Version anglaise Version espagnoleVersion française

Dimanche 27 juillet 2008 - 01:07:53
inscrits : 891205
connectés : 17425
questions/jour : 3938
Taux de réponse : 84.29%

Inscrivez-vous, c'est gratuit ! (mot de passe oublié)

Par Pertinence Date Nom d'utilisateur dans

Posez votre question Forum Virus/Sécurité

Ils ont besoin de votre aide

01:07 Voir si je suis espionner (Windows)
01:02 formatage mp4 (Matériel/Hardware)
01:00 Syntaxe (Webmastering)
00:59 probleme de telechargement (Windows)
00:57 probléme hd4850 écarn éteint (Matériel/Hardware)
00:54 proccesseur pour 7950 gtx (Matériel/Hardware)

Tous les messages sans réponse

Statut : Non résolu

Virtumonde

Posté par

Astrid, le vendredi 22 février 2008 à 19:06:14

Bonsoir,
Il semble que mon ordi soit infecté, quelqu'un pourrait-il m'aider? Ci joint le rapport de HijackThis.J'ajoute que je suis débutante ...
Merci à tous

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:18, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DE64CA3-2E15-4699-A3F9-E7C656595579} - C:\WINDOWS\system32\jkhhh.dll
O2 - BHO: (no name) - {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} - C:\WINDOWS\system32\gebcd.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9269E781-6EB1-449F-8C33-098B57DD0FBA} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {C3C0859F-381E-4431-BDDF-A798C2830AFC} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pctfbwjo] c:\windows\system32\pctfbwjo.exe pctfbwjo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll (file missing)
O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll
O20 - Winlogon Notify: geeda - C:\WINDOWS\system32\geeda.dll
O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll (file missing)
O20 - Winlogon Notify: jkhfe - C:\WINDOWS\system32\jkhfe.dll (file missing)
O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll (file missing)
O20 - Winlogon Notify: jkkji - C:\WINDOWS\system32\jkkji.dll (file missing)
O20 - Winlogon Notify: urqpmkl - urqpmkl.dll (file missing)
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://a2.g.akamai.net/f/2/1688/1h/www.tv-radio.com/player/images/blank.gif
O24 - Desktop Component 1: (no name) - http://www.europe2.fr/img/header/logo.gif
End of file - 6613 bytes

Configuration: Windows XP
Internet Explorer 6.0

Répondre à Astrid Signaler ce message aux modérateurs Aller au dernier message

70 réponses 12

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Saiyen75, le vendredi 22 février 2008 à 19:13:17

Salut,

En effet tu as une belle infection,
Quelle antivirus utilise tu ?

Commence par renommer HiajckThis.exe en CCM.exe
---> Clic droit sur hijackthis.exe (bonhomme rouge) puis Renommer
---> Tapper : CCM
---> Entrée

Relance le et refait un scan.

Ensuite :

met à jour Internet Explorer 7.0:
http://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

_____________________________________________________

VundoFix :

Télécharge VundoFix.exe sur ton Bureau. (pas Atribune)
http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe afin de le lancer.

Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

_____________________________________________________

++

Répondre à Saiyen75

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Astrid, le samedi 23 février 2008 à 17:50:58

Salut,
Merci d'avoir répondu si vite..
Mon antivirus:Pack sécurité(F.secure) fournit par le"neuf".
Mise à jour internet explorer 7.0: ok
Telécharger vundofix sur bureau: ok
Et là, ça se complique..je ne sais pas si j'ai réussi à renommer hijackthis..quand à vundofix..(ai-je fais ce qu'il faut??)..Quoiqu'il en soit, voici ce que j'ai récolté comme rapports. A bientôt..

C:\windows\system32\awvvs.dll
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\gebcd.dll
C:\windows\system32\gebyy.dll
C:\windows\system32\geeda.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhhe.dll
C:\windows\system32\jkhhh.dll
C:\windows\system32\svvwa.bak1
C:\windows\system32\svvwa.ini
C:\WINDOWS\system32\vturo.dll

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:16, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\RACHEL\Bureau\CCM.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} - C:\WINDOWS\system32\gebcd.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {74179869-295F-44F7-A778-6847AB1FD513} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9269E781-6EB1-449F-8C33-098B57DD0FBA} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {C3C0859F-381E-4431-BDDF-A798C2830AFC} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pctfbwjo] c:\windows\system32\pctfbwjo.exe pctfbwjo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll (file missing)
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll
O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll (file missing)
O20 - Winlogon Notify: jkhfe - C:\WINDOWS\system32\jkhfe.dll (file missing)
O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll (file missing)
O20 - Winlogon Notify: jkkji - C:\WINDOWS\system32\jkkji.dll (file missing)
O20 - Winlogon Notify: urqpmkl - urqpmkl.dll (file missing)
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://a2.g.akamai.net/f/2/1688/1h/www.tv-radio.com/player/images/blank.gif
O24 - Desktop Component 1: (no name) - http://www.europe2.fr/img/header/logo.gif
End of file - 7377 bytes

Répondre à Astrid

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Astrid, le samedi 23 février 2008 à 18:25:02

Je te joins à nouveau le rapport vundofix, car précédent pas complet:

VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 15:49:05 23/02/2008

Listing files found while scanning....

C:\windows\system32\awvvs.dll
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\gebcd.dll
C:\windows\system32\gebyy.dll
C:\windows\system32\geeda.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhhe.dll
C:\windows\system32\jkhhh.dll
C:\windows\system32\svvwa.bak1
C:\windows\system32\svvwa.ini
C:\WINDOWS\system32\vturo.dll

Beginning removal...

Attempting to delete C:\windows\system32\awvvs.dll
C:\windows\system32\awvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\gebyy.dll
C:\windows\system32\gebyy.dll Has been deleted!

Attempting to delete C:\windows\system32\geeda.dll
C:\windows\system32\geeda.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhh.dll
C:\windows\system32\jkhhh.dll Has been deleted!

Attempting to delete C:\windows\system32\svvwa.bak1
C:\windows\system32\svvwa.bak1 Has been deleted!

Attempting to delete C:\windows\system32\svvwa.ini
C:\windows\system32\svvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 16:28:27 23/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\vturo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Répondre à Astrid

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Blik, le vendredi 22 février 2008 à 19:31:13

A dam'n, Sayen75, t'as été plus rapide que moi! :P
Voilà quelques infos a propos de ton infection Astrid..

---------------------------------------------------

Détecté : 20 Novembre 2004
Mis à jour : 13 Février 2007 12:30:20 PM
Egalement appelé : Vundo [McAfee], Vundo.dldr [McAfee]
Type : Trojan Horse
Etendue de l'infection : variable
Systèmes affectés : Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Vundo est un composant de logiciel publicitaire qui télécharge et affiche des publicités intempestives. Il s'installe lorsque l'utilisateur clique sur un lien contenu dans un courrier indésirable.

Répondre à Blik

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Saiyen75, le vendredi 22 février 2008 à 19:32:33

LOL désolé !! :P

Répondre à Saiyen75

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Astrid, le samedi 23 février 2008 à 17:36:11

Salut,
Merci de toutes ces précisions, à bientôt..

Répondre à Astrid

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Astrid, le samedi 23 février 2008 à 18:06:37

Slt,encore moi, saurais-tu me dire comment on attrappe ce virus, quel est son parcours?
Merci encore..

Répondre à Astrid

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Saiyen75, le samedi 23 février 2008 à 18:26:22

Salut,

Petite info sur vundo : Vundo

Tu as bien reussi a renommer HijackThis par contre maintenant il est mal placé, tu dois le mettre la racine de C:
Exemple : C:\HijackThis\CCM.exe

En gros, déplace simplement le fichier CCM.exe dans C:\ et execute le à partir de là.

Refait un log HijackThis aprés ça :

-----------------------------------------------------------

Télécharge VirtumondoBegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Lance le
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse.

_____________________________________________________

++

Répondre à Saiyen75

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Astrid, le dimanche 24 février 2008 à 08:45:51

Salut,
J'ai déplacé CCM.exe, est-ce que c'est ok?
Hier, aprés avoir exécuté virtumondo, tout c'est effacé ( sauf image fond d'écran) et c'est resté bloqué comme ça jusqu'a ce que je débranche/rebranche.(ça veut dire quoi?).
Je te dis à bientôt.
Voici les rapports:

[02/23/2008, 21:03:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RACHEL\Bureau\VirtumundoBeGone.exe" )
[02/23/2008, 21:03:49] - User choose NOT to continue. Exiting...

[02/23/2008, 21:07:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RACHEL\Bureau\VirtumundoBeGone.exe" )
[02/23/2008, 21:07:52] - Detected System Information:
[02/23/2008, 21:07:52] - Windows Version: 5.1.2600, Service Pack 2
[02/23/2008, 21:07:52] - Current Username: RACHEL (Admin)
[02/23/2008, 21:07:52] - Windows is in NORMAL mode.
[02/23/2008, 21:07:52] - Searching for Browser Helper Objects:
[02/23/2008, 21:07:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:07:52] - BHO 2: {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\gebcd
[02/23/2008, 21:07:52] - Found: HKLM\...\Winlogon\Notify\gebcd - This is probably Virtumundo.
[02/23/2008, 21:07:52] - Assigning {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} MSEvents Object
[02/23/2008, 21:07:52] - BHO list has been changed! Starting over...
[02/23/2008, 21:07:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:07:52] - BHO 2: {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 3: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:07:52] - BHO 4: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:07:52] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:07:52] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - No filename found. Continuing.
[02/23/2008, 21:07:52] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:07:52] - BHO 7: {9269E781-6EB1-449F-8C33-098B57DD0FBA} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\vturo
[02/23/2008, 21:07:52] - Found: HKLM\...\Winlogon\Notify\vturo - This is probably Virtumundo.
[02/23/2008, 21:07:52] - Assigning {9269E781-6EB1-449F-8C33-098B57DD0FBA} MSEvents Object
[02/23/2008, 21:07:52] - BHO list has been changed! Starting over...
[02/23/2008, 21:07:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:07:52] - BHO 2: {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 3: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:07:52] - BHO 4: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:07:52] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:07:52] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - No filename found. Continuing.
[02/23/2008, 21:07:52] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:07:52] - BHO 7: {9269E781-6EB1-449F-8C33-098B57DD0FBA} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 8: {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\geedd
[02/23/2008, 21:07:52] - Found: HKLM\...\Winlogon\Notify\geedd - This is probably Virtumundo.
[02/23/2008, 21:07:52] - Assigning {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} MSEvents Object
[02/23/2008, 21:07:52] - BHO list has been changed! Starting over...
[02/23/2008, 21:07:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:07:52] - BHO 2: {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 3: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:07:52] - BHO 4: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:07:52] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:07:52] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - No filename found. Continuing.
[02/23/2008, 21:07:52] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:07:52] - BHO 7: {9269E781-6EB1-449F-8C33-098B57DD0FBA} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 8: {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 9: {C3C0859F-381E-4431-BDDF-A798C2830AFC} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/23/2008, 21:07:52] - Found: HKLM\...\Winlogon\Notify\jkhfe - This is probably Virtumundo.
[02/23/2008, 21:07:52] - Assigning {C3C0859F-381E-4431-BDDF-A798C2830AFC} MSEvents Object
[02/23/2008, 21:07:52] - BHO list has been changed! Starting over...
[02/23/2008, 21:07:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:07:52] - BHO 2: {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 3: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:07:52] - BHO 4: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:07:52] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:07:52] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - No filename found. Continuing.
[02/23/2008, 21:07:52] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:07:52] - BHO 7: {9269E781-6EB1-449F-8C33-098B57DD0FBA} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 8: {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 9: {C3C0859F-381E-4431-BDDF-A798C2830AFC} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 10: {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\jkhhe
[02/23/2008, 21:07:52] - Found: HKLM\...\Winlogon\Notify\jkhhe - This is probably Virtumundo.
[02/23/2008, 21:07:52] - Assigning {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} MSEvents Object
[02/23/2008, 21:07:52] - BHO list has been changed! Starting over...
[02/23/2008, 21:07:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:07:52] - BHO 2: {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 3: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:07:52] - BHO 4: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:07:52] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:07:52] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:52] - No filename found. Continuing.
[02/23/2008, 21:07:52] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:07:52] - BHO 7: {9269E781-6EB1-449F-8C33-098B57DD0FBA} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 8: {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 9: {C3C0859F-381E-4431-BDDF-A798C2830AFC} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - BHO 10: {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} (MSEvents Object)
[02/23/2008, 21:07:52] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:52] - Finished Searching Browser Helper Objects
[02/23/2008, 21:07:52] - *** Detected MSEvents Object
[02/23/2008, 21:07:52] - Trying to remove MSEvents Object...
[02/23/2008, 21:07:53] - Terminating Process: IEXPLORE.EXE
[02/23/2008, 21:07:54] - Terminating Process: RUNDLL32.EXE
[02/23/2008, 21:07:54] - Disabling Automatic Shell Restart
[02/23/2008, 21:07:54] - Terminating Process: EXPLORER.EXE
[02/23/2008, 21:07:55] - Suspending the NT Session Manager System Service
[02/23/2008, 21:07:55] - Terminating Windows NT Logon/Logoff Manager
[02/23/2008, 21:07:56] - Re-enabling Automatic Shell Restart
[02/23/2008, 21:07:56] - File to disable: C:\WINDOWS\system32\gebcd.dll
[02/23/2008, 21:07:56] - Removing HKLM\...\Browser Helper Objects\{4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1}
[02/23/2008, 21:07:56] - Removing HKCR\CLSID\{4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1}
[02/23/2008, 21:07:57] - Adding Kill Bit for ActiveX for GUID: {4509D10F-6D4A-4F0A-8DB9-F0026E70C3F1}
[02/23/2008, 21:07:57] - Deleting ATLEvents/MSEvents Registry entries
[02/23/2008, 21:07:57] - Removing HKLM\...\Winlogon\Notify\gebcd
[02/23/2008, 21:07:57] - Searching for Browser Helper Objects:
[02/23/2008, 21:07:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:07:57] - BHO 2: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:07:57] - BHO 3: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:07:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:57] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:07:57] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:07:57] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:07:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:57] - No filename found. Continuing.
[02/23/2008, 21:07:57] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:07:57] - BHO 6: {9269E781-6EB1-449F-8C33-098B57DD0FBA} (MSEvents Object)
[02/23/2008, 21:07:57] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:57] - BHO 7: {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} (MSEvents Object)
[02/23/2008, 21:07:57] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:57] - BHO 8: {C3C0859F-381E-4431-BDDF-A798C2830AFC} (MSEvents Object)
[02/23/2008, 21:07:57] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:57] - BHO 9: {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} (MSEvents Object)
[02/23/2008, 21:07:57] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:57] - Finished Searching Browser Helper Objects
[02/23/2008, 21:07:57] - *** Detected MSEvents Object
[02/23/2008, 21:07:57] - Trying to remove MSEvents Object...
[02/23/2008, 21:07:58] - Terminating Process: IEXPLORE.EXE
[02/23/2008, 21:07:58] - Terminating Process: RUNDLL32.EXE
[02/23/2008, 21:07:58] - Disabling Automatic Shell Restart
[02/23/2008, 21:07:58] - Terminating Process: EXPLORER.EXE
[02/23/2008, 21:07:58] - Suspending the NT Session Manager System Service
[02/23/2008, 21:07:59] - Terminating Windows NT Logon/Logoff Manager
[02/23/2008, 21:07:59] - Re-enabling Automatic Shell Restart
[02/23/2008, 21:07:59] - File to disable: C:\WINDOWS\system32\vturo.dll
[02/23/2008, 21:07:59] - Removing HKLM\...\Browser Helper Objects\{9269E781-6EB1-449F-8C33-098B57DD0FBA}
[02/23/2008, 21:07:59] - Removing HKCR\CLSID\{9269E781-6EB1-449F-8C33-098B57DD0FBA}
[02/23/2008, 21:07:59] - Adding Kill Bit for ActiveX for GUID: {9269E781-6EB1-449F-8C33-098B57DD0FBA}
[02/23/2008, 21:07:59] - Deleting ATLEvents/MSEvents Registry entries
[02/23/2008, 21:07:59] - Removing HKLM\...\Winlogon\Notify\vturo
[02/23/2008, 21:07:59] - Searching for Browser Helper Objects:
[02/23/2008, 21:07:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:07:59] - BHO 2: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:07:59] - BHO 3: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:07:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:59] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:07:59] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:07:59] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:07:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:07:59] - No filename found. Continuing.
[02/23/2008, 21:07:59] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:07:59] - BHO 6: {989ACFC2-30CA-46E7-92BE-7C42F5584A9D} (MSEvents Object)
[02/23/2008, 21:07:59] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:59] - BHO 7: {C3C0859F-381E-4431-BDDF-A798C2830AFC} (MSEvents Object)
[02/23/2008, 21:07:59] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:59] - BHO 8: {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} (MSEvents Object)
[02/23/2008, 21:07:59] - ALERT: Found MSEvents Object!
[02/23/2008, 21:07:59] - Finished Searching Browser Helper Objects
[02/23/2008, 21:07:59] - *** Detected MSEvents Object
[02/23/2008, 21:07:59] - Trying to remove MSEvents Object...
[02/23/2008, 21:08:00] - Terminating Process: IEXPLORE.EXE
[02/23/2008, 21:08:00] - Terminating Process: RUNDLL32.EXE
[02/23/2008, 21:08:00] - Disabling Automatic Shell Restart
[02/23/2008, 21:08:00] - Terminating Process: EXPLORER.EXE
[02/23/2008, 21:08:00] - Suspending the NT Session Manager System Service
[02/23/2008, 21:08:00] - Terminating Windows NT Logon/Logoff Manager
[02/23/2008, 21:08:00] - Re-enabling Automatic Shell Restart
[02/23/2008, 21:08:00] - File to disable: C:\WINDOWS\system32\geedd.dll
[02/23/2008, 21:08:00] - Removing HKLM\...\Browser Helper Objects\{989ACFC2-30CA-46E7-92BE-7C42F5584A9D}
[02/23/2008, 21:08:00] - Removing HKCR\CLSID\{989ACFC2-30CA-46E7-92BE-7C42F5584A9D}
[02/23/2008, 21:08:00] - Adding Kill Bit for ActiveX for GUID: {989ACFC2-30CA-46E7-92BE-7C42F5584A9D}
[02/23/2008, 21:08:00] - Deleting ATLEvents/MSEvents Registry entries
[02/23/2008, 21:08:00] - Removing HKLM\...\Winlogon\Notify\geedd
[02/23/2008, 21:08:00] - Searching for Browser Helper Objects:
[02/23/2008, 21:08:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:08:00] - BHO 2: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:08:00] - BHO 3: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:08:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:08:00] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:08:00] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:08:00] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:08:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:08:00] - No filename found. Continuing.
[02/23/2008, 21:08:00] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:08:00] - BHO 6: {C3C0859F-381E-4431-BDDF-A798C2830AFC} (MSEvents Object)
[02/23/2008, 21:08:00] - ALERT: Found MSEvents Object!
[02/23/2008, 21:08:00] - BHO 7: {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} (MSEvents Object)
[02/23/2008, 21:08:00] - ALERT: Found MSEvents Object!
[02/23/2008, 21:08:00] - Finished Searching Browser Helper Objects
[02/23/2008, 21:08:00] - *** Detected MSEvents Object
[02/23/2008, 21:08:00] - Trying to remove MSEvents Object...
[02/23/2008, 21:08:01] - Terminating Process: IEXPLORE.EXE
[02/23/2008, 21:08:01] - Terminating Process: RUNDLL32.EXE
[02/23/2008, 21:08:01] - Disabling Automatic Shell Restart
[02/23/2008, 21:08:01] - Terminating Process: EXPLORER.EXE
[02/23/2008, 21:08:02] - Suspending the NT Session Manager System Service
[02/23/2008, 21:08:02] - Terminating Windows NT Logon/Logoff Manager
[02/23/2008, 21:08:02] - Re-enabling Automatic Shell Restart
[02/23/2008, 21:08:02] - File to disable: C:\WINDOWS\system32\jkhfe.dll
[02/23/2008, 21:08:02] - Removing HKLM\...\Browser Helper Objects\{C3C0859F-381E-4431-BDDF-A798C2830AFC}
[02/23/2008, 21:08:02] - Removing HKCR\CLSID\{C3C0859F-381E-4431-BDDF-A798C2830AFC}
[02/23/2008, 21:08:02] - Adding Kill Bit for ActiveX for GUID: {C3C0859F-381E-4431-BDDF-A798C2830AFC}
[02/23/2008, 21:08:02] - Deleting ATLEvents/MSEvents Registry entries
[02/23/2008, 21:08:02] - Removing HKLM\...\Winlogon\Notify\jkhfe
[02/23/2008, 21:08:02] - Searching for Browser Helper Objects:
[02/23/2008, 21:08:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:08:02] - BHO 2: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:08:02] - BHO 3: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:08:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:08:02] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:08:02] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:08:02] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:08:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:08:02] - No filename found. Continuing.
[02/23/2008, 21:08:02] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:08:02] - BHO 6: {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3} (MSEvents Object)
[02/23/2008, 21:08:02] - ALERT: Found MSEvents Object!
[02/23/2008, 21:08:02] - Finished Searching Browser Helper Objects
[02/23/2008, 21:08:02] - *** Detected MSEvents Object
[02/23/2008, 21:08:02] - Trying to remove MSEvents Object...
[02/23/2008, 21:08:03] - Terminating Process: IEXPLORE.EXE
[02/23/2008, 21:08:03] - Terminating Process: RUNDLL32.EXE
[02/23/2008, 21:08:03] - Disabling Automatic Shell Restart
[02/23/2008, 21:08:03] - Terminating Process: EXPLORER.EXE
[02/23/2008, 21:08:03] - Suspending the NT Session Manager System Service
[02/23/2008, 21:08:03] - Terminating Windows NT Logon/Logoff Manager
[02/23/2008, 21:08:03] - Re-enabling Automatic Shell Restart
[02/23/2008, 21:08:03] - File to disable: C:\WINDOWS\system32\jkhhe.dll
[02/23/2008, 21:08:03] - Removing HKLM\...\Browser Helper Objects\{FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3}
[02/23/2008, 21:08:03] - Removing HKCR\CLSID\{FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3}
[02/23/2008, 21:08:03] - Adding Kill Bit for ActiveX for GUID: {FD576B1A-BF4A-4E3B-BAFE-F11E6D86F0F3}
[02/23/2008, 21:08:03] - Deleting ATLEvents/MSEvents Registry entries
[02/23/2008, 21:08:03] - Removing HKLM\...\Winlogon\Notify\jkhhe
[02/23/2008, 21:08:03] - Searching for Browser Helper Objects:
[02/23/2008, 21:08:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 21:08:03] - BHO 2: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/23/2008, 21:08:03] - BHO 3: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/23/2008, 21:08:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:08:03] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/23/2008, 21:08:03] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/23/2008, 21:08:03] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/23/2008, 21:08:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/23/2008, 21:08:03] - No filename found. Continuing.
[02/23/2008, 21:08:03] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 21:08:03] - Finished Searching Browser Helper Objects
[02/23/2008, 21:08:03] - Finishing up...
[02/23/2008, 21:08:03] - A restart is needed.
[02/23/2008, 21:08:13] - Attempting to Restart via STOP error (Blue Screen!)

[02/24/2008, 8:22:00] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RACHEL\Bureau\VirtumundoBeGone.exe" )
[02/24/2008, 8:24:57] - Detected System Information:
[02/24/2008, 8:24:57] - Windows Version: 5.1.2600, Service Pack 2
[02/24/2008, 8:24:57] - Current Username: RACHEL (Admin)
[02/24/2008, 8:24:57] - Windows is in NORMAL mode.
[02/24/2008, 8:24:57] - Searching for Browser Helper Objects:
[02/24/2008, 8:24:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/24/2008, 8:24:57] - BHO 2: {59879FA4-4790-461c-A1CC-4EC4DE4CA483} (RXResultTracker Class)
[02/24/2008, 8:24:57] - BHO 3: {74179869-295F-44F7-A778-6847AB1FD513} ()
[02/24/2008, 8:24:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2008, 8:24:57] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[02/24/2008, 8:24:57] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[02/24/2008, 8:24:57] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/24/2008, 8:24:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2008, 8:24:57] - No filename found. Continuing.
[02/24/2008, 8:24:57] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/24/2008, 8:24:57] - Finished Searching Browser Helper Objects
[02/24/2008, 8:24:57] - Finishing up...
[02/24/2008, 8:24:57] - Nothing found! Exiting...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:41:14, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\CCM.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {74179869-295F-44F7-A778-6847AB1FD513} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pctfbwjo] c:\windows\system32\pctfbwjo.exe pctfbwjo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll
O20 - Winlogon Notify: jkkji - C:\WINDOWS\system32\jkkji.dll (file missing)
O20 - Winlogon Notify: urqpmkl - urqpmkl.dll (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://a2.g.akamai.net/f/2/1688/1h/www.tv-radio.com/player/images/blank.gif
O24 - Desktop Component 1: (no name) - http://www.europe2.fr/img/header/logo.gif
End of file - 6421 bytes

Répondre à Astrid

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Saiyen75, le dimanche 24 février 2008 à 18:20:39

Salut,

En faite, tu as crée un nouveau dossier nommé CCM.exe.
Ce que tu dois nommer en CCM.exe c'est HijackThis.exe.

++

Répondre à Saiyen75

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Astrid, le dimanche 24 février 2008 à 20:31:14

Slt,
Là, je cale..C'est compliqué pour moi. Peux-tu m'expliquer (en termes simples) la manip exact pour y arriver?
Merci d'avance..

Répondre à Astrid

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Saiyen75, le lundi 25 février 2008 à 01:27:34

Ok

---> Ouvre poste de travail
---> Ouvre C:\ (c'est ton disque dur)
---> il y'a un dossier nommé : CCM.exe ouvre le
---> La tu vois HijackThis.exe (bonhomme rouge)
---> Clic droit dessus
---> Renommer
---> Tappe : CCM.exe
---> Puis ENTREE.

Ensuite tu double clic dessus pour l'executer
Et tu fait les meme manip que d'habitude pour poster un log sur le forum.

++

Répondre à Saiyen75

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

Astrid, le lundi 25 février 2008 à 18:49:25

Salut,
Merci pour tes précisions, je pense que cette fois est la bonne!!
Qu'a donné Vertumondobegone? Est-ce la "bête" est toujours là?
A+. Ci joint nouveau rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37, on 2008-02-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\CCM.exe\CCM.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {74179869-295F-44F7-A778-6847AB1FD513} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pctfbwjo] c:\windows\system32\pctfbwjo.exe pctfbwjo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll
O20 - Winlogon Notify: jkkji - C:\WINDOWS\system32\jkkji.dll (file missing)
O20 - Winlogon Notify: urqpmkl - urqpmkl.dll (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://a2.g.akamai.net/f/2/1688/1h/www.tv-radio.com/player/images/blank.gif
O24 - Desktop Component 1: (no name) - http://www.europe2.fr/img/header/logo.gif
End of file - 6415 bytes