coll‚gien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\fpamkitc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Collégien\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\accesss.exe PRESENT !
C:\WINDOWS\astctl32.ocx PRESENT !
C:\WINDOWS\avpcc.dll PRESENT !
C:\WINDOWS\clrssn.exe PRESENT !
C:\WINDOWS\cpan.dll PRESENT !
C:\WINDOWS\default.htm PRESENT !
C:\WINDOWS\iexplorer.exe PRESENT !
C:\WINDOWS\loader.exe PRESENT !
C:\WINDOWS\mtwirl32.dll PRESENT !
C:\WINDOWS\notepad32.exe PRESENT !
C:\WINDOWS\olehelp.exe PRESENT !
C:\WINDOWS\systeem.exe PRESENT !
C:\WINDOWS\systemcritical.exe PRESENT !
C:\WINDOWS\time.exe PRESENT !
C:\WINDOWS\users32.exe PRESENT !
C:\WINDOWS\waol.exe PRESENT !
C:\WINDOWS\win32e.exe PRESENT !
C:\WINDOWS\win64.exe PRESENT !
C:\WINDOWS\winajbm.dll PRESENT !
C:\WINDOWS\window.exe PRESENT !
C:\WINDOWS\winmgnt.exe PRESENT !
C:\WINDOWS\x.exe PRESENT !
C:\WINDOWS\xplugin.dll PRESENT !
C:\WINDOWS\xxxvideo.hta PRESENT !
C:\WINDOWS\y.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Coll‚gien


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Coll‚gien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COLLGI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=172.16.20.20 172.16.20.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.20.20 172.16.20.21


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


--------------------------------------------------------------------------------



Smitfraudfix.exe, option 2 mode sans echec:

SmitFraudFix v2.328

Rapport fait à 22:38:45,87, 04/07/2008
Executé à partir de C:\Documents and Settings\Coll‚gien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\accesss.exe supprimé
C:\WINDOWS\astctl32.ocx supprimé
C:\WINDOWS\avpcc.dll supprimé
C:\WINDOWS\clrssn.exe supprimé
C:\WINDOWS\cpan.dll supprimé
C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé
C:\WINDOWS\loader.exe supprimé
C:\WINDOWS\mtwirl32.dll supprimé
C:\WINDOWS\notepad32.exe supprimé
C:\WINDOWS\olehelp.exe supprimé
C:\WINDOWS\systeem.exe supprimé
C:\WINDOWS\systemcritical.exe supprimé
C:\WINDOWS\time.exe supprimé
C:\WINDOWS\users32.exe supprimé
C:\WINDOWS\waol.exe supprimé
C:\WINDOWS\win32e.exe supprimé
C:\WINDOWS\win64.exe supprimé
C:\WINDOWS\winajbm.dll supprimé
C:\WINDOWS\window.exe supprimé
C:\WINDOWS\winmgnt.exe supprimé
C:\WINDOWS\x.exe supprimé
C:\WINDOWS\xplugin.dll supprimé
C:\WINDOWS\xxxvideo.hta supprimé
C:\WINDOWS\y.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE960565-C9F1-4887-BBD2-9A487AF4F0CC}: DhcpNameServer=172.16.20.20 172.16.20.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.20.20 172.16.20.21


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\default.htm supprimé
C:\WINDOWS\iexplorer.exe supprimé


»»»»»»»»»»»»»»»»»»»»»»»» Fin


--------------------------------------------------------------------------------

et voici le rapport de l'analyse par hijackthis en mode sans echec:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:41, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7D8F380F-E933-4E5E-8646-CF8CD05AB32D} - C:\WINDOWS\system32\pmnLbYrS.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94AB4D61-0B1F-472C-90E2-21E996C5C943} - C:\WINDOWS\system32\yayyxwTM.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: {e8147133-dffe-f4d9-2174-f37ee7f527fb} - {bf725f7e-e73f-4712-9d4f-effd3317418e} - C:\WINDOWS\system32\xmqtqz.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Inside mapi.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Collégien\lsass.exe
O4 - HKLM\..\Run: [5c04078d] rundll32.exe "C:\WINDOWS\system32\fphwqhms.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [lies bold] C:\DOCUME~1\COLLGI~1\APPLIC~1\SOAPCO~1\Start Bait.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://search.live.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnLbYrS - C:\WINDOWS\SYSTEM32\pmnLbYrS.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q29uc2VpbCBn6W7pcmFsIFNlaW5lLVNhaW50LQ\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\juiuzoynyif.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
End of file - 9674 bytes


--------------------------------------------------------------------------------

Merci cordialement de votre aide je souhaiterais que l on me réponde assez vite s il vous plait.


T. Marny
Configuration: Windows XP
Firefox 2.0.0.15
Répondre à tony marny  Signaler ce message aux modérateurs Aller au dernier message

1


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
geoffrey5, le samedi 5 juillet 2008 à 14:33:16
Salut !!

il te reste pas mal d infections :

Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread


= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

ensuite :

Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

déconnecte internet et désactive ton antivirus le temps de la manipulation



=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

ensuite refais un nouveau rapport hijackthis stp
   
Répondre à geoffrey5

2


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
tony marny, le samedi 5 juillet 2008 à 17:57:35
salut! je tenais à te dire que je t'ensuis amplement reconnaissant de m'avoir répondu si vite et de m'avoir aider dans mon problème et dès le téléchargement de malwarebytes le virus s'en est aller de mon ordinateur voici les rapports que tu m'as demandé ainsi que le contenu de VGB.txt. Aussi je voudrais savoir en quoi ses rapports te seront utiles?


Malwarebytes' Anti-Malware 1.19
Version de la base de données: 922
Windows 5.1.2600 Service Pack 2

17:26:37 05/07/2008
mbam-log-7-5-2008 (17-26-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 171606
Temps écoulé: 29 minute(s), 8 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 149

Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlbyrs (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{39b7595d-0c8d-4961-b1f3-599cebd0dda1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{508c3a51-f68c-480e-a38c-771100070292} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa060326-c000-460e-b7bd-527755f719c0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcbe977e-8243-468a-b396-ca7140206484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04078d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\smhqwhpf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyxkkuyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byukkxyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slmxymcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcmyxmls.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swtruhwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywhurtws.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cTMO\dvsid140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18\modtrux182328.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_57_09.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_58_02.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\!Easy ScreenSaver Studio 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Akira KurosawaIkiru DVDRip Xvid EN Subs.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\American Soldiers DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\As Good As It Gets DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Bambi II 2006 Sapphire XVID DVDRip.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Cant Hardly Wait DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Chocolat DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Crocodile Technology v605.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Dolphins Software Volts v4.01 Enterprise Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\DTA-Ueberweisung v4.4.1.172.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Eastsea MP3 CD Burner v2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Easy2Sync for Files 1.13 Business Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ebgo Sniper v1.69.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Estelle Reyna 2006 HQ Calendar PDF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Fanaa (2006) - DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GenePix Pro v6.0.1.27.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GGU Retain v4.34.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Google Earth Pro Gold Edition 2008.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Hard Drive Inspector v1.85.950.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HDClone v3.1.11 Pro.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HighTech Holdem Memory v3.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HttpWatch Professional v4.0.54.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\JobMaster v3.70.672.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Kaspersky Anti-Hacker v1.9.37.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Catalan v4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Chinese v4.21.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Lovely Folders 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MagicISO v5.3 Build 0205.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Editor v4.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Studio v5.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Media Resizer Pro v2.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MEDIAKG Slideshow Pro v9.8.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Micro-Sys A1 Website Download 1.3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MobileDB Pro 1.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MProjector v2.0 dj.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Nekromantik Uncut DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\NewLive All Media To MP3 Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Norbyte Petal Palace v1.0.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ozi Explorer 2.19.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PC Auto Shutdown v2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PertMaster Project Risk v7.8.1031.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Pirates Of The Carribean The Dead Mans Chest CAM HYdRO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PixFiler 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Plato DVD Copy v4.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Portable Naturpic Audio File Cutter 3.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Prey-CloneDVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Primal Below DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\ProCAD 3DSmart Create 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RAM Booster Expert 1.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RM to AVI VCD SVCD DVD MPEG Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RollerCoaster Tycoon 3 Soaked! iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SAS JMP v6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises DatabaseToDoc v2.5.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises QueryToDoc v2.1.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises SchemaToDoc v4.4.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Snappy Fax Network Server v1.42.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Star Wars KOTOR II iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Stubbs the Zombie-RELOADED DVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Syberia iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\The Hole DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\TOCA Race Driver 3 PAL - PS2DVD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Urban Freestyle Soccer iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Utility Ping v2.1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Warhammer 40,000 Dawn of War iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Wild At Heart DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\X-Men 3 The Last Stand XviDTS HQ.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\XP Smoker Pro v5.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxpdstqm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Collégien\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\list.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\Bureau\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



le fichier VGB



[07/05/2008, 17:40:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:40:39] - Detected System Information:
[07/05/2008, 17:40:39] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:40:39] - Current Username: Collégien (Admin)
[07/05/2008, 17:40:39] - Windows is in NORMAL mode.
[07/05/2008, 17:40:39] - Searching for Browser Helper Objects:
[07/05/2008, 17:40:39] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:40:39] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:40:39] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:40:39] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:40:39] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - No filename found. Continuing.
[07/05/2008, 17:40:39] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:40:39] - Finished Searching Browser Helper Objects
[07/05/2008, 17:40:39] - Finishing up...
[07/05/2008, 17:40:39] - Nothing found! Exiting...

[07/05/2008, 17:48:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:48:51] - User choose NOT to continue. Exiting...

[07/05/2008, 17:49:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:10] - Detected System Information:
[07/05/2008, 17:49:10] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:10] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:10] - Windows is in NORMAL mode.
[07/05/2008, 17:49:10] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:10] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:10] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - No filename found. Continuing.
[07/05/2008, 17:49:10] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:10] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:10] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:10] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:10] - Finishing up...
[07/05/2008, 17:49:10] - Nothing found! Exiting...

[07/05/2008, 17:49:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:49:32] - Detected System Information:
[07/05/2008, 17:49:32] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:49:32] - Current Username: Collégien (Admin)
[07/05/2008, 17:49:32] - Windows is in NORMAL mode.
[07/05/2008, 17:49:32] - Searching for Browser Helper Objects:
[07/05/2008, 17:49:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/05/2008, 17:49:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/05/2008, 17:49:32] - BHO 3: {48688565-1ed4-42fe-bc27-ab152ae36e99} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\sktywp
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\sktywp, continuing.
[07/05/2008, 17:49:32] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/05/2008, 17:49:32] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - No filename found. Continuing.
[07/05/2008, 17:49:32] - BHO 6: {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} ()
[07/05/2008, 17:49:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/05/2008, 17:49:32] - Checking for HKLM\...\Winlogon\Notify\yayyxwTM
[07/05/2008, 17:49:32] - Key not found: HKLM\...\Winlogon\Notify\yayyxwTM, continuing.
[07/05/2008, 17:49:32] - Finished Searching Browser Helper Objects
[07/05/2008, 17:49:32] - Finishing up...
[07/05/2008, 17:49:32] - Nothing found! Exiting...




Et enfin hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:13, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\juiuzoynyif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Collégien\Bureau\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = legratos
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: {99e63ea2-51ba-72cb-ef24-4de156588684} - {48688565-1ed4-42fe-bc27-ab152ae36e99} - C:\WINDOWS\system32\sktywp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAE6876-9B9E-4F87-B295-2FA4F91B87A2} - C:\WINDOWS\system32\yayyxwTM.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKLM\..\Run: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\Run: [pmwiqagr] C:\WINDOWS\system32\pmwiqagr.exe
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Inside mapi.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Collégien\lsass.exe
O4 - HKLM\..\RunServices: [juiuzoynyif] C:\WINDOWS\system32\juiuzoynyif.exe
O4 - HKLM\..\RunServices: [fpamkitc] C:\WINDOWS\system32\fpamkitc.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [lies bold] C:\DOCUME~1\COLLGI~1\APPLIC~1\SOAPCO~1\Start Bait.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://search.live.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: DeepSight Extractor Service for NP08 (myh3aeq11yiup9) - Unknown owner - C:\WINDOWS\system32\pmwiqagr.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
End of file - 8660 bytes


Merci merci merci de m'avoir aider cordiaaaaaaaaalement (désolé de m'exprimer langage texto mais c'est de la joie que j'exprime)

T. Marny
   
Répondre à tony marny

3


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
tony marny, le samedi 5 juillet 2008 à 17:58:00
salut! je tenais à te dire que je t'ensuis amplement reconnaissant de m'avoir répondu si vite et de m'avoir aider dans mon problème et dès le téléchargement de malwarebytes le virus s'en est aller de mon ordinateur voici les rapports que tu m'as demandé ainsi que le contenu de VGB.txt. Aussi je voudrais savoir en quoi ses rapports te seront utiles?


Malwarebytes' Anti-Malware 1.19
Version de la base de données: 922
Windows 5.1.2600 Service Pack 2

17:26:37 05/07/2008
mbam-log-7-5-2008 (17-26-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 171606
Temps écoulé: 29 minute(s), 8 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 149

Processus mémoire infecté(s):
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88235bc9-a740-4b2a-9e8f-7582322431c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlbyrs (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{39b7595d-0c8d-4961-b1f3-599cebd0dda1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{508c3a51-f68c-480e-a38c-771100070292} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa060326-c000-460e-b7bd-527755f719c0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcbe977e-8243-468a-b396-ca7140206484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04078d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d8f380f-e933-4e5e-8646-cf8cd05ab32d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxwtm -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\yayyxwTM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MTwxyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fphwqhms.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\smhqwhpf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyxkkuyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byukkxyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slmxymcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcmyxmls.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swtruhwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywhurtws.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cTMO\dvsid140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modtrux18\modtrux182328.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pRI\kscomdll3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\stat.bin (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\uninstall.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_57_09.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\Program Files\SpyMaxx\logs\07.3.08_18_58_02.log (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\!Easy ScreenSaver Studio 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Akira KurosawaIkiru DVDRip Xvid EN Subs.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\American Soldiers DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\As Good As It Gets DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Bambi II 2006 Sapphire XVID DVDRip.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Cant Hardly Wait DVDRip DivX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Chocolat DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Crocodile Technology v605.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Dolphins Software Volts v4.01 Enterprise Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\DTA-Ueberweisung v4.4.1.172.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Eastsea MP3 CD Burner v2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Easy2Sync for Files 1.13 Business Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ebgo Sniper v1.69.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Estelle Reyna 2006 HQ Calendar PDF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Fanaa (2006) - DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GenePix Pro v6.0.1.27.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\GGU Retain v4.34.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Google Earth Pro Gold Edition 2008.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Hard Drive Inspector v1.85.950.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HDClone v3.1.11 Pro.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HighTech Holdem Memory v3.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\HttpWatch Professional v4.0.54.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\JobMaster v3.70.672.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Kaspersky Anti-Hacker v1.9.37.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Catalan v4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Linguata Chinese v4.21.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Lovely Folders 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MagicISO v5.3 Build 0205.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Editor v4.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\McFunSoft Audio Studio v5.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Media Resizer Pro v2.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MEDIAKG Slideshow Pro v9.8.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Micro-Sys A1 Website Download 1.3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MobileDB Pro 1.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\MProjector v2.0 dj.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Nekromantik Uncut DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\NewLive All Media To MP3 Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Norbyte Petal Palace v1.0.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Ozi Explorer 2.19.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PC Auto Shutdown v2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PertMaster Project Risk v7.8.1031.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Pirates Of The Carribean The Dead Mans Chest CAM HYdRO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\PixFiler 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Plato DVD Copy v4.38.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Portable Naturpic Audio File Cutter 3.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Prey-CloneDVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Primal Below DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\ProCAD 3DSmart Create 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RAM Booster Expert 1.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RM to AVI VCD SVCD DVD MPEG Converter Pro v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\RollerCoaster Tycoon 3 Soaked! iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SAS JMP v6.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises DatabaseToDoc v2.5.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises QueryToDoc v2.1.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\SchemaToDoc Enterprises SchemaToDoc v4.4.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Snappy Fax Network Server v1.42.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Star Wars KOTOR II iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Stubbs the Zombie-RELOADED DVD iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Syberia iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\The Hole DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\TOCA Race Driver 3 PAL - PS2DVD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Urban Freestyle Soccer iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Utility Ping v2.1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Warhammer 40,000 Dawn of War iSO.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\Wild At Heart DVDRip Xvid.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\X-Men 3 The Last Stand XviDTS HQ.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\'\XP Smoker Pro v5.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxpdstqm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnLbYrS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Collégien\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\list.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collégien\Bureau\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



le fichier VGB



[07/05/2008, 17:40:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Collégien\Bureau\VirtumundoBeGone.exe" )
[07/05/2008, 17:40:39] - Detected System Information:
[07/05/2008, 17:40:39] - Windows Version: 5.1.2600, Service Pack 2
[07/05/2008, 17:40:39] - Current Username: Collégien (Admin)
[07/05/2008, 17:40:39] - Windows is in NORMAL mode.
[07/05/2008, 17:40:39] - Searching for Browser Helper Objects:
[07/05/2008, 17:40:39] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo!