Adan-78, Adan-94 & Small-EK

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
[ Continuer la discussion ][ Répondre à green day ][ Autres messages de green day ]

< 12 > - Adan-78, Adan-94 & Small-EK
Ajouté par Krik (03/07/2006 à 20:03 GMT+2)
Salut Green Day !

J'ai le même souci que yez !!

Voila le rapport de fixwareout :

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}920BB3E55D27-F529-A604-3177-39BEF900{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB16505770BD-1A19-4094-62BB-0BB972D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}134912D86482-5D99-5B64-3F81-8C7FD103{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8A4F4C881CA-2D49-A294-1128-6180E1C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE2B4CD89C69-4A9B-3984-E06C-0D099B3C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F64147F5B3DC-BC89-2B94-C7AB-B3123903{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D67EBF56A15D-537B-A794-AC7D-31BC2B29{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B62D4AB4039-B00A-6174-5EF7-10BF6A92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83DBD85BBCBF-F68B-8F24-743A-DC302ADC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97A5DEB47ED3-E599-2EB4-1C09-F4D3853B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D8E258982AC-4F8B-35A4-361A-AD0CF0FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67020A655B3F-3B59-3394-D80F-BDF1FDE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}231A010E7E14-F5CB-AB04-9425-FA093035{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C48183A6229-8EA9-EDA4-01FD-70D07CA0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0250D0F2BBF4-B10B-2C54-B5F4-77978530{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD3AAAC74CBF-954A-3924-5BD9-A172ED05{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}90019D854A0E-986B-5014-2BA3-4E0C7144{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}34A628D7D769-F28A-5FA4-4D6E-EA9FD085{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4CDDD296CB47-D93A-AF54-71E0-AD0651EF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0741414AEA9-9D1B-7AA4-24A1-78FC5F65{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD8E8546C161-8358-B624-6A5A-1B19BDEB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD79DC92E642-9278-CCB4-5EF6-7C4820E4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45327795CB35-14CA-90E4-8C5B-DF7D734B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3DCED66F7E96-BC48-44A4-0D20-040823EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSBHP.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSBHP.EXE 51 219 2006-06-30
Other suspects
Directory of C:\WINDOWS\system32
{AE328040-02D0-4A44-84CB-69E7F66DECD3}.exe
{B437D7FD-B5C8-4E09-AC41-53BC59772354}.exe
{4E0284C7-6FE5-4BCC-8729-246E29CD97DB}.exe
{BEDB91B1-A5A6-426B-8538-161C6458E8DA}.exe
{56F5CF87-1A42-4AA7-B1D9-9AEA4141470A}.exe
{FE1560DA-0E17-45FA-A39D-74BC692DDDC4}.exe
{580DF9AE-E6D4-4AF5-A82F-967D7D826A43}.exe
{4417C0E4-3AB2-4105-B689-E0A458D91009}.exe
{50DE271A-9DB5-4293-A459-FBC47CAAA3DA}.exe
{03587977-4F5B-45C2-B01B-4FBB2F0D0520}.exe
{0AC70D07-DF10-4ADE-9AE8-9226A38184C0}.exe
{530390AF-5249-40BA-BC5F-41E7E010A132}.exe
{3EDF1FDB-F08D-4933-95B3-F3B556A02076}.exe
{EF0FC0DA-A163-4A53-B8F4-CA289852E8D6}.exe
{B3583D4F-90C1-4BE2-995E-3DE74BED5A79}.exe
{CDA203CD-A347-42F8-B86F-FBCBB58DBD38}.exe
{29A6FB01-7FE5-4716-A00B-9304BA4D26B2}.exe
{92B2CB13-D7CA-497A-B735-D51A65FBE76D}.exe
{3093213B-BA7C-49B2-98CB-CD3B5F74146F}.exe
{C3B990D0-C60E-4893-B9A4-96C98DC4B2EE}.exe
{6C1E0816-8211-492A-94D2-AC188C4F4A8D}.exe
{ACF458EF-A9C7-4AB6-807F-D57CB9E4F10E}.exe
{301DF7C8-18F3-46B5-99D5-28468D219431}.exe
{5D279BB0-BB26-4904-91A1-DB07750561BA}.exe
{009FEB93-7713-406A-925F-72D55E3BB029}.exe
{AC2D4A11-FC70-4AE0-94E4-0D499AD27AF2}.exe
{582370F8-1E3E-4D02-A69C-64E8D819B8FB}.exe
{24671982-3454-49CE-A5B6-BFF5A043E522}.exe
{5823CAB4-E697-4E82-A8AD-CD8BEC88788E}.exe
{816A63A0-F046-4092-B3E7-6180ECB37AE6}.exe
{6DD6F4C4-BF53-4BED-AE95-3821A790467E}.exe
{E60B43E0-1B40-46F5-A509-92A518631E05}.exe
{68B8DF53-C326-407F-9AF8-F9076AF9DA34}.exe
{EA979702-B37E-46F3-B70B-7C0F4E39084F}.exe
{931411AB-4559-49AA-A1A1-FB12889EDFB3}.exe
{4813034E-7706-4050-ADF4-1AB194DDD1C5}.exe
{93391648-AA2D-420B-AB21-4097D5AC4605}.exe
{D82AF41B-4B62-48ED-BC5C-E5F5E46B8D0E}.exe
{4C719F8B-1CAF-4DB6-B62E-7CAEFC6CBD58}.exe
{ECEC6C27-F262-4717-9223-C836A80CF4DC}.exe
{50F733CA-FEE0-470D-85EC-13B357F1C588}.exe
{9FFAD029-7B50-4DAF-AF7C-A7E3B3E41A32}.exe
{996F1F1A-833B-4B58-8968-F1383AD5B2F3}.exe
{766D994A-7093-4998-B725-6A13602DBCF0}.exe
{6AF09EC6-28EB-4739-A86B-C74C1B86CC13}.exe
{6F691674-27CE-41F5-BF33-CBAE3C22DBC1}.exe
{A68F6BC7-6FA6-43C1-BDCC-94E9A99D9269}.exe
{7093D186-A091-454E-8676-F5D687934A00}.exe
{03FD025F-8B7A-422C-8F85-98BB41D9F784}.exe
{415880C7-8D4B-42B2-81FC-6AF62D206860}.exe
{D4054F1B-0320-4416-9A51-8454B3D8F27F}.exe
{54B95EE4-9024-4143-824A-47720AC98C9F}.exe
{3B9B0664-8BEB-495C-BFF8-B687C5186B11}.exe
{0F7DDFDE-69B6-40E3-BD63-F9847937BD83}.exe
{8C9A58F6-6D73-4B72-9941-3C650890E6C2}.exe
{94101D68-7C72-4AF1-87D4-2F324B36305A}.exe
{5EE21CD2-9DE3-4F88-A463-03439C89C5AC}.exe
{5CDDCD72-3DF1-44E5-89CE-8D03BD82BB08}.exe
{E639BE72-59D9-47DE-B8CD-4E6BBF52AAA7}.exe
{D432A430-D245-48B7-B099-F85E0D72CDB7}.exe
{2B324DA8-9CAE-4BF8-9FCC-B21F9C25BA4B}.exe
{DBA668E6-CCEF-4F24-8E0D-B3F1CA7902DE}.exe
{52BB78F5-9F43-4246-8B66-4A5B3D776DD0}.exe
{70247F61-26CE-46DE-9D55-5733FF062745}.exe
{71E8DD49-1535-4636-9173-0C05C897CF51}.exe
{441E2380-916B-4279-A368-D1FCD7F5470B}.exe
{2BABE508-C378-4C26-8105-527ECD6012EB}.exe
{46F9CD9B-9251-49A0-8B7B-3305BEF646B1}.exe
{A6D3BB4F-91C4-4E09-BC15-3D468E2F231D}.exe
{2976A9DD-F516-482F-8B27-4DFE802F87B3}.exe
{0EAC0640-0169-47AF-BC47-929978D41417}.exe
{3DC66F8B-75B4-4AD0-9553-78D30296B389}.exe
{C3B622F8-65FD-4CB5-8C77-2AEEA30DEF70}.exe
{C14E98C2-0ED3-42B8-AACC-37F41CCE583B}.exe
{354EAF05-ED9E-4213-9868-936BBA3C6402}.exe
{74A3905C-43A1-45D2-9212-EF26EDA9337B}.exe
{2F3D1B45-0E29-4E9D-A626-B1273255557C}.exe
{66D11742-F533-4DF4-8382-61A52DDC5192}.exe
{F081AD62-2C4C-46A8-A952-3867D66FC934}.exe
{9FC07192-5B6E-4365-BDCC-0617C8D1DA99}.exe
{B9E54C4E-0B66-4A5F-B0B9-9BE0B2142D86}.exe
{6C5D1DC9-A6FB-4BFA-ACA8-CF9B64758A81}.exe
{3F1793C4-777E-4A62-976C-1BD23842D43E}.exe
{52EE5461-B97D-4733-B795-A543FD04DB81}.exe
{B52A0AC6-6E95-4752-8DD7-3E0C4CA9776F}.exe
{55754925-28EB-4C81-B048-45452FF22D6A}.exe
{E16688B6-7D3F-4D17-BD46-B0B00B717296}.exe

et le rapport de HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 19:56:47, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {783D8360-F687-DDF2-7A52-E9C7C0F1B0E6} - xxtoolbar.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [killall] dialer423.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [nikkn.exe] C:\WINDOWS\system32\nikkn.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [porka_] Shaitan1678.exe
O4 - HKCU\..\Run: [slamm] SysSupport.exe
O4 - HKCU\..\Run: [cnftips] backd.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

Peut tu me venir en aide !!??

Merci beaucoup !!