demande d'aide suite à un rapport highjack

Question

bonjour à tous, j'ai vu que je ne suis pas le seul à avoir été infecté par :> trojan horse tr qhost.grsystem32/hclean32.exeet> trojan horse tr/click 526system32/rdsndin.exeVisiblement c'est plutôt la galère, pour éradiquer ces trojan, et mise à part la solution highjack, je ne vois pas ce que je peux faire pour en venir à bout...Voici ma config windows xp (service pack 2)amd sempron 2600639 ddr ramhdd 40 go samsunghdd 120 go maxtor diamondmax plus 9 atacarte grahique : g force 5200j'utilise le pare- feu windowsanti vir ne detecte rienad aware non plusj'ai lancé reg cleanerpuis une defrag, mais ça n'a rien donné.il ne me reste je crois plus qu'une solution avant le formatage !?voici le rapport de highjack si quelqu'un pouvait me venir en aide ?merci d'avance !?Logfile of HijackThis v1.99.1Scan saved at 01:29:47, on 31/08/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32
vsvc32.exeC:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\Program Files\WINAMP\winampa.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Utils\coolmon\DaisyManSoftware\CoolMon.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeD:\emule\emule.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Utilseg cleaner\RegCleaner\RegCleanr.exeC:\Utils\highjackthis\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {65D3B345-9237-0FB3-E123-94D328F53678} - MSTCPDLL.dll (file missing)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /minO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [slamm] stuffmon.exeO4 - HKLM\..\Run: [InpriseMon] SYSTRAV.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"O4 - HKCU\..\Run: [nmdllw] new32.exeO4 - HKCU\..\Run: [gabber] MON76234.exeO4 - HKCU\..\Run: [MONITER] FLKPT.exeO4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStartO4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exeO4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 195.95.218.18,85.255.112.11O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 195.95.218.18,85.255.112.11O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 195.95.218.18 85.255.112.11O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeS'il y a besoin d'autre chose, dites le moi ? (silent runers ?) mektub

boulepate · Answer

Salut,As tu spybot ?Et a² free ? pour virer t'es trojans que tu as cité

mektub · Answer

non, je ne les ai pas.après plusieurs mois d'utilisation de spyboot, j'ai remarqué qu'il ne detectait rien de ce que ad aware detectait.j'ai donc tout simplement décidé de le virer.quand à a²free, je l'ai essayé qu'une seule fois il y a longtemps....je ne l'ai plus...je vais tenter de les retouver, lancer les 2 bêtes, et je reviens te dire si c'est concluant.a+mektub

mektub · Answer

spyboot ne detecte rien.je vais en essayer d'autres et vous tient au courant

mektub · Answer

je ne trouve pas a&free,  par contre j'ai trouvé quelque chose qui s'apelle a² squeerd free, avec inscription sur le site pour avoir des clé d'activations, un peu saoulant la démarche.... .... ...quelqu'un aurait peut-être un lien vers la page de dl de a²free ? mektub

mektub · Answer

en attendant une réponse à propos de a²free, j'ai dl et lancé "trojan remover" qui a trouvé ça:C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GStartup.lnkje ne sais pas ce que c'est, si quelqu'un peut me dire ce que c'est et si je peux le virer sans risque, je pense que oui, ou bien  ?

mektub · Answer

a²free est en cours... ;-)

boulepate · Answer

ok d'ac ;) j'espere que ça reglera le probléme après ça redemarre ton pc =)

mektub · Answer

a²free n'a rien trouvé...enfi si, une dizaine de cookies, et le même fichiers que "trojan remover" avait detecté.comme en attendant je ne sais pas quoi faire d'autre... je relance ad aware pour voir...mektub

Real Mona · Answer

Bonjour,J'ai regardé ton log, et il a pas mal de choses à nettoyer...Imprime ceci pour ne rien oublier de faire :Méthode à suivre dans l'ordre... ---------------------------------------------------------------------------- Télécharge Clean Up 40:http://pageperso.aol.fr/balltrap34/CleanUp40.exe -aide en image:(merci à Balltrap34) http://pageperso.aol.fr/balltrap34/democleanup.htm---------------------------------------------------------------------------- Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5) ---------------------------------------------------------------------------- Désactive ta restauration système: Clic droit sur poste de travail puis, propriété, tu cliques sur onglet restauration système tu coches la case « désactiver la restauration » et applique ---------------------------------------------------------------------------- Affiche tous les fichiers et dossiers : Clique sur démarrer/panneau de configuration/option des dossiers/affichage Coche « afficher les fichiers et dossiers cachés » Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" Décoche « masquer les extensions dont le type est connu » Puis fais «Ok» pour valider les changements. Et appliquer ! ---------------------------------------------------------------------------- Vide tes fichiers temps et tempory internet file: utilise ceci pour le faire (tu as téléchargé avant)  http://pageperso.aol.fr/balltrap34/CleanUp40.exe ---------------------------------------------------------------------------- ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :  R3 - URLSearchHook: (no name) - {65D3B345-9237-0FB3-E123-94D328F53678} - MSTCPDLL.dll (file missing)O4 - HKLM\..\Run: [slamm] stuffmon.exeO4 - HKLM\..\Run: [InpriseMon] SYSTRAV.exeO4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"O4 - HKCU\..\Run: [nmdllw] new32.exeO4 - HKCU\..\Run: [gabber] MON76234.exeO4 - HKCU\..\Run: [MONITER] FLKPT.exeO4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe----------------------------------------------------------------------------Recherche et supprime ceci: attention seulement le fichier  (si présent)C:\Program Files\Fichiers communs\GMT\GMT.exe----------------------------------------------------------------------------¤ Passe Ad-Aware et vire tout ce qu’il trouve ----------------------------------------------------------------------------¤ Passe Spybot et vire tout ce qu’il trouve ----------------------------------------------------------------------------> Tu vides ta poubelle et tu redémarres en mode normal et refait un HijackThis  Précise tes soucis s’il en reste.... Tiens-moi au courant  A+M.

mektub · Answer

Salut Real Mona,déjà merci beaucoup. Là je n'ai pas le temps de suivre ta manip, je dois me préparer pour aller au taf. Mais j'ai déjà imprimé la marche à suivre, je le ferai ce soir. En attendant tu peux peut-être me dire un truc ?Je suis allé voir dans C:Program Files\fichiers communs\GMT\GMT.exeje n'ai trouvé aucun .exe (trojan remover l'avait détecté et a²free aussi) je l'ai donc supprimé.par contre j'ai un GMT.exe.manifestj'en fais quoi de celui là ? Je le vire aussi ?Merci encore !

Real Mona · Answer

Re, Ce fichier tu le trouves où ?M.

mektub · Answer

C:Program Files\fichiers communs\GMT\GMT.exe.manifest

mektub · Answer

pour info, j'ai essayé de passer un coup d'ad aware hier soir, il a trouvé une cinquantaine d'objet, mais je n'ai pas pu les mettre en quarantaine....au moment où tu les met en quarantaine, il y a une barre de progression....   ben elle restait bloquée... elle restait affichée à l'écran par dessus la fenêtre d'ad aware...je le ferme et  le relance, là il bloque au bout de quelque 10000 fichiers inspecté. je le désinstalle et retelecharge une version plus actuelle....j'ai ewactement les mêmes problèmes avec lui...MektubPS: le fichier GMT se trouve encore dans C:Program files/fichiers communs/GMT/gmt.exe.manifest

Real Mona · Answer

Re,Le mieux est que tu me repostes un HijackThis...Mais avant tu peux aller faire un autre scan en ligne gratuit sur http://www.bitdefender.com/scan/licence.phpA+M.

mektub · Answer

ok te refais un highjack ce soir.je dois bougersur bitdefender, j'ai essayé hier soir, mais il n'a pas réussi, soit disant parce que bitdefender a detecté le service pack 2 !??J'ai laissé tomber, et suis venu sur "comment ça marche" ...et pour le fichier C:Program files/fichiers communs/GMT/gmt.exe.manifestJ'en fais quoi ?++

Real Mona · Answer

On verra sur ton nouveau log HijackThis ce qu'on en fait !Si Bitdefender ne marche pas essaie l'un de ces deux:http://www.pandasoftware.com/activescan/fr/activescan_principal.htm http://webscanner.kaspersky.fr/M.

mektub · Answer

Voilà:  en attendant je vais sur le ou les liens que tu m'as indiqué...merci !Logfile of HijackThis v1.99.1Scan saved at 21:56:58, on 31/08/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32
vsvc32.exeC:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\WINAMP\winampa.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeD:\emule\emule.exeC:\Utils\coolmon\DaisyManSoftware\CoolMon.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Utils\highjackthis\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {65D3B345-9237-0FB3-E123-94D328F53678} - MSTCPDLL.dll (file missing)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /minO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [slamm] stuffmon.exeO4 - HKLM\..\Run: [InpriseMon] SYSTRAV.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"O4 - HKCU\..\Run: [nmdllw] new32.exeO4 - HKCU\..\Run: [gabber] MON76234.exeO4 - HKCU\..\Run: [MONITER] FLKPT.exeO4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStartO4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 195.95.218.18,85.255.112.11O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 195.95.218.18,85.255.112.11O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 195.95.218.18 85.255.112.11O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

Real Mona · Answer

Re,Post  < 15 > la dame elle a dit : "Le mieux est que tu me repostes un HijackThis... Mais avant tu peux aller faire un autre scan en ligne..."Donc please, fais un scan en ligne sur un des deux sites que je t'ai transmis, puis fait un hijackthis et poste le moi.Merci !M.

mektub · Answer

merci madame :-)j'ai lancé kasperky (online) et n'a rien trouvé de suspect.ceci dit j'ai un message sur la fenêtre de kaspersky qui me dit qu'il doit tourner sans aucun autre logiciel actif.je l'ai fait avec anti vir en fond.je dois recommencer avec anti vir coupé ? Sinon, j'ai fait les différentes manip que tu m'avais dit de faire: à savoir:> désactiver la restauration systeme> afficher les dossiers cachés> masquer les fichiers protegés du systeme> masquer les extensions dont le type est connu> vider les temps (déjà vide avant que tu me demandes)> et fixer les 8 lignes dans highjackthisque veux tu que je fasse ?  Je t'envoi le log ? Tu préfère que je refasse un scan avec anti vir coupé ?

Real Mona · Answer

Aaaaah ! puisque Monsieur a l'air de bonne volonté, va faire un scan sur http://www.pandasoftware.com/activescan/fr/activescan_principal.htm avec anti vir désactivé (je pense pas que ca fasse grande différence)Puis fais un hijackthis et poste le moi... !A+M.

mektub · Answer

le scan n'est pas encore fini avec Panda, il en est à 1/3pour l'instant, il a detecté 1 virus, 8 logiciels espions et 3 numéroteurs...bonne nouvelle !  enfin...

mektub · Answer

il y a un petit message en rouge sur la page de scan de panda:> 1. cliquez sur activ scanje peux/je dois cliquer dessus ?

mektub · Answer

bon, l'analyse est terminé:Incident                      Statut                        Analyse                                                                                                                                                                                                                                                         Adware:adware/gator           No Désinfecté                 C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMP\bundle.inf                                                                                                                                                                                         Spyware:spyware/betterinet    No Désinfecté                 C:\WINDOWS\SYSTEM32\msexnpfi.exe                                                                                                                                                                                                                                Adware:adware/cws             No Désinfecté                 C:\DOCUMENTS AND SETTINGS\ALL USERS\FAVORIS\AdultGambling.url                                                                                                                                                                                                   Spyware:spyware/wareout       No Désinfecté                 C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\wo.tmp                                                                                                                                                                                                Dialer:dialer.bjp             No Désinfecté                 HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET                                                                                                                                                   Dialer:dialer.akd             No Désinfecté                 HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ                                                                                                                                                        Dialer:dialer.bqw             No Désinfecté                 HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\CONC                                                                                                                                                                                                Adware:Adware/Startpage.ADT   No Désinfecté                 C:\Program Files\A. programmes
ero\Nero 6.3.0.0 Fr Pack 1-2-3-4-5 Complet Et Keygen.zip[NeroKey.exe]                                                                                                                                                           Adware:Adware/Startpage.ADT   No Désinfecté                 C:\Utils
ero\Nero 6.3.0.0 Fr Pack 1-2-3-4-5 Complet Et Keygen.zip[NeroKey.exe]                                                                                                                                                                                 Adware:Adware/Startpage.ADT   No Désinfecté                 C:\Utils
ero\NERO 6.3.0.0 Pack 1-2-3-4-5 Complet et Keygen (Burning ROM-Vision Express 2-InCD-Media Player-NeroMix)\KEYGEN\NeroKey.exe                                                                                                                         Spyware:Spyware/Cydoor        No Désinfecté                 C:\Utils\spy boot\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll                                                                                                                                                                                          Virus:W32/Kelvir.CU.worm      Renommé                       D:\emule\Temp\004.part[Comment Gagner gros sur internet by ANGE.zip][La 1re astuce pour tricher avec eurobarre.zip][Eurofake.exe]                                                                                                                               voici le rapport highjackthis:Logfile of HijackThis v1.99.1Scan saved at 00:12:19, on 01/09/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32
vsvc32.exeC:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\WINAMP\winampa.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Utils\coolmon\DaisyManSoftware\CoolMon.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Utils\highjackthis\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /minO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStartO4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 195.95.218.18,85.255.112.11O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 195.95.218.18,85.255.112.11O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 195.95.218.18 85.255.112.11O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

mektub · Answer

je peux aller chercher tous les fichiers que le scan de panda a detecté, et tous les supprimer manuellement ?

mektub · Answer

Voilà, j'ai tout fait !!en mode sans echec, j'ai:> désactiver la restauration systeme > afficher les dossiers cachés > masquer les fichiers protegés du systeme > masquer les extensions dont le type est connu > vider les temps (déjà vide avant que tu me demandes) > fixer les 8 lignes dans highjackthis > passer spybot et virer tout ce qu'il a t-rouvé.> passer a² squeerd et virer tout ce qu'il a trouvé> j'ai passé ad aware, mais il a bloqué quand il est arrivé à/H KEY LOCAL MACHINE/SOFTWAREc'est pour cette raison que j'ai passé un coup d' a² squeeredje viens de faire un log sur highjackthis que voici:Logfile of HijackThis v1.99.1Scan saved at 01:03:26, on 01/09/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32
vsvc32.exeC:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\WINAMP\winampa.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\System32\alg.exeD:\emule\emule.exeC:\Utils\coolmon\DaisyManSoftware\CoolMon.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\wuauclt.exeC:\Utils\highjackthis\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /minO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStartO4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 195.95.218.18,85.255.112.11O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 195.95.218.18,85.255.112.11O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 195.95.218.18 85.255.112.11O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exemerci d'avance ?

mektub · Answer

up ?

mektub · Answer

Salut vous tous, quelqu'un peut m'aider pendant l'absence de real Mona ? les 2 trojans sont encore là... merci ?

Utilisateur anonyme · Answer

salutfais cecidemarer<poste de travail< c< programmes files<av personal<logfiles<NTGRDRTCopie/colle tout ce qu il y a a l interieurA+

mektub · Answer

Bonjour Régis, merci de ton aide !
voilà:

:47 ---------------------------------------------------------
20/07/2005,13:12:47 [INIT] The AVGuard Service is starting.
20/07/2005,13:12:48 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,13:12:49 [INFO] Start Filter Device.
20/07/2005,13:12:49 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,13:12:49 AVGuard has been started successfully!
20/07/2005,13:12:52 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,13:12:52 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa8ada0a.
20/07/2005,17:16:29 [INFO] Stop Filter Device.
20/07/2005,17:16:30 AVGuard service has been stopped!
20/07/2005,17:21:34 ---------------------------------------------------------
20/07/2005,17:21:34 [INIT] The AVGuard Service is starting.
20/07/2005,17:21:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,17:21:38 [INFO] Start Filter Device.
20/07/2005,17:21:38 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,17:21:38 AVGuard has been started successfully!
20/07/2005,17:21:48 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,17:21:48 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad102.
20/07/2005,17:37:07 [INFO] Stop Filter Device.
20/07/2005,17:37:08 AVGuard service has been stopped!
20/07/2005,17:37:52 ---------------------------------------------------------
20/07/2005,17:37:52 [INIT] The AVGuard Service is starting.
20/07/2005,17:37:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,17:37:55 [INFO] Start Filter Device.
20/07/2005,17:37:55 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,17:37:55 AVGuard has been started successfully!
20/07/2005,17:38:04 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,17:38:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad08b.
20/07/2005,17:39:51 [INFO] Stop Filter Device.
20/07/2005,17:39:51 AVGuard service has been stopped!
20/07/2005,17:41:40 ---------------------------------------------------------
20/07/2005,17:41:40 [INIT] The AVGuard Service is starting.
20/07/2005,17:41:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,17:41:43 [INFO] Start Filter Device.
20/07/2005,17:41:43 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,17:41:43 AVGuard has been started successfully!
20/07/2005,17:41:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,17:41:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaadb2c.
20/07/2005,19:07:21 [INFO] Stop Filter Device.
20/07/2005,19:07:22 AVGuard service has been stopped!
20/07/2005,19:08:08 ---------------------------------------------------------
20/07/2005,19:08:08 [INIT] The AVGuard Service is starting.
20/07/2005,19:08:09 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,19:08:13 [INFO] Start Filter Device.
20/07/2005,19:08:13 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,19:08:13 AVGuard has been started successfully!
20/07/2005,19:08:18 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,19:08:18 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaade19.
20/07/2005,20:00:51 [INFO] Stop Filter Device.
20/07/2005,20:00:52 AVGuard service has been stopped!
20/07/2005,20:01:35 ---------------------------------------------------------
20/07/2005,20:01:35 [INIT] The AVGuard Service is starting.
20/07/2005,20:01:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,20:01:38 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,20:01:38 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaafdcd.
20/07/2005,20:01:44 [INFO] Start Filter Device.
20/07/2005,20:01:44 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,20:01:44 AVGuard has been started successfully!
20/07/2005,20:42:32 [INFO] Stop Filter Device.
20/07/2005,20:42:33 AVGuard service has been stopped!
20/07/2005,23:03:31 ---------------------------------------------------------
20/07/2005,23:03:31 [INIT] The AVGuard Service is starting.
20/07/2005,23:03:32 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,23:03:34 [INFO] Start Filter Device.
20/07/2005,23:03:34 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,23:03:34 AVGuard has been started successfully!
20/07/2005,23:03:42 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,23:03:42 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaacffb.
20/07/2005,23:05:21 [INFO] Stop Filter Device.
20/07/2005,23:05:21 AVGuard service has been stopped!
20/07/2005,23:06:35 ---------------------------------------------------------
20/07/2005,23:06:35 [INIT] The AVGuard Service is starting.
20/07/2005,23:06:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,23:06:38 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,23:06:38 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaaefbd.
20/07/2005,23:06:43 [INFO] Start Filter Device.
20/07/2005,23:06:43 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,23:06:43 AVGuard has been started successfully!
20/07/2005,23:15:02 [INFO] Stop Filter Device.
20/07/2005,23:15:03 AVGuard service has been stopped!
20/07/2005,23:23:10 ---------------------------------------------------------
20/07/2005,23:23:10 [INIT] The AVGuard Service is starting.
20/07/2005,23:23:11 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,23:23:13 [INFO] Start Filter Device.
20/07/2005,23:23:13 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,23:23:13 AVGuard has been started successfully!
20/07/2005,23:23:20 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,23:23:21 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaacecd.
20/07/2005,23:30:22 [INFO] Stop Filter Device.
20/07/2005,23:30:23 AVGuard service has been stopped!
20/07/2005,23:42:36 ---------------------------------------------------------
20/07/2005,23:42:36 [INIT] The AVGuard Service is starting.
20/07/2005,23:42:36 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,23:42:38 [INFO] Start Filter Device.
20/07/2005,23:42:38 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,23:42:38 AVGuard has been started successfully!
20/07/2005,23:42:43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,23:42:43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaafc40.
20/07/2005,23:43:01 [INFO] Stop Filter Device.
20/07/2005,23:43:01 AVGuard service has been stopped!
20/07/2005,23:44:40 ---------------------------------------------------------
20/07/2005,23:44:40 [INIT] The AVGuard Service is starting.
20/07/2005,23:44:41 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
20/07/2005,23:44:43 [INFO] Start Filter Device.
20/07/2005,23:44:43 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
20/07/2005,23:44:43 AVGuard has been started successfully!
20/07/2005,23:44:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
20/07/2005,23:44:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaaf4b7.
20/07/2005,23:52:52 [INFO] Stop Filter Device.
20/07/2005,23:52:53 AVGuard service has been stopped!
22/07/2005,22:01:07 ---------------------------------------------------------
22/07/2005,22:01:07 [INIT] The AVGuard Service is starting.
22/07/2005,22:01:08 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/07/2005,22:01:10 [INFO] Start Filter Device.
22/07/2005,22:01:10 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
22/07/2005,22:01:10 AVGuard has been started successfully!
22/07/2005,22:01:18 [LOGON] Connection request by remote computer. Establishing secure communication channel.
22/07/2005,22:01:18 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad82a.
22/07/2005,22:09:53 ---------------------------------------------------------
22/07/2005,22:09:53 [INIT] The AVGuard Service is starting.
22/07/2005,22:09:54 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/07/2005,22:09:56 [LOGON] Connection request by remote computer. Establishing secure communication channel.
22/07/2005,22:09:56 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaaf799.
22/07/2005,22:10:01 [INFO] Start Filter Device.
22/07/2005,22:10:01 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
22/07/2005,22:10:01 AVGuard has been started successfully!
22/07/2005,22:18:48 ---------------------------------------------------------
22/07/2005,22:18:48 [INIT] The AVGuard Service is starting.
22/07/2005,22:18:48 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/07/2005,22:18:51 [INFO] Start Filter Device.
22/07/2005,22:18:51 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
22/07/2005,22:18:51 AVGuard has been started successfully!
22/07/2005,22:18:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
22/07/2005,22:18:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad9f1.
22/07/2005,23:12:40 ---------------------------------------------------------
22/07/2005,23:12:40 [INIT] The AVGuard Service is starting.
22/07/2005,23:12:41 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/07/2005,23:12:43 [INFO] Start Filter Device.
22/07/2005,23:12:43 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
22/07/2005,23:12:43 AVGuard has been started successfully!
22/07/2005,23:12:50 [LOGON] Connection request by remote computer. Establishing secure communication channel.
22/07/2005,23:12:50 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac5fe.
22/07/2005,23:44:24 [INFO] Stop Filter Device.
22/07/2005,23:44:24 AVGuard service has been stopped!
22/07/2005,23:45:07 ---------------------------------------------------------
22/07/2005,23:45:07 [INIT] The AVGuard Service is starting.
22/07/2005,23:45:08 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/07/2005,23:45:08 Error to initialize Windows Sockets: 0x276b
22/07/2005,23:45:09 [INFO] Stop Filter Device.
22/07/2005,23:45:10 AVGuard service has been stopped!
22/07/2005,23:57:16 ---------------------------------------------------------
22/07/2005,23:57:16 [INIT] The AVGuard Service is starting.
22/07/2005,23:57:17 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/07/2005,23:57:19 [INFO] Start Filter Device.
22/07/2005,23:57:19 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
22/07/2005,23:57:19 AVGuard has been started successfully!
22/07/2005,23:57:23 [LOGON] Connection request by remote computer. Establishing secure communication channel.
22/07/2005,23:57:23 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaacdef.
23/07/2005,00:01:36 [INFO] Stop Filter Device.
23/07/2005,00:01:37 AVGuard service has been stopped!
23/07/2005,00:03:01 ---------------------------------------------------------
23/07/2005,00:03:01 [INIT] The AVGuard Service is starting.
23/07/2005,00:03:02 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/07/2005,00:03:04 [INFO] Start Filter Device.
23/07/2005,00:03:04 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
23/07/2005,00:03:04 AVGuard has been started successfully!
23/07/2005,00:03:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/07/2005,00:03:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac054.
23/07/2005,00:07:22 ---------------------------------------------------------
23/07/2005,00:07:22 [INIT] The AVGuard Service is starting.
23/07/2005,00:07:22 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/07/2005,00:07:25 [INFO] Start Filter Device.
23/07/2005,00:07:25 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
23/07/2005,00:07:25 AVGuard has been started successfully!
23/07/2005,00:07:30 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/07/2005,00:07:30 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac422.
25/07/2005,13:14:03 ---------------------------------------------------------
25/07/2005,13:14:03 [INIT] The AVGuard Service is starting.
25/07/2005,13:14:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
25/07/2005,13:14:06 [INFO] Start Filter Device.
25/07/2005,13:14:06 AntiVirService Version: 6.31.00.01 AVE Version 6.31.0.9 VDF Version: 6.31.0.177
25/07/2005,13:14:06 AVGuard has been started successfully!
25/07/2005,13:14:15 [LOGON] Connection request by remote computer. Establishing secure communication channel.
25/07/2005,13:14:15 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad0ea.
25/07/2005,13:17:09 [INFO] Stop Filter Device.
25/07/2005,13:17:10 AVGuard service has been stopped!
25/07/2005,13:17:11 ---------------------------------------------------------
25/07/2005,13:17:11 [INIT] The AVGuard Service is starting.
25/07/2005,13:17:12 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
25/07/2005,13:17:12 [LOGON] Connection request by remote computer. Establishing secure communication channel.
25/07/2005,13:17:12 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa984ef.
25/07/2005,13:17:13 [INFO] Start Filter Device.
25/07/2005,13:17:13 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.15
25/07/2005,13:17:13 AVGuard has been started successfully!
25/07/2005,18:34:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
25/07/2005,18:34:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xab8f97bd.
25/07/2005,18:35:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
25/07/2005,18:35:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xab8c4896.
30/07/2005,21:43:08 [INFO] Stop Filter Device.
30/07/2005,21:43:10 AVGuard service has been stopped!
30/07/2005,21:46:23 ---------------------------------------------------------
30/07/2005,21:46:23 [INIT] The AVGuard Service is starting.
30/07/2005,21:46:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/07/2005,21:46:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/07/2005,21:46:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad847.
30/07/2005,21:46:36 [INFO] Start Filter Device.
30/07/2005,21:46:36 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.15
30/07/2005,21:46:36 AVGuard has been started successfully!
31/07/2005,02:32:34 WARNING: Contains signature of the Java virus JAVA/Dldr.Movie.A!
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IJQNM9MN\S_TA_TS[1].JS
Unable to delete the file:
0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
31/07/2005,02:33:02 WARNING: Contains signature of the Java virus JAVA/Dldr.Movie.A!
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IJQNM9MN\S_TA_TS[1].JS
Unable to delete the file:
0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
07/08/2005,19:09:44 [INFO] Stop Filter Device.
07/08/2005,19:09:47 AVGuard service has been stopped!
07/08/2005,19:12:57 ---------------------------------------------------------
07/08/2005,19:12:57 [INIT] The AVGuard Service is starting.
07/08/2005,19:12:58 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
07/08/2005,19:13:00 [LOGON] Connection request by remote computer. Establishing secure communication channel.
07/08/2005,19:13:00 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac30c.
07/08/2005,19:13:08 [INFO] Start Filter Device.
07/08/2005,19:13:08 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.15
07/08/2005,19:13:08 AVGuard has been started successfully!
10/08/2005,11:57:13 ---------------------------------------------------------
10/08/2005,11:57:13 [INIT] The AVGuard Service is starting.
10/08/2005,11:57:14 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
10/08/2005,11:57:19 [INFO] Start Filter Device.
10/08/2005,11:57:19 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.15
10/08/2005,11:57:19 AVGuard has been started successfully!
10/08/2005,11:57:20 [LOGON] Connection request by remote computer. Establishing secure communication channel.
10/08/2005,11:57:20 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad046.
10/08/2005,16:48:22 ---------------------------------------------------------
10/08/2005,16:48:22 [INIT] The AVGuard Service is starting.
10/08/2005,16:48:23 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
10/08/2005,16:48:26 [LOGON] Connection request by remote computer. Establishing secure communication channel.
10/08/2005,16:48:26 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac0c8.
10/08/2005,16:48:32 [INFO] Start Filter Device.
10/08/2005,16:48:32 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.15
10/08/2005,16:48:32 AVGuard has been started successfully!
12/08/2005,15:11:08 [INFO] Stop Filter Device.
12/08/2005,15:11:09 AVGuard service has been stopped!
12/08/2005,15:11:54 ---------------------------------------------------------
12/08/2005,15:11:54 [INIT] The AVGuard Service is starting.
12/08/2005,15:11:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/08/2005,15:11:57 [INFO] Start Filter Device.
12/08/2005,15:11:57 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.15
12/08/2005,15:11:57 AVGuard has been started successfully!
12/08/2005,15:12:03 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/08/2005,15:12:04 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaad5cb.
12/08/2005,15:29:21 [INFO] Stop Filter Device.
12/08/2005,15:29:21 AVGuard service has been stopped!
12/08/2005,15:29:23 ---------------------------------------------------------
12/08/2005,15:29:23 [INIT] The AVGuard Service is starting.
12/08/2005,15:29:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
12/08/2005,15:29:25 [LOGON] Connection request by remote computer. Establishing secure communication channel.
12/08/2005,15:29:25 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaabac8ec.
12/08/2005,15:29:25 [INFO] Start Filter Device.
12/08/2005,15:29:25 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.103
12/08/2005,15:29:25 AVGuard has been started successfully!
19/08/2005,19:20:18 [INFO] Stop Filter Device.
19/08/2005,19:20:21 AVGuard service has been stopped!
19/08/2005,19:22:16 ---------------------------------------------------------
19/08/2005,19:22:16 [INIT] The AVGuard Service is starting.
19/08/2005,19:22:17 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
19/08/2005,19:22:22 [INFO] Start Filter Device.
19/08/2005,19:22:22 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.103
19/08/2005,19:22:22 AVGuard has been started successfully!
19/08/2005,19:22:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
19/08/2005,19:22:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa7def.
22/08/2005,10:24:23 WARNING: Contains a signature of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs!
C:\PROGRAM FILES\FICHIERS COMMUNS\LNNFPFTF\LHCBHDPPPR\LPBLAPBNN.EXE
22/08/2005,11:47:58 WARNING: Contains signature of the exploits EXP/VBS.Phel.I!
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\UTSBATI5\COUNT[1].HTM
22/08/2005,11:48:07 WARNING: Contains signature of the exploits EXP/VBS.Phel.I!
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IJQNM9MN\COUNT[1].HTM
Unable to delete the file:
0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
22/08/2005,11:48:16 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
22/08/2005,11:48:20 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
22/08/2005,11:48:29 WARNING: Is the Trojan horse TR/Drop.Small.XL!
C:\WINDOWS\SYSTEM32\TJTVC.DLL
File has been deleted!
22/08/2005,11:49:26 WARNING: Contains signature of the exploits EXP/VBS.Phel.I!
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IJQNM9MN\COUNT[1].HTM
File has been deleted!
22/08/2005,11:49:32 WARNING: Contains signature of the exploits EXP/VBS.Phel.I!
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SXK9MZCX\COUNT[1].HTM
File has been deleted!
22/08/2005,11:58:00 ---------------------------------------------------------
22/08/2005,11:58:00 [INIT] The AVGuard Service is starting.
22/08/2005,11:58:01 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
22/08/2005,11:58:03 [INFO] Start Filter Device.
22/08/2005,11:58:03 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.103
22/08/2005,11:58:03 AVGuard has been started successfully!
22/08/2005,11:58:12 [LOGON] Connection request by remote computer. Establishing secure communication channel.
22/08/2005,11:58:12 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2e45.
23/08/2005,18:20:21 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
23/08/2005,18:20:26 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
23/08/2005,21:13:40 [INFO] Stop Filter Device.
23/08/2005,21:13:41 AVGuard service has been stopped!
23/08/2005,21:13:44 ---------------------------------------------------------
23/08/2005,21:13:44 [INIT] The AVGuard Service is starting.
23/08/2005,21:13:45 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
23/08/2005,21:13:45 [LOGON] Connection request by remote computer. Establishing secure communication channel.
23/08/2005,21:13:45 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xad892b50.
23/08/2005,21:13:46 [INFO] Start Filter Device.
23/08/2005,21:13:46 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.167
23/08/2005,21:13:46 AVGuard has been started successfully!
24/08/2005,00:27:00 WARNING: Contains signature of the exploits EXP/VBS.Phel.I!
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W5Z772RD\COUNT[1].HTM
File has been deleted!
24/08/2005,00:27:25 WARNING: Is the Trojan horse TR/Dialer.KK!
C:\WINDOWS\SYSTEM32\CFGRBKREND.EXE
File has been deleted!
24/08/2005,00:27:23 WARNING: Contains signature of the exploits EXP/VBS.Phel.I!
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SXK9MZCX\COUNT[1].HTM
Unable to delete the file:
0x00000020 - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
24/08/2005,02:31:25 WARNING: Is the Trojan horse TR/DNSChanger.S.1.B!
C:\WINDOWS\SYSTEM32\DMPGY.EXE
File has been deleted!
24/08/2005,11:34:57 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
24/08/2005,11:35:02 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
24/08/2005,19:01:34 WARNING: Is the Trojan horse TR/DNSChanger.S.1.B!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP55\A0010912.EXE
File has been deleted!
24/08/2005,23:50:34 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
24/08/2005,23:50:42 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
25/08/2005,14:09:55 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
25/08/2005,14:10:00 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
25/08/2005,14:10:04 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
26/08/2005,02:10:13 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
26/08/2005,02:11:07 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
26/08/2005,14:11:44 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
26/08/2005,14:20:25 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
27/08/2005,02:20:37 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
27/08/2005,02:20:46 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
27/08/2005,13:10:15 WARNING: AVGuard detected a problem in the file
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SXK9MZCX\MAGIECOPPERF[1].PPS
ATTENTION: This OLE document is possibly damaged!
27/08/2005,14:21:20 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
27/08/2005,16:05:07 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
28/08/2005,13:45:32 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
28/08/2005,13:45:36 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
29/08/2005,13:57:19 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
29/08/2005,13:57:27 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
29/08/2005,13:57:29 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
29/08/2005,13:57:33 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
29/08/2005,14:40:25 [INFO] Stop Filter Device.
29/08/2005,14:40:27 AVGuard service has been stopped!
29/08/2005,14:47:56 ---------------------------------------------------------
29/08/2005,14:47:56 [INIT] The AVGuard Service is starting.
29/08/2005,14:47:57 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
29/08/2005,14:48:00 [INFO] Start Filter Device.
29/08/2005,14:48:00 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.167
29/08/2005,14:48:00 AVGuard has been started successfully!
29/08/2005,14:48:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
29/08/2005,14:48:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa3a5f.
29/08/2005,23:51:28 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP60\A0011044.EXE
30/08/2005,23:09:31 [INFO] Stop Filter Device.
30/08/2005,23:09:31 AVGuard service has been stopped!
30/08/2005,23:33:37 ---------------------------------------------------------
30/08/2005,23:33:37 [INIT] The AVGuard Service is starting.
30/08/2005,23:33:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/08/2005,23:33:40 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/08/2005,23:33:40 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac3e3.
30/08/2005,23:33:47 [INFO] Start Filter Device.
30/08/2005,23:33:47 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.167
30/08/2005,23:33:47 AVGuard has been started successfully!
30/08/2005,23:35:57 [INFO] Stop Filter Device.
30/08/2005,23:35:58 AVGuard service has been stopped!
30/08/2005,23:36:00 ---------------------------------------------------------
30/08/2005,23:36:00 [INIT] The AVGuard Service is starting.
30/08/2005,23:36:01 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/08/2005,23:36:02 [INFO] Start Filter Device.
30/08/2005,23:36:02 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.197
30/08/2005,23:36:02 AVGuard has been started successfully!
30/08/2005,23:36:08 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/08/2005,23:36:08 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa801d2.
30/08/2005,23:44:41 [INFO] Stop Filter Device.
30/08/2005,23:44:42 AVGuard service has been stopped!
30/08/2005,23:46:51 ---------------------------------------------------------
30/08/2005,23:46:51 [INIT] The AVGuard Service is starting.
30/08/2005,23:46:52 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
30/08/2005,23:46:54 [LOGON] Connection request by remote computer. Establishing secure communication channel.
30/08/2005,23:46:54 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaaca56.
30/08/2005,23:47:00 [INFO] Start Filter Device.
30/08/2005,23:47:00 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.197
30/08/2005,23:47:00 AVGuard has been started successfully!
31/08/2005,00:46:31 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
31/08/2005,00:49:09 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
31/08/2005,03:32:15 [INFO] Stop Filter Device.
31/08/2005,03:32:16 AVGuard service has been stopped!
31/08/2005,03:33:00 ---------------------------------------------------------
31/08/2005,03:33:00 [INIT] The AVGuard Service is starting.
31/08/2005,03:33:01 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/08/2005,03:33:06 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/08/2005,03:33:06 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaadf27.
31/08/2005,03:33:06 [INFO] Start Filter Device.
31/08/2005,03:33:06 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.197
31/08/2005,03:33:06 AVGuard has been started successfully!
31/08/2005,03:41:28 ---------------------------------------------------------
31/08/2005,03:41:28 [INIT] The AVGuard Service is starting.
31/08/2005,03:41:30 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/08/2005,03:41:35 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/08/2005,03:41:35 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaadf37.
31/08/2005,03:41:35 [INFO] Start Filter Device.
31/08/2005,03:41:35 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.197
31/08/2005,03:41:35 AVGuard has been started successfully!
31/08/2005,12:49:18 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
31/08/2005,12:49:23 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
31/08/2005,19:47:57 WARNING: Is the Trojan horse TR/Dialer.KK!
C:\WINDOWS\SYSTEM32\DGPRPSETUP.EXE
31/08/2005,22:46:26 [INFO] Stop Filter Device.
31/08/2005,22:46:28 AVGuard service has been stopped!
31/08/2005,22:51:19 ---------------------------------------------------------
31/08/2005,22:51:19 [INIT] The AVGuard Service is starting.
31/08/2005,22:51:20 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
31/08/2005,22:51:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
31/08/2005,22:51:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaac0be.
31/08/2005,22:51:28 [INFO] Start Filter Device.
31/08/2005,22:51:28 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.197
31/08/2005,22:51:28 AVGuard has been started successfully!
01/09/2005,00:26:11 [INFO] Stop Filter Device.
01/09/2005,00:26:12 AVGuard service has been stopped!
01/09/2005,00:32:03 ---------------------------------------------------------
01/09/2005,00:32:03 [INIT] The AVGuard Service is starting.
01/09/2005,00:32:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/09/2005,00:32:11 [INFO] Start Filter Device.
01/09/2005,00:32:11 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.197
01/09/2005,00:32:11 AVGuard has been started successfully!
01/09/2005,00:32:14 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/09/2005,00:32:14 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa2ed8.
01/09/2005,00:32:53 [INFO] Stop Filter Device.
01/09/2005,00:32:54 AVGuard service has been stopped!
01/09/2005,01:01:44 ---------------------------------------------------------
01/09/2005,01:01:44 [INIT] The AVGuard Service is starting.
01/09/2005,01:01:45 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/09/2005,01:01:51 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/09/2005,01:01:51 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaade78.
01/09/2005,01:01:52 [INFO] Start Filter Device.
01/09/2005,01:01:52 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.197
01/09/2005,01:01:52 AVGuard has been started successfully!
01/09/2005,01:26:49 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been deleted!
01/09/2005,01:26:56 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been deleted!
01/09/2005,01:27:21 WARNING: Is the Trojan horse TR/Dialer.KK!
C:\WINDOWS\SYSTEM32\DGPRPSETUP.EXE
File has been deleted!
01/09/2005,13:27:04 WARNING: Is the Trojan horse TR/Qhost.QR!
C:\WINDOWS\SYSTEM32\HCLEAN32.EXE
File has been moved to quarantine directory!
01/09/2005,13:27:20 WARNING: Is the Trojan horse TR/Click.526!
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE
File has been moved to quarantine directory!
01/09/2005,14:03:47 [INFO] Stop Filter Device.
01/09/2005,14:03:47 AVGuard service has been stopped!
01/09/2005,14:04:33 ---------------------------------------------------------
01/09/2005,14:04:33 [INIT] The AVGuard Service is starting.
01/09/2005,14:04:34 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
01/09/2005,14:04:37 [INFO] Start Filter Device.
01/09/2005,14:04:37 AntiVirService Version: 6.31.00.01 AVE Version 6.31.1.0 VDF Version: 6.31.1.197
01/09/2005,14:04:37 AVGuard has been started successfully!
01/09/2005,14:04:44 [LOGON] Connection request by remote computer. Establishing secure communication channel.
01/09/2005,14:04:44 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa20aa.

Utilisateur anonyme · Answer

re
moe est plus doué que moi sur cette infection mais on va l imité hein?? lol
reposte un nouvel hijackthis + un rapport de ce prog:
Silentrunners
http://www.silentrunners.org/Silent%20Runners.vbs

a+

mektub · Answer

je ne voudrais me mêler de vos histoires ! :-)))

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"dmpgy.exe" = "C:\WINDOWS\system32\dmpgy.exe" [file not found]
"yaemu.exe" = "C:\WINDOWS\system32\yaemu.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cswxd.exe" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
"CoolMon Executable" -> shortcut to: "C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe" [null data]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 2 lines

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ADSLAutoconnect, ADSLAutoconnect, ""C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z" [null data]
AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 38 seconds, including 16 seconds for message boxes)

mektub · Answer

************************************************************************************************************************************************************************************************************************************************Logfile of HijackThis v1.99.1Scan saved at 15:04:58, on 01/09/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32
vsvc32.exeC:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\WINAMP\winampa.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Utils\coolmon\DaisyManSoftware\CoolMon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\Utils\highjackthis\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /minO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStartO4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 195.95.218.4,85.255.112.9O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 195.95.218.4,85.255.112.9O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 195.95.218.4 85.255.112.9O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

mektub · Answer

ça à l'air chaud cette histoire ou bien ?

mektub · Answer

je sais que je ne suis pas tout seul, mais vous ne m'avez pas oublié !?

Utilisateur anonyme · Answer

re,bon j ai vu 2 problemes mais je prefere que moe explique, peux tu attendre? il va pas tarder, d ici 1hdesole

jean38 · Answer

Regis,

tu penses à çà ??

HKLM.....\Run

"dmpgy.exe" = "C:\WINDOWS\system32\dmpgy.exe" [file not found]
"yaemu.exe" = "C:\WINDOWS\system32\yaemu.exe" [null data]

et

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cswxd.exe" [null data]

moe confirmera mais... j'ai vu que mona a fait que faire fixer les ligne hijack au debut sans virer les exe. Si un coup de kill box moi je mettrais tout edans non??

enfin Moe viendra tout à l'heure pour analyse.

mektub · Answer

c'est à dire que je dois partir à 17h00, je bosse à 40km de chez moi...

c'est le pc de mes parents, et j'avais pas prévu de revenir chez eux avant dimanche !

ça m'embête un peu de leur laisser un pc viruser pendant tout ce temps !?

sinon, il faudrait que je revienne ce soir, mais seulement à partir de 23h00, moe, ou toi même êtes encore derrière votre bécane à cette heure ci ?

Utilisateur anonyme · Answer

re,
ouai surtout les 2 premieres !
J ai vu que moe a deja analyser la chose en reunissant tout ce qu il a vu sur differents forum, donc connait bien le sujet, j aimerais qu il m explique sur ce point
Perso j utiliserais la kill box pour les 2premiers

a+

jean38 · Answer

regis  regarde làhttp://forums.spywareinfo.com/lofiversion/index.php/t53198.html

mektub · Answer

ok, ben ça à l'air d'être coriace cette histoire, donc le mieux, je pense serait que vous me laissiez un post avec la marche à suivre que je ferai dimanche !

ça ne craint pas de le laisser en l'état pendant tout ce temps ?

Je dois bientôt bouger !

Utilisateur anonyme · Answer

re jean, moi c est quentin ;-) lolexact, ils font parti tous les 2 de l infection, a supprimer avec la killje te laisse le soin de detailler lol

mektub · Answer

je suis entrain de chercher où telecharger la kill box... ...

mektub · Answer

vous en avez pas un ?  un lien ?

mektub · Answer

c'est bon j'en ai trouvé un sur : http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/trojan_et_spywares/downloadtrojan_reqddl_killbox_ca_marche-389341/messages-1.htmlj'attends vos instruction, à moins que ce que j'ai trouvé ne corresponde pas à ce que vous voulez que je j'utilise !!

mektub · Answer

voila, je suis de retour.est-ce que moe, regis, quentin ou autre est là ? Les 2 virus sont encore présents sur le pc.a+?

Utilisateur anonyme · Answer

salut mektubremet un hijack this+silent runnerA+PS:Quentin = regis lol ;-)

mektub · Answer

voilà pour le highjackthis:Logfile of HijackThis v1.99.1Scan saved at 12:09:12, on 04/09/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32
vsvc32.exeC:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\WINAMP\winampa.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Utils\coolmon\DaisyManSoftware\CoolMon.exeD:\emule\emule.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Utils\highjackthis\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /minO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorunO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStartO4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htmO9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htmO9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htmO9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htmO9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 195.95.218.4,85.255.112.9O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 195.95.218.4,85.255.112.9O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 195.95.218.4 85.255.112.9O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

mektub · Answer

et voilà pour silent runners: "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"dmpgy.exe" = "C:\WINDOWS\system32\dmpgy.exe" [file not found]"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]"hgqhp.exe" = "C:\WINDOWS\system32\hgqhp.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\INFECTION WARNING! "System" = "cszcv.exe" [null data]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]PromtMenu\(Default) = "{179A4540-F689-11d3-BEDC-00E0290CDC2F}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PROMT5\PROMT\prmshell.dll" ["PROject MT, Ltd."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

balltrap34 · Answer

saluttelecharge cecihttp://www.downloads.subratam.org/l2mfix.exedecompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2ensuite avec la killboxKill Box :       (ici)               http://www.florensac-chasse-trap.com/   section virusdemo    http://pageperso.aol.fr/balltrap34/killbox.htmutilise le avec la methode bloc note (voir demo)avec cecicszcv.exeC:\WINDOWS\system32\dmpgy.exeC:\WINDOWS\system32\hgqhp.exeet stp enleve moi du demarrage auto emule

mektub · Answer

voilà, j'ai tout fait.tu veux que je t'envoi un highjackthis, ou c'est pas la peine ?J'ai lancé un coup d'ad aware, mais il bloque toujours au même endroit.merci beaucoup pour ton aide ! _mektub

Utilisateur anonyme · Answer

remet un silent runnera+

mektub · Answer

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"dmpgy.exe" = "C:\WINDOWS\system32\dmpgy.exe" [file not found]"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]"yaemu.exe" = "C:\WINDOWS\system32\yaemu.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\INFECTION WARNING! "System" = "cspyx.exe" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]PromtMenu\(Default) = "{179A4540-F689-11d3-BEDC-00E0290CDC2F}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PROMT5\PROMT\prmshell.dll" ["PROject MT, Ltd."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Startup items in "Administrateur" & "All Users" startup folders:----------------------------------------------------------------C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage"CoolMon Executable" -> shortcut to: "C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe" [null data]C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKLM\Software\Microsoft\Internet Explorer\Toolbar\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]Extensions (Tools menu items, main toolbar menu buttons)HKCU\Software\Microsoft\Internet Explorer\Extensions\{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\"ButtonText" = "Traduction""MenuText" = "Traduire""Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\"MenuText" = "Personnaliser les options de traduction""Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\"ButtonText" = "Traduction""MenuText" = "Traduire""Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\"MenuText" = "Personnaliser les options de traduction""Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 2 linesRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------ADSLAutoconnect, ADSLAutoconnect, ""C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z" [null data]AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

mektub · Answer

Balltrap m'avait demandé de virer le lancement d'emule au démarage, pour ce faire, c'est bien dans msconfig non ?

Utilisateur anonyme · Answer

Avec la kill box,supprime:C:\WINDOWS\system32\dmpgy.exeC:\WINDOWS\system32\yaemu.exeoui pour emule !A+

mektub · Answer

ok c'est fait

Utilisateur anonyme · Answer

remet silent runner

Utilisateur anonyme · Answer

saluttelecharge ce prog ici:http://get.yourfile.net/rb76127.zipdezippe le et lance hc.batcopie et colle le rapport du bloc notes icireposte un hijack et un silentrunnerset ne redemarre pas ton pca+

mektub · Answer

désolé ça fait 2 fois que je reboot après être allé dans msconfig > demarrage et décoché emule, mais il revient toujours au demarrage.je fais quelque chose de travers ou quoi ? et comme par hasard ad aware bloque sur h key local machine_software........ "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"dmpgy.exe" = "C:\WINDOWS\system32\dmpgy.exe" [file not found]"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]"hgqhp.exe" = "C:\WINDOWS\system32\hgqhp.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

mektub · Answer

attendez, là c'est la meilleure !je réduis la fenêtre du forum pour aller sur mon bureau et il y a un logiciel qui s'est mis dessus !!!un anti spy ware du nom de UnSpyPcvous connaissez ?Je ne l'ai ni telechargé et encore moins installé !!!qu'est ce que c'est que ce truc ?vous m'avez envoyez quelque chose ???

mektub · Answer

j'ai desinstallé "unspypc"c'est un logiciel payant. sinon est ce que je peux me permettre de faire un p'tit up ?A+?_mektub

Utilisateur anonyme · Answer

salutquel est le probleme exactement ?a+

mektub · Answer

salut Moe, enfin je te parle !  lolok, en fait j'avais 2 trojan:real mona et regis59 ont interpreté des log highjackthis et regis59 + balltrap des log hihjjack + silent runner, ensuite ils m'ont fait passer la kill box, et visiblement ils ont l'air d'avoir disparu.je n'avais pas de symptôme particulier, juste antivir qui me prévenait qu'il y avait 2 trojan et qui maintenant ne me prévient plus, pourvu que ça tienne...le seul hic, c'est quand je lance un coup d'ad aware, il bloque toujours au même endroit.H KEY LOCAL MACHINE/software... impossible de connaitre le suite de l'adresse car ad aware n'en dis pas plus...et là je viens d'avoir un logiciel qui s'est installé tout seul > UnSpyPcaprès quelques recherches sur le net, je ne trouve que 5 ou 6 sites anglais qui explique en gros que c'est un logiciel qui surpasse les performance de ad aware et spybot réunis.....y a t-il anguille sous roche ?Ou plutôt comme je disais à un pote: baleine sous gravillon !!?voilà, donc le prob c'est qu'ad aware bloque... alors qu'il ne bloquait pas quand real mona s'occupait de moi...

Utilisateur anonyme · Answer

salutpour UnSpyPc, supprime ce programmeTu trouve pas bizarre qu'un logiciel s'installe tout seul sans rien te demander ?pour ad-aware, rien à voir avec les personnes qui se sont occupé de toi, l'infection à peut etre empiré depuis.telecharge ce prog ici: http://get.yourfile.net/rb76127.zip dezippe le et lance hc.bat copie et colle le rapport du bloc notes ici reposte un hijack et un silentrunners et ne redemarre pas ton pc a+

Utilisateur anonyme · Answer

salut moe,j ai une tite question:pour l infection hclean, suffit de lancer silent runner et supp les fichiers mauvais qui s y trouve ou tu as une manip speciale?a++

mektub · Answer

si bien sûr que j'ai trouvé ça bizarre, je l'ai viré ! d'où l'anguille sous roche ! et même pire :  la baleine sous gravillon !!!BREF !voici le premier rapport:Rapport fait à 15:58:03,67 le 04/09/2005Executé à partir de C:\Utils\hcOS: Microsoft Windows XP [version 5.1.2600]Recherche registre ...! REG.EXE VERSION 3.0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run    SiSUSBRG	REG_SZ	C:\WINDOWS\SiSUSBrg.exe    Cmaudio	REG_SZ	RunDll32 cmicnfg.cpl,CMICtrlWnd    SpeedTouch USB Diagnostics	REG_SZ	"C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon    AVGCtrl	REG_SZ	C:\Program Files\AVPersonal\AVGNT.EXE /min    NeroFilterCheck	REG_SZ	C:\WINDOWS\system32\NeroCheck.exe    NvCplDaemon	REG_SZ	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup    nwiz	REG_SZ	nwiz.exe /install    NvMediaCenter	REG_SZ	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit    WinampAgent	REG_SZ	"C:\Program Files\WINAMP\winampa.exe"    SunJavaUpdateSched	REG_SZ	C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe    PROMT Integrator	REG_SZ	"C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun    MSConfig	REG_SZ	C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto    slamm	REG_SZ	driver32.exe    uio	REG_SZ	zantu.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents! REG.EXE VERSION 3.0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon    system	REG_SZ	Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]"pgtshlld"=hex:55,4c,00,00,2c,5c,64,10,7d,74,79,08,56,67,28,57,14,00,00,00"nidnsdr"=hex:51,52,00,00,56,28,61,12,00,07,7a,b2,63,14,53,13,00,00,00"23naelch"=hex:e8,54,00,00,c5,d6,f1,e0,fc,eb,de,d7,c3,90,85,a0,14,00,00,00"aplnsftn"=hex:e2,5b,00,00,c5,cb,ed,f8,e5,f3,97,8e,c5,9a,bf,aa,14,00,00,00"23rtcdaol"=hex:e7,57,00,00,c6,cb,ed,e6,ff,e6,9c,d7,cc,c8,a9,b2,b9,15,00,00,00"ygpmd"=hex:ed,47,00,00,c4,c7,f8,f9,d3,a6,97,a8,87,11,00,00,00"7"=hex:c7,66,00,00,ba,b7,96,81,9d,88,3f,34,20,f1,da,c1,14,00,00,00"8"=hex:c7,66,00,00,ac,b6,9f,98,9e,8d,f0,38,f9,e2,c9,13,00,00,00"9"=hex:c7,66,00,00,a0,a6,88,97,80,8e,f2,e5,20,f1,da,c1,14,00,00,00"10"=hex:7f,18,00,00,72,7f,4e,49,55,50,77,7c,78,39,12,09,14,00,00,00"11"=hex:7f,18,00,00,64,7e,57,40,56,55,28,60,31,2a,01,13,00,00,00"12"=hex:7f,18,00,00,78,6e,40,5f,58,56,2a,2d,78,39,12,09,14,00,00,00"13"=hex:5e,60,00,00,53,5c,6f,6e,0a,71,54,5d,59,1e,33,2e,14,00,00,00"14"=hex:5e,60,00,00,45,5f,74,61,77,7a,09,41,16,0b,26,13,00,00,00"15"=hex:5e,60,00,00,59,4f,61,7c,79,77,0b,72,59,1e,33,2e,14,00,00,00"16"=hex:f0,2e,00,00,cd,ce,f9,f8,e4,e3,e6,ef,cb,88,8d,b8,14,00,00,00"17"=hex:f0,2e,00,00,f7,c9,c6,f3,e1,e4,9b,d3,80,b5,b0,13,00,00,00"18"=hex:25,2f,00,00,06,04,2e,35,26,2c,50,4b,86,57,78,67,14,00,00,00"19"=hex:32,2a,00,00,0f,08,3b,3a,26,1d,a0,a9,b5,4a,4f,7a,14,00,00,00"20"=hex:63,2a,00,00,40,5a,73,7c,72,71,14,5c,1d,06,2d,13,00,00,00"21"=hex:63,2a,00,00,44,4a,6c,7b,64,72,16,09,44,15,3e,25,14,00,00,00"22"=hex:03,3f,00,00,fe,fb,ca,c5,d1,cc,f3,f8,e4,b5,9e,85,14,00,00,00"23"=hex:37,3f,00,00,3c,06,0f,08,2e,1d,60,a8,49,72,79,13,00,00,00"24"=hex:37,3f,00,00,30,36,38,07,10,1e,62,55,b0,41,4a,71,14,00,00,00"25"=hex:53,75,00,00,2e,2b,1a,15,01,7c,43,48,54,65,2e,55,14,00,00,00"26"=hex:53,75,00,00,50,2a,63,6c,02,01,04,4c,6d,16,5d,13,00,00,00"27"=hex:ed,75,00,00,ce,fc,f6,cd,ee,e4,98,83,ce,8f,80,bf,14,00,00,00"29"=hex:e8,41,00,00,c5,d6,f1,e0,fc,eb,de,d7,c3,90,85,a0,14,00,00,00"30"=hex:1c,42,00,00,1b,1d,2a,27,35,38,4f,87,54,49,64,13,00,00,00"31"=hex:4d,42,00,00,2e,5c,16,6d,0e,04,78,63,ae,6f,20,5f,14,00,00,00"32"=hex:4c,15,00,00,21,32,1d,1c,18,07,ba,b3,af,6c,21,5c,14,00,00,00"33"=hex:4c,15,00,00,2b,2d,1a,17,05,08,7f,b7,64,19,54,13,00,00,00"34"=hex:80,15,00,00,7b,69,43,5e,5b,51,35,2c,7b,38,1d,08,14,00,00,00"35"=hex:c0,1d,00,00,bd,be,89,88,94,93,36,3f,3b,f8,dd,c8,14,00,00,00"36"=hex:c0,1d,00,00,a7,b9,96,83,91,94,eb,23,f0,e5,c0,13,00,00,00"37"=hex:f4,1d,00,00,f7,f5,ff,ca,d7,dd,a1,98,f7,84,89,b4,14,00,00,00"38"=hex:59,13,00,00,54,21,60,13,0f,7a,49,46,52,63,34,53,14,00,00,00"39"=hex:8d,13,00,00,6a,6c,a5,56,44,4b,3e,76,27,d8,17,13,00,00,00"40"=hex:be,13,00,00,b9,af,81,9c,99,97,eb,d2,39,fe,d3,ce,14,00,00,00"41"=hex:17,5b,00,00,ea,e7,26,d1,cd,38,8f,84,90,a1,6a,91,14,00,00,00"42"=hex:48,5b,00,00,2f,31,1e,1b,19,0c,73,bb,78,1d,48,13,00,00,00"43"=hex:48,5b,00,00,23,21,0b,16,03,09,7d,64,a3,70,25,40,14,00,00,00"44"=hex:68,70,00,00,45,56,71,60,7c,6b,5e,57,43,10,05,20,14,00,00,00"45"=hex:68,70,00,00,4f,51,7e,7b,79,6c,13,5b,18,3d,28,13,00,00,00"46"=hex:9d,70,00,00,9e,8c,a6,bd,be,b4,c8,33,1e,df,f0,ef,14,00,00,00"47"=hex:86,08,00,00,7b,74,57,46,52,49,7c,75,61,36,1b,06,14,00,00,00"48"=hex:b7,08,00,00,bc,86,8f,88,ae,9d,e0,28,c9,f2,f9,13,00,00,00"49"=hex:eb,08,00,00,cc,c2,f4,f3,ec,ea,9e,81,cc,8d,86,bd,14,00,00,00"50"=hex:26,13,00,00,1b,14,37,26,32,29,9c,95,81,56,7b,66,14,00,00,00"51"=hex:5a,13,00,00,59,23,68,65,0b,7e,0d,45,6a,0f,5a,13,00,00,00"52"=hex:eb,35,00,00,cc,c2,f4,f3,ec,ea,9e,81,cc,8d,86,bd,14,00,00,00"53"=hex:8b,04,00,00,66,73,52,5d,59,44,7b,70,6c,2d,e6,1d,14,00,00,00"54"=hex:f0,04,00,00,f7,c9,c6,f3,e1,e4,9b,d3,80,b5,b0,13,00,00,00"55"=hex:24,05,00,00,07,05,2f,3a,27,2d,51,48,87,54,79,64,14,00,00,00"56"=hex:d0,30,00,00,ad,ae,99,98,84,83,c6,cf,2b,e8,ad,d8,14,00,00,00"57"=hex:02,33,00,00,e1,fb,d0,dd,d3,d6,b5,fd,b2,a7,82,13,00,00,00"58"=hex:33,33,00,00,34,3a,3c,0b,14,22,66,59,b4,45,4e,75,14,00,00,00"59"=hex:ff,67,00,00,f2,ff,ce,c9,d5,d0,f7,fc,f8,b9,92,89,14,00,00,00"60"=hex:30,68,00,00,37,09,06,33,21,24,5b,93,40,75,70,13,00,00,00"61"=hex:95,68,00,00,96,94,5e,a5,b6,bc,c0,3b,16,27,e8,17,14,00,00,00"refaselif"=hex:3f,69,00,00,30,35,0e,09,07,1d,60,69,64,b0,41,5a,51,15,00,00,00Recherche presence  hclean32.exe... non trouvé...cool bonne nouvelle !!!!!

mektub · Answer

Logfile of HijackThis v1.99.1Scan saved at 16:00:38, on 04/09/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32
vsvc32.exeC:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\WINAMP\winampa.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeD:\emule\emule.exeC:\WINDOWS\System32\alg.exeC:\Utils\coolmon\DaisyManSoftware\CoolMon.exeC:\Program Files\PROMT5\INTEGRAL\pinmenu.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Utils\highjackthis\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ED89417C-9282-BC2C-9C74-9AECD6A6E5A1} - InpriseMon.dll (file missing)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /minO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorunO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [slamm] driver32.exeO4 - HKLM\..\Run: [uio] zantu.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStartO4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"O4 - HKCU\..\Run: [ms-its] DCC_send.exeO4 - HKCU\..\Run: [cnftips] slamm.exeO4 - HKCU\..\Run: [TorontoMail] driver32.exeO4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htmO9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htmO9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htmO9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htmO9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 195.95.218.4,85.255.112.9O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 195.95.218.4,85.255.112.9O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 195.95.218.4 85.255.112.9O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

mektub · Answer

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]"UnSpyPC" = ""C:\Program Files\UnSpyPC\UnSpyPC.exe"" [file not found]"ms-its" = "DCC_send.exe" [file not found]"cnftips" = "slamm.exe" [file not found]"TorontoMail" = "driver32.exe" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"dmpgy.exe" = "C:\WINDOWS\system32\dmpgy.exe" [file not found]"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]"slamm" = "driver32.exe" [file not found]"uio" = "zantu.exe" [file not found]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Utils\spy boot\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\INFECTION WARNING! "System" = "cslof.exe" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]PromtMenu\(Default) = "{179A4540-F689-11d3-BEDC-00E0290CDC2F}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PROMT5\PROMT\prmshell.dll" ["PROject MT, Ltd."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Utilisateur anonyme · Answer

ok, je regarde tout ca est le te met la manipne redemarre pas ton pca+

Utilisateur anonyme · Answer

merci moe

mektub · Answer

c'est clair merci à toi, mais je n'oubli pas les autres non plus !fais plaisir de voir qu'il y a de l'entraide de nos jours...pas d'prob je ne redémarre pas, j'attends les instructions.en attendant, j'vais chercher un p'tit café moua... ... ...

Utilisateur anonyme · Answer

paye moi un ptit coup lol

mektub · Answer

ne me prends pas au mot, je bouge à Lillie fin du mois !  lol

Utilisateur anonyme · Answer

hummm interressant

mektub · Answer

lolmektub en tant que pseudo ne défini ni un être masculin, ni féminin..... mais au risque de te décevoir, j'ai un chromosome en moins ! lol

Utilisateur anonyme · Answer

ben bon ben , euh, mince, grrrrrSi tu viens sur Lille et que tu as de charmantes copines, hummm, je te laisse mon num lol: 0368020214A contacter apres 14h lol

Utilisateur anonyme · Answer

Imprime, ou enregistre la manip dans le bloc note pour etre sur ne rien oublier et de tout faire dans l'ordreFerme toutes les fenetres de tous les programmes en coursSi tu as spybot:Désactive le temps de la manip, le Tea timer de spybotlance spybot >> mode avancé >> outils >> résidentDécoche la case résident "tea timer"referme spybot(n'oublie pas de le remettre après la manip) Lance hijackthis et clic sur [do a system scan only]cocher la case au début des lignes suivantes:O17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 195.95.218.4,85.255.112.9 O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 195.95.218.4,85.255.112.9 O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 195.95.218.4 85.255.112.9 valider en cliquant sur [fix checked]/!\ si ces lignes n'apparaissent pas, il faut te connecter avant de lancer hijackthis-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_Déconnecte toi d'internet c'est importantpuis vérifie ceci:demarrer > connection > clic droit sur ta connection > propriétésgestion de reseau assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"valide avec ok-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Rend visible les fichiers cachés et systeme panneau de configuration > options des dossiers > onglet affichage Cocher la case devant " afficher les fichiers et dossiers cachés "Décocher la case devant " masquer les extentions des fichiers dont le type est connu" Décocher la case devant " masquer les fichiers protégés du système"clic sur [Appliquer] puis sur [ok] pour valider-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Vide le cache de tous tes navigateurs et supprime les cookies:Pour Internet Explorer:* Panneau de configuration >> Options internet >> Onglet "Général"- Clic sur [supprimer les cookies]- Clic sur [Supprimer les fichiers] et coche la case "Supprimer tout le contenu hors connexion"Valide avec ok-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Lance hijackthis et clic sur [do a system scan only]cocher la case au début des lignes suivantes:R3 - URLSearchHook: (no name) - {ED89417C-9282-BC2C-9C74-9AECD6A6E5A1} - InpriseMon.dll (file missing) O4 - HKLM\..\Run: [slamm] driver32.exe O4 - HKLM\..\Run: [uio] zantu.exe O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe" O4 - HKCU\..\Run: [ms-its] DCC_send.exe O4 - HKCU\..\Run: [cnftips] slamm.exe O4 - HKCU\..\Run: [TorontoMail] driver32.exe valider en cliquant sur [fix checked]-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Recherche et supprime:s'ils sont présents, supprime:C:\WINDOWS\system32\cslof.exeC:\WINDOWS\system32\dmpgy.exeC:\WINDOWS\SYSTEM32dsndin.exe C:\WINDOWS\SYSTEM32\loadctr32.exeC:\WINDOWS\SYSTEM32
tfsnlpa.exeC:\WINDOWS\SYSTEM32\dllhstgp.exezantu.exedriver32.exeDCC_send.exeslamm.exeC:\Program Files\UnSpyPCC:\Program Files\WareOut-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ouvre le bloc note et copie et colle ceci à l'interieur:REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersionuins][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion] "Disabled"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionuins][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]  "dmpgy.exe"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"=- "System"="" [-HKEY_LOCAL_MACHINE\SOFTWARE\WareOut] Puis enregistrer sous et dans: Nom du fichier, met fix.reg Type de fichier: selectionne "tous les fichiers" clic sur enregistrer ensuite double clic sur fix.reg et accepte de fusionner-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Redémarre en mode sans échec Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.  Choisis le mode sans échec dans les options et valide avec entrée.Ensuite, tres important::: Supprimer les fichiers temporaires ::vider tout le contenu des dossiers Temp:* C:\Documents and Settings	on compte\Local Settings\Temp* C:\Documents and Settings	ous les autres comptes\Local Settings\Temp* C:\Windows\Temp:: Le contenu du dossier prefetch ::* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_passe ad aware et supprime tout ce qu'il trouve-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_redemarre le pc et fais un scan ici, et poste le rapport:http://www.bitdefender.frNe pas oublier après les manips de recacher les fichiers systeme dans les options des dossiers.a+

mektub · Answer

bitdefender n'a pas encore tout à fait terminer le log, mais il y a un trjan droper.vidro Uje t'envoi le rapport dans un istant..._mektub

mektub · Answer

RAPPORT 1BitDefender Online Scanner - Rapport virus en temps réel     Généré à: Sun, Sep 04, 2005 - 18:00:24 --------------------------------------------------------------------------------      Info d'analyse     Fichiers scannés 87395 Infectés Fichiers 5            Virus Détectés     Trojan.Dropper.Vidro.U 5        ******************************************************************************************************************************************************************RAPPORT 2BitDefender Online Scanner     Rapport d'analyse généré à: Sun, Sep 04, 2005 - 17:57:15       Voie d'analyse: C:\;D:\;E:\;F:\;G:\;           Statistiques Temps 00:20:40 Fichiers 87343 Directoires 1818 Secteurs de boot 5 Archives 1050 Paquets programmes 10027      Résultats Virus identifiés 1 Fichiers infectés 5 Fichiers suspects 0 Avertissements 0 Désinfectés 0 Fichiers effacés 5      Info sur les moteurs Définition virus 204533 Version des moteurs AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29) Analyse des plugins 13 Archive des plugins 39 Unpack des plugins 4 E-mail plugins 6 Système plugins 1      Paramètres d'analyse Première action Désinfecté Seconde Action Supprimé Heuristique Oui Acceptez les avertissements Oui Extensions analysées exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas; Excludez les extensions   Analyse d'emails Oui Analyse des Archives Oui Analyser paquets programmes Oui Analyse des fichiers Oui Analyse de boot Oui        Fichier analysé  Statut C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000041.exe Infecté par: Trojan.Dropper.Vidro.U C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000041.exe Echec de la désinfection C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000041.exe Supprimé C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000078.exe Infecté par: Trojan.Dropper.Vidro.U C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000078.exe Echec de la désinfection C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000078.exe Supprimé C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000125.exe Infecté par: Trojan.Dropper.Vidro.U C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000125.exe Echec de la désinfection C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000125.exe Supprimé C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000148.exe Infecté par: Trojan.Dropper.Vidro.U C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000148.exe Echec de la désinfection C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000148.exe Supprimé C:\WINDOWS\system32\cslof.exe Infecté par: Trojan.Dropper.Vidro.U C:\WINDOWS\system32\cslof.exe Echec de la désinfection C:\WINDOWS\system32\cslof.exe Supprimé

mektub · Answer

dsl pour la mise en page du post... :-\

mektub · Answer

petite question, le scan sur bitdefender je devais le passer en ayant les fichiers système cachés ou non ?

Utilisateur anonyme · Answer

Apparement bitdefender, à supprimé les fichiers concernésreposte un hijack et un silentrunners pour voira+

mektub · Answer

Logfile of HijackThis v1.99.1Scan saved at 19:07:38, on 04/09/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\WINAMP\winampa.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\PROMT5\INTEGRAL\pinmenu.exeC:\Utils\coolmon\DaisyManSoftware\CoolMon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXED:\emule\emule.exeC:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exeC:\Utils\highjackthis\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /minO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorunO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStartO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exeO4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htmO9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htmO9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htmO9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htmO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 80.10.246.130 80.10.246.3O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXEO23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

mektub · Answer

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]"SpybotSD TeaTimer" = "C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

Utilisateur anonyme · Answer

reil manque un bout de silentrunners, lol

mektub · Answer

sans commentaires, ça oit être la fatigue...j'ai pas dormi depuis 24h00 ... ... ... ... ... "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]"SpybotSD TeaTimer" = "C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]

Utilisateur anonyme · Answer

idem lol, sacree fatigue !!Laisse qqs minutes avant d ouvrir le fichiera+

mektub · Answer

ok j'ai attendu le message de confirmation, voici le log complet:"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]"SpybotSD TeaTimer" = "C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]PromtMenu\(Default) = "{179A4540-F689-11d3-BEDC-00E0290CDC2F}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PROMT5\PROMT\prmshell.dll" ["PROject MT, Ltd."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Startup items in "Administrateur" & "All Users" startup folders:----------------------------------------------------------------C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage"CoolMon Executable" -> shortcut to: "C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe" [null data]C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKLM\Software\Microsoft\Internet Explorer\Toolbar\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]Extensions (Tools menu items, main toolbar menu buttons)HKCU\Software\Microsoft\Internet Explorer\Extensions\{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\"ButtonText" = "Traduction""MenuText" = "Traduire""Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\"MenuText" = "Personnaliser les options de traduction""Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\"ButtonText" = "Traduction""MenuText" = "Traduire""Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\"MenuText" = "Personnaliser les options de traduction""Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]{85D1F590-48F4-11D9-9669-0800200C9A66}\"MenuText" = "Uninstall BitDefender Online Scanner v8""Exec" = "%windir%\bdoscandel.exe" [null data]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 2 linesRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------ADSLAutoconnect, ADSLAutoconnect, ""C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z" [null data]AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 5 seconds.+ The search for all Registry CLSIDs containing dormant Explorer Bars  took 18 seconds.---------- (total run time: 45 seconds)

Utilisateur anonyme · Answer

pour moi ca a l'air ok, et de ton coté ?tu peux aussi vérifier ton fichier hosts, pour voir s'il ne contient pas autre chose que:127.0.0.1 localhost+ les sites bloqués par spybotest ce que ad-aware bute toujours sur la clé ?a+

mektub · Answer

alors ad aware tourne nikel, par contre si tu pouvais juste encore me dire comment vérifier les host et les sites bloqué par spybot, ce serait cool...merci ?

Utilisateur anonyme · Answer

tu relance hijackthis, clic sur [Open the misc tools section] clic sur [Open hosts files manager]ca devrait ressembler à ca:http://cjoint.com/?jeuVx7Lc8Pa+

mektub · Answer

ok merci, ben j'crois bien que ça m'a l'air bon, y'a jusye une ligne avec 127.0.0.1 localhost + 2 exemples juste au dessus.c'est bon ?si c'est bon je te remercie (et mes parents aussi) mille fois !ah, mon père te fait une bise sur la fesse gauche !  lol

Utilisateur anonyme · Answer

euh, normallement tu devrais avoir juste les 2 exemples comme dans l'imageje voulais que tu vérifie car le trojan rajoute ceci dans le fichier hostslocalhost 127.0.0.1 <- mauvaisvérifie une derniere fois

mektub · Answer

j'ai bien 2 lignes en exemple rhino acme.comx.acme.comet juste en dessous127 001 localhostça craint ?

Utilisateur anonyme · Answer

non c'est nickel au contraireben, si d'ici quelques heures tout est ok, on pourra dire que c'est gagné ;-)a++

mektub · Answer

aaaaaaah,  j'viens de finir de (bien) manger, et j'vais au pc, avec un peu d'apréhension....... que va me dire moe ?bonne nouvelle, mauvaise nouvelle ?  et finalement s'en est une bonne, la soirée commence bien !vais m'poser tranquillement devant un film et si je m'endors pas devant je passerai te dire si tout va bien ou non.....sinon, je vous posterai un p'tit message demain...En tout cas merci pour tout, vraiment, ça fait plaisir._mektubPS: 97 posts, je rentre dans le top 10 ou pas ? lol

Utilisateur anonyme · Answer

ok, tiens nous au courantet bon film ;-)pour le top 10, j'espère pour toi que tu vas pas y rentrer,faudrait faire + de 100/120 posts lolca voudrait dire que ton prob n'est pas résolu.a+++

balltrap34 · Answer

salut moe j est jeter un coup d oeil sur se trojan avec sophosplusieurs versions lol une salo***** de plus lol

Utilisateur anonyme · Answer

salut balltrapoui, une belle mer*e de plus, comme si il y en avait pas assez...tu te fais rare en ce moment ?a+

balltrap34 · Answer

oui j est souvent du monde a la maison ou ont est inviterle moi de septembre et octobre je suis tres pris lol

Utilisateur anonyme · Answer

bah, tu as raison, en faut profitery a rien de mieux qu'un bon repas entres amis lola+

balltrap34 · Answer

oui et ces mois et jusqua la fin de l annee c est fou le nombre d anniversaire a feter

mektub · Answer

après quasi 24h00 après les dernières manip que vous m'avez demander d'effectuer, je n'ai constaté aucune anomalie, je n'ai eu aucun message d'anti vir me signalant la présence d'éventuel virus, ad aware tourne normalement, que demander de plus !PARFAIT.Merci à toute l'équipe (real mona, regis59, moe, balltrap, bonne continuation à vous tous)_mektub

Utilisateur anonyme · Answer

salut mektubmerci d'avoir donné de tes nouvelles.Vraiment content pour toi ;-)a+

Demande d'aide suite à un rapport highjack

103 réponses

Votre réponse

Discussions similaires

Newsletters