Rapport HijackThis

nassim -  
 Utilisateur anonyme -
voici le raport:

Logfile of HijackThis v1.99.1
Scan saved at 22:15:35, on 08/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
\Red\D\Programs\Install_MSN_Messenger.EXE
C:\DOCUME~1\karim\LOCALS~1\Temp\IXP000.TMP\bootstrap.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Documents and Settings\karim\Bureau\HijackThis\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\System32\ssqpm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ids32] rundll32.exe C:\WINDOWS\System32\ids32.dll,start
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad18.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname18.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\RunServices: [Windows ASN Services] ifct.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECDCF6E-4A59-4381-A0E5-511BF367E371}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\l4r00e9meh.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\SYSTEM32\ssqpm.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\system32\keys.exe (file missing)

8 réponses

  1. Utilisateur anonyme
     
    Salut,

    Télécharge l2mfix ici:
    http://www.downloads.subratam.org/l2mfix.exe
    double clique sur l2mfix.exe pour lancer l'extraction.
    dans le dossier l2mfix, double clique sur l2mfix.bat et choisis l'option 1 et valide avec la touche entrée
    il va te generer un rapport
    Copie et colle le resultat ici s'il te plait.
    0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    BONSOIR !!!

    et belle infection

    Vundo + look2me ...

    Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe

    - Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
    - Dézipper l2mfix.exe sur le bureau ;
    - Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
    - Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
    => Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.

    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
  3. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Grillée Green ... ;-)
    0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    mdr !!!

    avec Boulepate, c'est normal ... trop rapide !

     mince, j'avais pas vu 8-)
    0
    1. Utilisateur anonyme
       
      lOl GrilleD :P

      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. nassim
     
    Merci les gars!

    L2MFIX find log 032106
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\l4r00e9meh.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpm]
    "Asynchronous"=dword:00000001
    "DllName"="ssqpm.dll"
    "Impersonate"=dword:00000000
    "Logon"="Logon"
    "Logoff"="Logoff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{C6CF8FBF-6DFC-5224-8284-DCCC4D0D7CE0}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{EE1BD36D-C585-4B19-AD01-1AF194582FBC}"=""
    "{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}"=""
    "{F9936C52-0553-4346-9D1E-00A8971FB2A2}"=""
    "{D539357D-B83A-4928-BCF1-2E86FC313A79}"=""
    "{6ED97466-15B3-4E99-922B-6083AAF1B22E}"=""
    "{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kjdest.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oee2nls.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\agsldp.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    en4sl1~1.dll Mon 8 May 2006 20:25:18 ..S.R 236 013 230,48 K
    hr4605~1.dll Mon 8 May 2006 21:19:24 ..S.R 235 107 229,59 K
    irj8l5~1.dll Mon 8 May 2006 21:19:32 ..S.R 234 915 229,41 K
    j80s0i~1.dll Mon 8 May 2006 20:50:16 ..S.R 234 272 228,78 K
    kjdest.dll Mon 8 May 2006 20:34:02 ..S.R 234 272 228,78 K
    l4r00e~1.dll Mon 8 May 2006 22:26:22 ..S.R 235 083 229,57 K
    o0ro0a~1.dll Mon 8 May 2006 22:30:54 ..S.R 235 869 230,34 K
    oee2nls.dll Mon 8 May 2006 20:47:16 ..S.R 234 272 228,78 K
    p0n80a~1.dll Mon 8 May 2006 20:25:24 ..S.R 234 352 228,86 K
    qghumeay.dll Mon 8 May 2006 20:36:18 A.... 17 408 17,00 K
    rmz.dll Thu 13 Apr 2006 14:34:52 A.... 38 925 38,01 K
    ssqpm.dll Thu 13 Apr 2006 14:34:52 ..... 38 925 38,01 K
    __dele~1.dll Mon 8 May 2006 22:26:12 A.... 234 462 228,96 K
    __dele~2.dll Mon 8 May 2006 22:28:54 A.... 235 869 230,34 K
    __dele~3.dll Mon 8 May 2006 22:40:12 A.... 235 083 229,57 K

    15 items found: 15 files (9 H/S), 0 directories.
    Total of file sizes: 2 914 827 bytes 2,78 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Mon 8 May 2006 22:40:18 A.... 236 190 230,65 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 236 190 bytes 230,65 K
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est D00F-751F

    R‚pertoire de C:\WINDOWS\System32

    08/05/2006 22:37 <REP> dllcache
    08/05/2006 22:30 235ÿ869 o0ro0a93ed.dll
    08/05/2006 22:26 235ÿ083 l4r00e9meh.dll
    08/05/2006 21:19 234ÿ915 irj8l51u1.dll
    08/05/2006 21:19 235ÿ107 hr4605hse.dll
    08/05/2006 20:50 234ÿ272 j80s0id7e80.dll
    08/05/2006 20:47 234ÿ272 oee2nls.dll
    08/05/2006 20:34 234ÿ272 kjdest.dll
    08/05/2006 20:25 234ÿ352 p0n80a5ued.dll
    08/05/2006 20:25 236ÿ013 en4sl1h71.dll
    08/05/2006 20:11 220ÿ160 Anti-Vlrus.exe
    08/05/2006 19:55 <REP> Microsoft
    10 fichier(s) 2ÿ334ÿ315 octets
    2 R‚p(s) 6ÿ832ÿ181ÿ248 octets libres
    0
    1. Utilisateur anonyme
       
      attention Green Day c'est une femme :O ..mdrr la pôvre :-(

      Relances l2mfix.bat et sélectionne l'option 2
      L'ordi va redémarrer automatiquement sinon fais le de toi même
      Recopie le rapport et colle le ici avec un nouveau rapport hijackthis
      0
      1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166 > Utilisateur anonyme
         
        lol

        t'inkete pas, je me suis fais une raison lol

        et je ne me lasserai pas de le dire ;-)

        bonne soirée !

         je vais plus tardé : demain école ...
        

        ++

        0
  7. nassim
     
    Remercie !!!

    log L2mfix

    L2mfix 032106
    Creating Account.
    La commande s'est termin‚e correctement.

    Adding Administrative privleges.
    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX ... successful

    Running From:
    C:\WINDOWS\system32

    Killing Processes!

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 820 'smss.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 892 'winlogon.exe'
    Killing PID 892 'winlogon.exe'
    Killing PID 892 'winlogon.exe'
    Killing PID 892 'winlogon.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 312 'explorer.exe'
    Killing PID 312 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 1796 'rundll32.exe'
    Restoring Sedebugprivilege:
    Granting SeDebugPrivilege to Administrateurs ... successful

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    Deleting: C:\WINDOWS\system32\__delete_on_reboot__aempvcno.dll
    Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__aempvcno.dll
    Deleting: C:\WINDOWS\system32\__delete_on_reboot__agsldp.dll
    Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__agsldp.dll
    Deleting: C:\WINDOWS\system32\__delete_on_reboot__myrepl40.dll
    Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__myrepl40.dll
    Deleting: C:\WINDOWS\system32\en4sl1h71.dll
    Successfully Deleted: C:\WINDOWS\system32\en4sl1h71.dll
    Deleting: C:\WINDOWS\system32\hr4605hse.dll
    Successfully Deleted: C:\WINDOWS\system32\hr4605hse.dll
    Deleting: C:\WINDOWS\system32\irj8l51u1.dll
    Successfully Deleted: C:\WINDOWS\system32\irj8l51u1.dll
    Deleting: C:\WINDOWS\system32\j80s0id7e80.dll
    Successfully Deleted: C:\WINDOWS\system32\j80s0id7e80.dll
    Deleting: C:\WINDOWS\system32\kjdest.dll
    Successfully Deleted: C:\WINDOWS\system32\kjdest.dll
    Deleting: C:\WINDOWS\system32\o0ro0a93ed.dll
    Successfully Deleted: C:\WINDOWS\system32\o0ro0a93ed.dll
    Deleting: C:\WINDOWS\system32\oee2nls.dll
    Successfully Deleted: C:\WINDOWS\system32\oee2nls.dll
    Deleting: C:\WINDOWS\system32\p0n80a5ued.dll
    Successfully Deleted: C:\WINDOWS\system32\p0n80a5ued.dll
    Deleting: C:\WINDOWS\system32\p2p60c7sef.dll
    Successfully Deleted: C:\WINDOWS\system32\p2p60c7sef.dll
    Deleting: C:\WINDOWS\system32\wzpcd.dll
    Successfully Deleted: C:\WINDOWS\system32\wzpcd.dll

    msg11?.dll
    0 fichier(s) copi‚(s).

    Restoring Windows Update Certificates.:

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MediaContentIndex]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\o0ro0a93ed.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpm]
    "Asynchronous"=dword:00000001
    "DllName"="ssqpm.dll"
    "Impersonate"=dword:00000000
    "Logon"="Logon"
    "Logoff"="Logoff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    The following are the files found:
    ****************************************************************************
    C:\WINDOWS\system32\__delete_on_reboot__aempvcno.dll
    C:\WINDOWS\system32\__delete_on_reboot__agsldp.dll
    C:\WINDOWS\system32\__delete_on_reboot__myrepl40.dll
    C:\WINDOWS\system32\en4sl1h71.dll
    C:\WINDOWS\system32\hr4605hse.dll
    C:\WINDOWS\system32\irj8l51u1.dll
    C:\WINDOWS\system32\j80s0id7e80.dll
    C:\WINDOWS\system32\kjdest.dll
    C:\WINDOWS\system32\o0ro0a93ed.dll
    C:\WINDOWS\system32\oee2nls.dll
    C:\WINDOWS\system32\p0n80a5ued.dll
    C:\WINDOWS\system32\p2p60c7sef.dll
    C:\WINDOWS\system32\wzpcd.dll

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kjdest.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oee2nls.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\agsldp.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wzpcd.dll"
    "ThreadingModel"="Apartment"

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{EE1BD36D-C585-4B19-AD01-1AF194582FBC}"=-
    "{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}"=-
    "{F9936C52-0553-4346-9D1E-00A8971FB2A2}"=-
    "{D539357D-B83A-4928-BCF1-2E86FC313A79}"=-
    "{6ED97466-15B3-4E99-922B-6083AAF1B22E}"=-
    "{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}"=-
    "{E2624599-8520-4328-817E-CBFAE5C71314}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{EE1BD36D-C585-4B19-AD01-1AF194582FBC}]
    [-HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}]
    [-HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}]
    [-HKEY_CLASSES_ROOT\CLSID\{D539357D-B83A-4928-BCF1-2E86FC313A79}]
    [-HKEY_CLASSES_ROOT\CLSID\{6ED97466-15B3-4E99-922B-6083AAF1B22E}]
    [-HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}]
    [-HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************

    ****************************************************************************
    Checking for L2MFix account(0=no 1=yes):
    0
    Zipping up files for submission:
    adding: dlls/en4sl1h71.dll (164 bytes security) (deflated 5%)
    adding: dlls/hr4605hse.dll (164 bytes security) (deflated 5%)
    adding: dlls/irj8l51u1.dll (164 bytes security) (deflated 5%)
    adding: dlls/j80s0id7e80.dll (164 bytes security) (deflated 4%)
    adding: dlls/kjdest.dll (164 bytes security) (deflated 4%)
    adding: dlls/o0ro0a93ed.dll (164 bytes security) (deflated 5%)
    adding: dlls/oee2nls.dll (164 bytes security) (deflated 4%)
    adding: dlls/p0n80a5ued.dll (164 bytes security) (deflated 4%)
    adding: dlls/p2p60c7sef.dll (164 bytes security) (deflated 5%)
    adding: dlls/wzpcd.dll (164 bytes security) (deflated 5%)
    adding: dlls/__delete_on_reboot__aempvcno.dll (164 bytes security) (deflated 5%)
    adding: dlls/__delete_on_reboot__agsldp.dll (164 bytes security) (deflated 5%)
    adding: dlls/__delete_on_reboot__myrepl40.dll (164 bytes security) (deflated 4%)
    adding: backregs/A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC.reg (212 bytes security) (deflated 70%)
    adding: backregs/CBDF6756-2BF3-4E31-9F1B-BDE4449E962A.reg (212 bytes security) (deflated 70%)
    adding: backregs/E2624599-8520-4328-817E-CBFAE5C71314.reg (212 bytes security) (deflated 70%)
    adding: backregs/F9936C52-0553-4346-9D1E-00A8971FB2A2.reg (212 bytes security) (deflated 70%)
    adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
    adding: backregs/shell.reg (164 bytes security) (deflated 73%)

    ------------------------

    log HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 23:19:00, on 08/05/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\mousepad18.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\karim\Bureau\HijackThis\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\System32\ssqpm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ids32] rundll32.exe C:\WINDOWS\System32\ids32.dll,start
    O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad18.exe
    O4 - HKLM\..\Run: [newname] C:\windows\newname18.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
    O4 - HKLM\..\RunServices: [Windows ASN Services] ifct.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = ?
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECDCF6E-4A59-4381-A0E5-511BF367E371}: NameServer = 61.88.88.88 205.252.144.228
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\o0ro0a93ed.dll (file missing)
    O20 - Winlogon Notify: ssqpm - C:\WINDOWS\SYSTEM32\ssqpm.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\system32\keys.exe (file missing)
    0
    1. Utilisateur anonyme
       
      Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
      O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\System32\ssqpm.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ids32] rundll32.exe C:\WINDOWS\System32\ids32.dll,start
      O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe
      O4 - HKLM\..\Run: [mousepad] C:\\mousepad18.exe
      O4 - HKLM\..\Run: [newname] C:\windows\newname18.exe
      O4 - HKLM\..\RunServices: [Windows ASN Services] ifct.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\o0ro0a93ed.dll (file missing)
      O20 - Winlogon Notify: ssqpm - C:\WINDOWS\SYSTEM32\ssqpm.dll

      Télécharge VirtumundoBegone sur le bureau:
      http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

      Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
      Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
      Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.


      Puis fait ça:

      Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici avec un nouveau rapport hijackthis
      Ewido:
      Ewido Security Suite
      0
  8. nassim
     
    Merci MASTER

    raport VirtumundoBeGone..
    -----------------------------------------
    [05/08/2006, 23:39:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\karim\Bureau\Contre attaque\VirtumundoBeGone.exe" )
    [05/08/2006, 23:39:30] - Detected System Information:
    [05/08/2006, 23:39:30] - Windows Version: 5.1.2600, Service Pack 1
    [05/08/2006, 23:39:30] - Current Username: karim (Admin)
    [05/08/2006, 23:39:30] - Windows is in NORMAL mode.
    [05/08/2006, 23:39:30] - Searching for Browser Helper Objects:
    [05/08/2006, 23:39:30] - BHO 1: {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} ()
    [05/08/2006, 23:39:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/08/2006, 23:39:30] - Checking for HKLM\...\Winlogon\Notify\ssqpm
    [05/08/2006, 23:39:30] - Found: HKLM\...\Winlogon\Notify\ssqpm - This is probably Virtumundo.
    [05/08/2006, 23:39:30] - Assigning {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} MSEvents Object
    [05/08/2006, 23:39:30] - BHO list has been changed! Starting over...
    [05/08/2006, 23:39:30] - BHO 1: {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} (MSEvents Object)
    [05/08/2006, 23:39:30] - ALERT: Found MSEvents Object!
    [05/08/2006, 23:39:30] - Finished Searching Browser Helper Objects
    [05/08/2006, 23:39:30] - *** Detected MSEvents Object
    [05/08/2006, 23:39:30] - Trying to remove MSEvents Object...
    [05/08/2006, 23:39:31] - Terminating Process: IEXPLORE.EXE
    [05/08/2006, 23:39:36] - Terminating Process: RUNDLL32.EXE
    [05/08/2006, 23:39:36] - Disabling Automatic Shell Restart
    [05/08/2006, 23:39:36] - Terminating Process: EXPLORER.EXE
    [05/08/2006, 23:39:37] - Suspending the NT Session Manager System Service
    [05/08/2006, 23:39:37] - Terminating Windows NT Logon/Logoff Manager
    [05/08/2006, 23:39:37] - Re-enabling Automatic Shell Restart
    [05/08/2006, 23:39:37] - File to disable: C:\WINDOWS\system32\ssqpm.dll
    [05/08/2006, 23:39:37] - Renaming C:\WINDOWS\system32\ssqpm.dll -> C:\WINDOWS\system32\ssqpm.dll.vir
    [05/08/2006, 23:39:37] - File successfully renamed!
    [05/08/2006, 23:39:37] - Removing HKLM\...\Browser Helper Objects\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}
    [05/08/2006, 23:39:37] - Removing HKCR\CLSID\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}
    [05/08/2006, 23:39:37] - Adding Kill Bit for ActiveX for GUID: {F2FA09FB-EE7A-46d8-9145-A1EEF7850052}
    [05/08/2006, 23:39:37] - Deleting ATLEvents/MSEvents Registry entries
    [05/08/2006, 23:39:37] - Removing HKLM\...\Winlogon\Notify\ssqpm
    [05/08/2006, 23:39:37] - Searching for Browser Helper Objects:
    [05/08/2006, 23:39:37] - Finished Searching Browser Helper Objects
    [05/08/2006, 23:39:37] - Finishing up...
    [05/08/2006, 23:39:37] - A restart is needed.
    [05/08/2006, 23:39:40] - Attempting to Restart via STOP error (Blue Screen!)

    ///////////////////
    rapport HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 23:45:30, on 08/05/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\ewido anti-malware\securitysuite.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\karim\Bureau\Contre attaque\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ids32] rundll32.exe C:\WINDOWS\System32\ids32.dll,start
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = ?
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECDCF6E-4A59-4381-A0E5-511BF367E371}: NameServer = 61.88.88.88 205.252.144.228
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\system32\keys.exe (file missing)
    0
    1. Utilisateur anonyme
       
      Refais un scan complet avec Ewido et colle le rapport ici j'en ai besoin stp
      0
  9. nassim
     
    + Résultats du scan:

    C:\Documents and Settings\karim\Bureau\Contre attaque\HijackThis\backups\backup-20060508-233745-254.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
    C:\Documents and Settings\karim\Cookies\karim@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
    C:\Documents and Settings\karim\Cookies\karim@2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
    C:\Documents and Settings\karim\Cookies\karim@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
    C:\Documents and Settings\karim\Cookies\karim@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
    C:\Documents and Settings\karim\Cookies\karim@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
    C:\Documents and Settings\karim\Local Settings\Temporary Internet Files\Content.IE5\9X2F2UT1\AppWrap[1].exe -> Adware.AdURL : Nettoyer et sauvegarder
    C:\Installer.exe -> Adware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\icont.exe -> Adware.AdURL : Nettoyer et sauvegarder
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Nettoyer et sauvegarder
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\35C3KKGL\Installer[1].exe -> Adware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XLV4QWSY\ad[1].exe -> Adware.WinAD : Nettoyer et sauvegarder
    C:\WINDOWS\system32\rmz.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
    C:\WINDOWS\system32\ssqpm.dll.vir -> Adware.Virtumonde : Nettoyer et sauvegarder
    C:\WINDOWS\Temp\__delete_on_reboot__bw2.com -> Adware.AdURL : Nettoyer et sauvegarder

    ::Fin du rapport
    0
    1. Utilisateur anonyme
       
      clique sur demarrer, rechercher, cherche et supprime ces fichiers:

      ids32.dll
      keyboard18.exe
      mousepad18.exe
      newname18.exe
      ifct.exe

      si un fichier persiste lors de la suppression fais ceci:
      -Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers, vides ta corbeille et redemarres normalement

      Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X, pour le faire fonctionner,
      une fois qu'il a terminé colle le rapport ici stp avec un nouveau rapport hijackthis

      https://www.bitdefender.com/toolbox/
      0