Sujet Précédent Sujet Suivant

Adan-78, Adan-94 & Small-EK

KRIK -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
[ Continuer la discussion ][ Répondre à green day ][ Autres messages de green day ]

< 12 > - Adan-78, Adan-94 & Small-EK
Ajouté par Krik (03/07/2006 à 20:03 GMT+2)
Salut Green Day !

J'ai le même souci que yez !!

Voila le rapport de fixwareout :

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}920BB3E55D27-F529-A604-3177-39BEF900{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB16505770BD-1A19-4094-62BB-0BB972D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}134912D86482-5D99-5B64-3F81-8C7FD103{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8A4F4C881CA-2D49-A294-1128-6180E1C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EE2B4CD89C69-4A9B-3984-E06C-0D099B3C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F64147F5B3DC-BC89-2B94-C7AB-B3123903{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D67EBF56A15D-537B-A794-AC7D-31BC2B29{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B62D4AB4039-B00A-6174-5EF7-10BF6A92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83DBD85BBCBF-F68B-8F24-743A-DC302ADC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97A5DEB47ED3-E599-2EB4-1C09-F4D3853B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D8E258982AC-4F8B-35A4-361A-AD0CF0FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67020A655B3F-3B59-3394-D80F-BDF1FDE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}231A010E7E14-F5CB-AB04-9425-FA093035{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C48183A6229-8EA9-EDA4-01FD-70D07CA0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0250D0F2BBF4-B10B-2C54-B5F4-77978530{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD3AAAC74CBF-954A-3924-5BD9-A172ED05{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}90019D854A0E-986B-5014-2BA3-4E0C7144{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}34A628D7D769-F28A-5FA4-4D6E-EA9FD085{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4CDDD296CB47-D93A-AF54-71E0-AD0651EF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0741414AEA9-9D1B-7AA4-24A1-78FC5F65{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD8E8546C161-8358-B624-6A5A-1B19BDEB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD79DC92E642-9278-CCB4-5EF6-7C4820E4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45327795CB35-14CA-90E4-8C5B-DF7D734B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3DCED66F7E96-BC48-44A4-0D20-040823EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSBHP.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSBHP.EXE 51 219 2006-06-30
Other suspects
Directory of C:\WINDOWS\system32
{AE328040-02D0-4A44-84CB-69E7F66DECD3}.exe
{B437D7FD-B5C8-4E09-AC41-53BC59772354}.exe
{4E0284C7-6FE5-4BCC-8729-246E29CD97DB}.exe
{BEDB91B1-A5A6-426B-8538-161C6458E8DA}.exe
{56F5CF87-1A42-4AA7-B1D9-9AEA4141470A}.exe
{FE1560DA-0E17-45FA-A39D-74BC692DDDC4}.exe
{580DF9AE-E6D4-4AF5-A82F-967D7D826A43}.exe
{4417C0E4-3AB2-4105-B689-E0A458D91009}.exe
{50DE271A-9DB5-4293-A459-FBC47CAAA3DA}.exe
{03587977-4F5B-45C2-B01B-4FBB2F0D0520}.exe
{0AC70D07-DF10-4ADE-9AE8-9226A38184C0}.exe
{530390AF-5249-40BA-BC5F-41E7E010A132}.exe
{3EDF1FDB-F08D-4933-95B3-F3B556A02076}.exe
{EF0FC0DA-A163-4A53-B8F4-CA289852E8D6}.exe
{B3583D4F-90C1-4BE2-995E-3DE74BED5A79}.exe
{CDA203CD-A347-42F8-B86F-FBCBB58DBD38}.exe
{29A6FB01-7FE5-4716-A00B-9304BA4D26B2}.exe
{92B2CB13-D7CA-497A-B735-D51A65FBE76D}.exe
{3093213B-BA7C-49B2-98CB-CD3B5F74146F}.exe
{C3B990D0-C60E-4893-B9A4-96C98DC4B2EE}.exe
{6C1E0816-8211-492A-94D2-AC188C4F4A8D}.exe
{ACF458EF-A9C7-4AB6-807F-D57CB9E4F10E}.exe
{301DF7C8-18F3-46B5-99D5-28468D219431}.exe
{5D279BB0-BB26-4904-91A1-DB07750561BA}.exe
{009FEB93-7713-406A-925F-72D55E3BB029}.exe
{AC2D4A11-FC70-4AE0-94E4-0D499AD27AF2}.exe
{582370F8-1E3E-4D02-A69C-64E8D819B8FB}.exe
{24671982-3454-49CE-A5B6-BFF5A043E522}.exe
{5823CAB4-E697-4E82-A8AD-CD8BEC88788E}.exe
{816A63A0-F046-4092-B3E7-6180ECB37AE6}.exe
{6DD6F4C4-BF53-4BED-AE95-3821A790467E}.exe
{E60B43E0-1B40-46F5-A509-92A518631E05}.exe
{68B8DF53-C326-407F-9AF8-F9076AF9DA34}.exe
{EA979702-B37E-46F3-B70B-7C0F4E39084F}.exe
{931411AB-4559-49AA-A1A1-FB12889EDFB3}.exe
{4813034E-7706-4050-ADF4-1AB194DDD1C5}.exe
{93391648-AA2D-420B-AB21-4097D5AC4605}.exe
{D82AF41B-4B62-48ED-BC5C-E5F5E46B8D0E}.exe
{4C719F8B-1CAF-4DB6-B62E-7CAEFC6CBD58}.exe
{ECEC6C27-F262-4717-9223-C836A80CF4DC}.exe
{50F733CA-FEE0-470D-85EC-13B357F1C588}.exe
{9FFAD029-7B50-4DAF-AF7C-A7E3B3E41A32}.exe
{996F1F1A-833B-4B58-8968-F1383AD5B2F3}.exe
{766D994A-7093-4998-B725-6A13602DBCF0}.exe
{6AF09EC6-28EB-4739-A86B-C74C1B86CC13}.exe
{6F691674-27CE-41F5-BF33-CBAE3C22DBC1}.exe
{A68F6BC7-6FA6-43C1-BDCC-94E9A99D9269}.exe
{7093D186-A091-454E-8676-F5D687934A00}.exe
{03FD025F-8B7A-422C-8F85-98BB41D9F784}.exe
{415880C7-8D4B-42B2-81FC-6AF62D206860}.exe
{D4054F1B-0320-4416-9A51-8454B3D8F27F}.exe
{54B95EE4-9024-4143-824A-47720AC98C9F}.exe
{3B9B0664-8BEB-495C-BFF8-B687C5186B11}.exe
{0F7DDFDE-69B6-40E3-BD63-F9847937BD83}.exe
{8C9A58F6-6D73-4B72-9941-3C650890E6C2}.exe
{94101D68-7C72-4AF1-87D4-2F324B36305A}.exe
{5EE21CD2-9DE3-4F88-A463-03439C89C5AC}.exe
{5CDDCD72-3DF1-44E5-89CE-8D03BD82BB08}.exe
{E639BE72-59D9-47DE-B8CD-4E6BBF52AAA7}.exe
{D432A430-D245-48B7-B099-F85E0D72CDB7}.exe
{2B324DA8-9CAE-4BF8-9FCC-B21F9C25BA4B}.exe
{DBA668E6-CCEF-4F24-8E0D-B3F1CA7902DE}.exe
{52BB78F5-9F43-4246-8B66-4A5B3D776DD0}.exe
{70247F61-26CE-46DE-9D55-5733FF062745}.exe
{71E8DD49-1535-4636-9173-0C05C897CF51}.exe
{441E2380-916B-4279-A368-D1FCD7F5470B}.exe
{2BABE508-C378-4C26-8105-527ECD6012EB}.exe
{46F9CD9B-9251-49A0-8B7B-3305BEF646B1}.exe
{A6D3BB4F-91C4-4E09-BC15-3D468E2F231D}.exe
{2976A9DD-F516-482F-8B27-4DFE802F87B3}.exe
{0EAC0640-0169-47AF-BC47-929978D41417}.exe
{3DC66F8B-75B4-4AD0-9553-78D30296B389}.exe
{C3B622F8-65FD-4CB5-8C77-2AEEA30DEF70}.exe
{C14E98C2-0ED3-42B8-AACC-37F41CCE583B}.exe
{354EAF05-ED9E-4213-9868-936BBA3C6402}.exe
{74A3905C-43A1-45D2-9212-EF26EDA9337B}.exe
{2F3D1B45-0E29-4E9D-A626-B1273255557C}.exe
{66D11742-F533-4DF4-8382-61A52DDC5192}.exe
{F081AD62-2C4C-46A8-A952-3867D66FC934}.exe
{9FC07192-5B6E-4365-BDCC-0617C8D1DA99}.exe
{B9E54C4E-0B66-4A5F-B0B9-9BE0B2142D86}.exe
{6C5D1DC9-A6FB-4BFA-ACA8-CF9B64758A81}.exe
{3F1793C4-777E-4A62-976C-1BD23842D43E}.exe
{52EE5461-B97D-4733-B795-A543FD04DB81}.exe
{B52A0AC6-6E95-4752-8DD7-3E0C4CA9776F}.exe
{55754925-28EB-4C81-B048-45452FF22D6A}.exe
{E16688B6-7D3F-4D17-BD46-B0B00B717296}.exe

et le rapport de HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 19:56:47, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {783D8360-F687-DDF2-7A52-E9C7C0F1B0E6} - xxtoolbar.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [killall] dialer423.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [nikkn.exe] C:\WINDOWS\system32\nikkn.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [porka_] Shaitan1678.exe
O4 - HKCU\..\Run: [slamm] SysSupport.exe
O4 - HKCU\..\Run: [cnftips] backd.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E3F7530-6079-45DD-AAE2-46B8D56289B5}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

Peut tu me venir en aide !!??

Merci beaucoup !!
A voir également:

27 réponses

Précédent
  • 1
  • 2
Réponse 21 / 27
KRIK Messages postés 12 Statut Membre
 
Ben ouais, je l'ai fait lorsque j'étais en mode sans echec.
0
Réponse 22 / 27
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

un pti corriace celui-là ...

fais ceci :

# Télécharger ceci :
http://downloads.subratam.org/Fixwareout.exe
Installer le et suivre la procédure,

# Je suis tjrs ennuyer par ces deux là qu'Avast trouve :

Win32:Trojan-gen. {Other}
Win32:Small-TG [Trj]


il te les detecte où ???

# remets un nouveau hijackthis stp

++

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0
Réponse 23 / 27
KRIK Messages postés 12 Statut Membre
 
Voila le rapport Fixwareout:

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DFE716111344-C0D9-3534-76E6-BF930ECA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSCFZ.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSCFZ.EXE 51 270 2006-07-04
Other suspects
Directory of C:\WINDOWS\system32
{811CC1DE-FF76-4388-8997-5B4258F9B634}.exe
{D9F359FF-DB6C-48EB-93CC-5D1134B82E76}.exe
{8F8A61C6-803B-4AD6-8BFE-AC115B0BED53}.exe
{E850B208-B8D7-4690-A1AB-9907B7A40AE4}.exe
{C356AB6C-F72B-43E3-A8CD-1B0A6DD20CC9}.exe
{483F49BF-91FC-4CF8-891C-CB3D2DB6375A}.exe
{1DCC9303-6D38-4CDE-8F5E-6E388A326C10}.exe

Et le Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:58:21, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

Merci
0
Réponse 24 / 27
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

fixe celles-ci :

O17 - HKLM\System\CCS\Services\Tcpip\..\{46163A0F-F858-42DA-9EA9-191F6C9263DF}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ACB208-CC48-4CF6-8A4D-25AAF744457D}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2CC401-C025-4ADE-B852-0834BA7FC66E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

et remets en un nouveau stp

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 27
KRIK Messages postés 12 Statut Membre
 
Logfile of HijackThis v1.99.1
Scan saved at 00:52:51, on 09/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
0
Réponse 26 / 27
KRIK
 
Salut à tous,

Il semble que je n'ai plus de probleme !!!!
MISSION ACCOMPLIE avec succès

UN GRAND MERCI A TOUS !!!
0
Réponse 27 / 27
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

c'est aussi ok pour ma part :-)

regarde aussi par là :

https://sebsauvage.net/safehex.html

securite proteger un ordinateur contre les malwares d internet

++
0

Discussions similaires

Spam numéro +262262382680
JES -
lili -

19 réponses
dirt bike small mx ou wsr
Ch@rlot -
Dylan -

9 réponses
Rooming iam
LallaKhyti -
MaxGix -

1 réponse
Numéro commençant par le 09 70 : qui est-ce?
NuagedOr -
Patou -

33 réponses
Voxbone ? qui est-ce ?
fanfan54 -
ntrece13 -

159 réponses