Salut à tous,
Vundo :
Code: 
- VundoFix V6.5.4
-
- Checking Java version...
-
- Java version is 1.5.0.9
- Old versions of java are exploitable and should be removed.
-
- Scan started at 02:47:04 02/07/2007
-
- Listing files found while scanning....
-
- No infected files were found.
-
-
- Beginning removal...
-
- VundoFix V6.5.4
-
- Checking Java version...
-
- Java version is 1.5.0.9
- Old versions of java are exploitable and should be removed.
-
- Scan started at 03:15:55 02/07/2007
-
- Listing files found while scanning....
-
- No infected files were found.
-
-
- Beginning removal...
VirtumondoBegone :
Code: - [07/02/2007, 2:49:21] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Muyo\Bureau\VirtumundoBeGone.exe" )
- [07/02/2007, 2:49:25] - Detected System Information:
- [07/02/2007, 2:49:25] - Windows Version: 5.1.2600, Service Pack 2
- [07/02/2007, 2:49:25] - Current Username: Muyo (Admin)
- [07/02/2007, 2:49:25] - Windows is in NORMAL mode.
- [07/02/2007, 2:49:25] - Searching for Browser Helper Objects:
- [07/02/2007, 2:49:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
- [07/02/2007, 2:49:25] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
- [07/02/2007, 2:49:25] - Finished Searching Browser Helper Objects
- [07/02/2007, 2:49:25] - Finishing up...
- [07/02/2007, 2:49:25] - Nothing found! Exiting...
Hijackthis :
Code: - Logfile of Trend Micro HijackThis v2.0.0 (BETA)
- Scan saved at 02:50:53, on 02/07/2007
- Platform: Windows XP SP2 (WinNT 5.01.2600)
- Boot mode: Normal
-
- Running processes:
- D:\WINDOWS\System32\smss.exe
- D:\WINDOWS\system32\winlogon.exe
- D:\WINDOWS\system32\services.exe
- D:\WINDOWS\system32\lsass.exe
- D:\WINDOWS\system32\svchost.exe
- D:\WINDOWS\System32\svchost.exe
- D:\WINDOWS\system32\spoolsv.exe
- D:\WINDOWS\Explorer.EXE
- D:\Program Files\Winamp\winampa.exe
- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
- D:\WINDOWS\SOUNDMAN.EXE
- D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
- D:\WINDOWS\system32\RUNDLL32.EXE
- D:\WINDOWS\vsnpstd3.exe
- D:\WINDOWS\system32\ctfmon.exe
- D:\Program Files\MSN Messenger\MsnMsgr.Exe
- D:\Program Files\Messenger\msmsgs.exe
- D:\Program Files\Logitech\SetPoint\SetPoint.exe
- D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
- D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
- D:\WINDOWS\system32\nvsvc32.exe
- D:\WINDOWS\system32\svchost.exe
- D:\WINDOWS\system32\svchost.exe
- D:\Program Files\Internet Explorer\iexplore.exe
- D:\Documents and Settings\Muyo\Bureau\test.exe.exe
-
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
- R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
- O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
- O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
- O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
- O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
- O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
- O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
- O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
- O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
- O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
- O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
- O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
- O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
- O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
- O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
- O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
- O4 - Startup: OpenOffice.org 2.2.lnk = D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
- O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
- O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
- O4 - Global Startup: Logitech SetPoint.lnk = ?
- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
- O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
- O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
- O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
- O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
- O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
- O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
- O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
- O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
- O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=
- O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
- O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
- O21 - SSODL: system32 - {90809EB8-F2E5-4AFF-B8CE-2B68F5286FAA} - sysprinters.dll (file missing)
- O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
- O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
- O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
- O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
- O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe
- O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe
- O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe
- O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - D:\WINDOWS\system32\mnmsrvc.exe
- O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
- O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe
- O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe
- O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
- O23 - Service: Carte à puce (SCardSvr) - Unknown owner - D:\WINDOWS\System32\SCardSvr.exe
- O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - D:\WINDOWS\system32\smlogsvc.exe
- O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe
- O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe
-
- --
- End of file - 7544 bytes
MSNFix.zip :
Code: - MSN_Fix 1.330
-
- D:\Documents and Settings\Muyo\Bureau\MSNFix
- Fix exécuté le 02/07/2007 - 3:22:10,03 By Muyo
- mode normal
-
- ************************ Fichiers suspects
-
- /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
-
-
-
-
- ------------------------------------------------------------------------
- Auteur : !aur3n7 Contact: http://246694.aceboard.fr
- ------------------------------------------------------------------------
-
- --------------------------------------------- E
J'espère que vous arriverais à m'aider car je ne suporte plus ce virus ( et pourtant je savais que je devais pas acceptez le fichier je sais pas ce qu'il ma pris quand je l'ai vue j'était dégouté par la suite ...
Muyo.
