Encore des malwares, toujours des malwares...

Résolu
salim2103 Messages postés 49 Date d'inscription   Statut Membre -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Salut à toute la communauté !

Voilà, comme beaucoup d'autres personnes, je suis assailli par les malwares (win???.tmp.exe, mgrs.exe, ...) et ça commence à me taper sérieusement sur le système. Ce que j'ai lu jusqu'à présent c'est des solutions personnalisées à des cas particuliers, mais y a t il une solution générale pour tout le monde ? J'aimerais bien régler mon problème, mais en faire profiter tout le monde. En plus d'être curieux du monde informatique, j'aimerais aussi savoir comment nos "experts" de la toile font, pour déterminer les lignes à fixer, par exemple...
S'il n'y a pas de remède miracle, j'aimerais quand même qu'on traite mon cas svp
Merci d'avance !!

Salim :)
Configuration: Windows XP
Internet Explorer 6.0

24 réponses

  • 1
  • 2
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    commence par ceci ;-)

    Télécharge ce logiciel sur ton bureau :

    Lien : hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
  2. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    Merci pour ta réponse rapide :) Voilà le rapport de Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:25, on 2007-07-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\TEMP\win646.tmp.exe
    C:\WINDOWS\mgrs.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\LClock\lclock.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\hffomubd.dll
    O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ljjgeef.dll
    O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - C:\WINDOWS\system32\vtsts.dll
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win646.tmp.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
    O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ljjgeef - C:\WINDOWS\SYSTEM32\ljjgeef.dll
    O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
    O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :

    http://www.atribune.org/ccount/click.php?id=4

    *Double-clique VundoFix.exe afin de le lancer.
    * Cliquez sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
    * Une invite vous demandera supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * le PC va s'éteindre ("shutdown") : clique OK
    * Démarrez votre PC à nouveau
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    ++
    0
  4. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    Voilà le rapport de Vundofix :

    VundoFix V6.5.4

    Checking Java version...

    Scan started at 21:48:31 2007-07-10

    Listing files found while scanning....

    C:\WINDOWS\system32\ststv.bak1
    C:\WINDOWS\system32\ststv.ini
    C:\WINDOWS\system32\vtsts.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ststv.bak1
    C:\WINDOWS\system32\ststv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ststv.ini
    C:\WINDOWS\system32\ststv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsts.dll
    C:\WINDOWS\system32\vtsts.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Il faut savoir que j'ai déjà lancé Vundofix avant, et que ce rapport c'est seulement celui du dernier scan. Faut-il aussi que je te donne le début ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    oui, je sais que tu l'as déjà utilisé, seulement, il est encore présent !

    fais ce qui est indiqué ici stp:

    virus methode preliminaire de desinfection version fr

    ++
    0
  7. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    Salut !

    Voilà, après quelques heures de scans et une journée de travail, les 3 rapports de AVG Spyware, BitDefender et Hijackthis :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 23:21 2007-07-10

    + Résultat de l'analyse:

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019710.exe -> Adware.BugDoctor : Ignoré.
    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019711.exe -> Adware.BugDoctor : Ignoré.
    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe/keygen.exe -> Adware.Virtumonde : Ignoré.
    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017292.exe -> Backdoor.Virkel.A : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP79\A0017320.exe -> Downloader.Alphabet : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0018693.exe -> Downloader.Alphabet.f : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\xc42[1].exe -> Downloader.PurityScan.eg : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\system32\qfnxhycf.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine).
    D:\Logiciels\Internet\Communication\MSN\Logiciels Annexes\CEDP-Stealer-Setup.exe -> Logger.BJCG.e : Nettoyé et sauvegardé (mise en quarantaine).
    F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe -> Not-A-Virus.Joke.Win32.SlipperyMouse.A : Ignoré.
    F:\Ha ha ha !\Flight\Blagues\Montre pour femme.htm -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
    F:\Ha ha ha !\Flight\Blagues\Montre pour homme.htm -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\xc60[1].exe -> Trojan.Dialer.qn : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\NEQH0AVR\xc23[1].exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\Temp\win646.tmp.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
    D:\Logiciels\Design\Icônes\Logiciels\E-Icons v3.07\E-Icons Crack.zip/rp_Eicons73_crk.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
    D:\Logiciels\Hacked\Cracks et serial logiciels\Win xp\XP Key Essentials.zip/XP_keygen.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
    D:\Logiciels\Hacked\Cracks et serial logiciels\Win xp\XPKey.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
    D:\System Volume Information\_restore{E7727C95-A3A9-4C98-AD4C-4AA574F3BDD3}\RP10\A0004602.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
    G:\A Trier\Games\DOS\AIRBUCKS\AIRBUCKS.ZIP/JUNGLE.EDY -> Trojan.Susear.a : Nettoyé et sauvegardé (mise en quarantaine).
    G:\A Trier\Games\DOS\AIRBUCKS\AIRBUCKS.ZIP/RUNWAY.EDY -> Trojan.Susear.a : Nettoyé et sauvegardé (mise en quarantaine).

    Fin du rapport

    BitDefender Online Scanner

    Scan report generated at: Wed, Jul 11, 2007 - 02:39:21

    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;

    Statistics

    Time
    02:33:03

    Files
    546365

    Folders
    17928

    Boot Sectors
    11

    Archives
    12950

    Packed Files
    18836

    Results

    Identified Viruses
    14

    Infected Files
    24

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    22

    Engines Info

    Virus Definitions
    647883

    Engine build
    AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
    Infected with: Trojan.Vundo.CG

    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
    Disinfection failed

    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
    Deleted

    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
    Infected with: Trojan.Clicker.MNB

    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
    Disinfection failed

    C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
    Deleted

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
    Infected with: Trojan.Virtumod.MG

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
    Disinfection failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
    Deleted

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
    Update failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
    Infected with: Trojan.Inject.BW

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
    Disinfection failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
    Deleted

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
    Update failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
    Infected with: Trojan.Downloader.Agent.YGD

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
    Disinfection failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
    Deleted

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
    Update failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
    Infected with: Trojan.ConHook.X

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
    Disinfection failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
    Deleted

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
    Update failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
    Infected with: Generic.Dld.Alpha.EB472BE2

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
    Disinfection failed

    C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
    Deleted

    C:\WINDOWS\system32\winufg32.dll
    Infected with: Trojan.Mezzia.AN

    C:\WINDOWS\system32\winufg32.dll
    Disinfection failed

    C:\WINDOWS\system32\winufg32.dll
    Delete failed

    C:\WINDOWS\system32\xbpsplin.dll
    Infected with: Trojan.Vundo.CG

    C:\WINDOWS\system32\xbpsplin.dll
    Disinfection failed

    C:\WINDOWS\system32\xbpsplin.dll
    Delete failed

    D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
    Infected with: Trojan.Spy.Bjcg.E

    D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
    Disinfection failed

    D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
    Deleted

    D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)
    Update failed

    F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
    Infected with: Joke.Slippery.A

    F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
    Disinfection failed

    F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
    Deleted

    F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
    Infected with: Trojan.Joke.Mona.A

    F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
    Disinfection failed

    F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
    Deleted

    F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
    Infected with: Trojan.Horse.BAQ

    F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
    Disinfection failed

    F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
    Deleted

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
    Infected with: Joke.Slippery.A

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
    Disinfection failed

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
    Deleted

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
    Infected with: Trojan.Joke.Mona.A

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
    Disinfection failed

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
    Deleted

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
    Infected with: Trojan.Horse.BAQ

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
    Disinfection failed

    F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
    Deleted

    G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
    Infected with: BehavesLike:BAT.Gen

    G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
    Disinfection failed

    G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
    Deleted

    G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP
    Update failed

    G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
    Infected with: BehavesLike:BAT.Gen

    G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
    Disinfection failed

    G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
    Deleted

    G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
    Infected with: BehavesLike:BAT.Gen

    G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
    Disinfection failed

    G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
    Deleted

    G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
    Infected with: Vienna.648.A

    G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
    Disinfection failed

    G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
    Deleted

    G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ
    Update failed

    G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
    Infected with: BehavesLike:BAT.Gen

    G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
    Disinfection failed

    G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
    Deleted

    G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ
    Update failed

    G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
    Infected with: BehavesLike:BAT.Gen

    G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
    Disinfection failed

    G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
    Deleted

    G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP
    Update failed

    G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
    Infected with: BehavesLike:BAT.Gen

    G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
    Disinfection failed

    G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
    Deleted

    G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
    Infected with: BehavesLike:BAT.Gen

    G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
    Disinfection failed

    G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
    Deleted

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 06:25, on 2007-07-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\LClock\lclock.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Programmes installés\Winamp\winamp.exe
    D:\Logiciels\Utiles\reveilletoi.exe
    C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
    O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ljjgeef.dll
    O2 - BHO: (no name) - {B6D41F78-E2C4-4AFA-B740-0D05FF6D4ABF} - C:\WINDOWS\system32\ddaba.dll
    O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xbpsplin.dll",forkonce
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll
    O20 - Winlogon Notify: ljjgeef - C:\WINDOWS\SYSTEM32\ljjgeef.dll
    O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok,

    P.S.: Le fait que WinAntivirus chaipa koi n'arrête pas de sortir sur internet explorer fait partie de tous ces malwares ?

    oui, c'est aussi une bébétte ...

    Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe

    - Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
    - Dézipper l2mfix.exe sur le bureau ;
    - Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
    - Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
    => Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.

    ++
    0
  9. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    Voilà qui est fait :

    L2MFIX find log 051206
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddaba]
    "Asynchronous"=dword:00000001
    "DllName"="C:\\WINDOWS\\system32\\ddaba.dll"
    "Impersonate"=dword:00000000
    "Startup"="RealLogon"
    "Logoff"="RealLogoff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjgeef]
    "Asynchronous"=dword:00000001
    "DllName"="ljjgeef.dll"
    "Impersonate"=dword:00000000
    "Logon"="Logon"
    "Logoff"="Logoff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    "Logon"="WLEventLogon"
    "Logoff"="WLEventLogoff"
    "Startup"="WLEventStartup"
    "Shutdown"="WLEventShutdown"
    "StartScreenSaver"="WLEventStartScreenSaver"
    "StopScreenSaver"="WLEventStopScreenSaver"
    "Lock"="WLEventLock"
    "Unlock"="WLEventUnlock"
    "StartShell"="WLEventStartShell"
    "PostShell"="WLEventPostShell"
    "Disconnect"="WLEventDisconnect"
    "Reconnect"="WLEventReconnect"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000000
    "SafeMode"=dword:00000000
    "MaxWait"=dword:ffffffff
    "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winufg32]
    "Asynchronous"=dword:00000001
    "DllName"="winufg32.dll"
    "Impersonate"=dword:00000000
    "Startup"="EvtStartup"
    "Shutdown"="EvtShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "SV1"=""
    "Maxthon"="IEAK"

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Shell Microsoft AutoComplete"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
    "{3028902F-6374-48b2-8DC6-9725E775B926}"="IE Microsoft AutoComplete"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
    "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
    "{D120D80B-BD26-4A74-8E43-2C2AF0966139}"="QuickPar ContextMenu extension"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
    "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
    "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    browseui.dll Wed Apr 18 2007 2:31:56p A.... 1,024,000 1000.00 K
    cdfview.dll Wed Apr 18 2007 2:31:56p A.... 152,064 148.50 K
    cdm.dll Mon Apr 16 2007 10:45:28p A.... 92,504 90.34 K
    danim.dll Wed Apr 18 2007 2:31:56p A.... 1,056,768 1.01 M
    ddaba.dll Tue Jul 10 2007 9:56:56p ..... 266,336 260.09 K
    dxtmsft.dll Wed Apr 18 2007 2:31:56p A.... 357,888 349.50 K
    dxtrans.dll Wed Apr 18 2007 2:31:58p A.... 205,312 200.50 K
    extmgr.dll Wed Apr 18 2007 2:31:58p A.... 55,808 54.50 K
    hffomubd.dll Tue Jul 10 2007 7:46:20p A.... 66,624 65.06 K
    iepeers.dll Wed Apr 18 2007 2:31:58p A.... 251,392 245.50 K
    inetcomm.dll Wed May 16 2007 5:13:54p A.... 683,520 667.50 K
    inseng.dll Wed Apr 18 2007 2:31:58p A.... 96,768 94.50 K
    jsproxy.dll Wed Apr 18 2007 2:31:58p A.... 16,384 16.00 K
    kernel32.dll Mon Apr 16 2007 5:53:12p A.... 1,049,600 1.00 M
    ljjgeef.dll Mon Jul 9 2007 11:56:50p A.... 31,254 30.52 K
    mafikyva.dll Tue Jul 10 2007 11:55:26p A.... 66,624 65.06 K
    mshtml.dll Fri May 4 2007 5:36:14a A.... 3,079,680 2.93 M
    mshtmled.dll Wed Apr 18 2007 2:32:00p A.... 449,024 438.50 K
    msi.dll Wed Apr 18 2007 6:14:18p A.... 2,854,400 2.72 M
    msrating.dll Wed Apr 18 2007 2:32:00p A.... 146,432 143.00 K
    mstime.dll Wed Apr 18 2007 2:32:00p A.... 532,480 520.00 K
    pngfilt.dll Wed Apr 18 2007 2:32:00p A.... 39,424 38.50 K
    rey_su~1.dll Wed May 2 2007 10:39:36p A.... 98,304 96.00 K
    schannel.dll Wed Apr 25 2007 4:22:36p A.... 144,896 141.50 K
    shdocvw.dll Wed Apr 18 2007 2:32:02p A.... 1,495,040 1.43 M
    shlwapi.dll Wed Apr 18 2007 2:32:02p A.... 474,624 463.50 K
    ultra.dll Tue Jul 3 2007 9:02:46p A.... 0 0.00 K
    urlmon.dll Wed Apr 18 2007 2:32:02p A.... 617,472 603.00 K
    wininet.dll Wed Apr 18 2007 2:32:02p A.... 663,040 647.50 K
    winufg32.dll Mon Jul 2 2007 8:43:50p A.... 20,480 20.00 K
    wuapi.dll Mon Apr 16 2007 10:45:48p A.... 549,720 536.84 K
    wuaueng.dll Mon Apr 16 2007 10:45:54p A.... 1,710,936 1.63 M
    wucltui.dll Mon Apr 16 2007 10:45:42p A.... 325,976 318.34 K
    wups.dll Mon Apr 16 2007 10:47:36p A.... 33,624 32.84 K
    wups2.dll Mon Apr 16 2007 10:45:20p A.... 43,352 42.34 K
    wuweb.dll Mon Apr 16 2007 10:45:36p A.... 203,096 198.34 K
    wvurqqn.dll Tue Jul 10 2007 10:14:04p A.... 31,254 30.52 K
    xbpsplin.dll Tue Jul 10 2007 11:55:24p A.... 128,576 125.56 K
    xpsp3res.dll Wed Apr 18 2007 3:27:34a A.... 121,856 119.00 K

    39 items found: 39 files, 0 directories.
    Total of file sizes: 19,236,532 bytes 18.34 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C s'appelle Salim
    Le num‚ro de s‚rie du volume est E498-400F

    R‚pertoire de C:\WINDOWS\System32

    2007-07-11 18:24 944,071 abadd.ini
    2007-07-11 00:01 405 nilpspbx.ini
    2007-07-10 23:54 933,121 abadd.bak1
    2007-06-14 03:01 <REP> dllcache
    2007-05-02 21:54 <REP> Microsoft
    3 fichier(s) 1,877,597 octets
    2 R‚p(s) 15,591,534,592 octets libres

    Salim :)
    0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    bien,

    o Prendre connaissance du contenu du lien suivant: http://www.f-secure.com/products/license-terms/eult_fra.pdf
    o Vous avez donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que vous allez télécharger.
    o Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
    o Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
    o Faire un clic droit sur navilog1.zip et choisir "tout extraire"
    o Double-cliquez sur navilog1.bat
    o Arriver au menu principal, choisir l'option 1 et valider.
    o Patientez jusqu'au message : Analyse Termine le ...
    o Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt), poste le stp

    ++

    0
  11. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    Search Navipromo version 2.0.5 commencé le 2007-07-11 à 18:31:33.73

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\Salim\Application Data ***

    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    https://www.f-secure.com/en

    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of October, 2007.
    Version information: 2.2.1064.

    [+] Started on 07/11/07 at 18:31:39.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items ....................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 07/11/07 at 18:34:13 (return code = 0).

    *** Recherche fichiers ***

    *** Recherche cles registre ***

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

    Recherche Clé Magic Control

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :
    *
    **
    ***
    ****
    *****
    ******
    *******
    ********
    C:\WINDOWS\system32\syswin.exe trouvé !

    3)Recherche Certificats :

    *** Analyse Terminé le 2007-07-11 à 18:34:49.07 ***
    0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    o Double-cliquer sur navilog1.bat
    o Arriver au menu principal, choisir l'option 2 et valider.
    o Indiquer le mode de nettoyage "automatique"
    o Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
    o Patienter jusqu'au message : Nettoyage Termine le ...
    o Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
    o Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt)

    ensuite :

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    ++
    0
  13. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    [07/11/2007, 18:45:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Salim\Bureau\VirtumundoBeGone.exe" )
    [07/11/2007, 18:45:41] - Detected System Information:
    [07/11/2007, 18:45:41] - Windows Version: 5.1.2600, Service Pack 2
    [07/11/2007, 18:45:41] - Current Username: Salim (Admin)
    [07/11/2007, 18:45:41] - Windows is in NORMAL mode.
    [07/11/2007, 18:45:41] - Searching for Browser Helper Objects:
    [07/11/2007, 18:45:41] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/11/2007, 18:45:41] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
    [07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\mafikyva
    [07/11/2007, 18:45:41] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
    [07/11/2007, 18:45:41] - BHO 3: {941508F8-CCD9-44E0-AC29-4F1E141373F7} ()
    [07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\ljjgeef
    [07/11/2007, 18:45:41] - Found: HKLM\...\Winlogon\Notify\ljjgeef - This is probably Virtumundo.
    [07/11/2007, 18:45:41] - Assigning {941508F8-CCD9-44E0-AC29-4F1E141373F7} MSEvents Object
    [07/11/2007, 18:45:41] - BHO list has been changed! Starting over...
    [07/11/2007, 18:45:41] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/11/2007, 18:45:41] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
    [07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\mafikyva
    [07/11/2007, 18:45:41] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
    [07/11/2007, 18:45:41] - BHO 3: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
    [07/11/2007, 18:45:41] - ALERT: Found MSEvents Object!
    [07/11/2007, 18:45:41] - BHO 4: {D1C62DBB-655B-4D14-8C98-5181165B51D1} ()
    [07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/11/2007, 18:45:41] - No filename found. Continuing.
    [07/11/2007, 18:45:41] - Finished Searching Browser Helper Objects
    [07/11/2007, 18:45:41] - *** Detected MSEvents Object
    [07/11/2007, 18:45:41] - Trying to remove MSEvents Object...
    [07/11/2007, 18:45:42] - Terminating Process: IEXPLORE.EXE
    [07/11/2007, 18:45:43] - Terminating Process: RUNDLL32.EXE
    [07/11/2007, 18:45:43] - Disabling Automatic Shell Restart
    [07/11/2007, 18:45:43] - Terminating Process: EXPLORER.EXE
    [07/11/2007, 18:45:43] - Suspending the NT Session Manager System Service
    [07/11/2007, 18:45:43] - Terminating Windows NT Logon/Logoff Manager
    [07/11/2007, 18:45:44] - Re-enabling Automatic Shell Restart
    [07/11/2007, 18:45:44] - File to disable: C:\WINDOWS\system32\ljjgeef.dll
    [07/11/2007, 18:45:44] - Renaming C:\WINDOWS\system32\ljjgeef.dll -> C:\WINDOWS\system32\ljjgeef.dll.vir
    [07/11/2007, 18:45:44] - File successfully renamed!
    [07/11/2007, 18:45:44] - Removing HKLM\...\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
    [07/11/2007, 18:45:44] - Removing HKCR\CLSID\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
    [07/11/2007, 18:45:44] - Adding Kill Bit for ActiveX for GUID: {941508F8-CCD9-44E0-AC29-4F1E141373F7}
    [07/11/2007, 18:45:44] - Deleting ATLEvents/MSEvents Registry entries
    [07/11/2007, 18:45:44] - Removing HKLM\...\Winlogon\Notify\ljjgeef
    [07/11/2007, 18:45:44] - Searching for Browser Helper Objects:
    [07/11/2007, 18:45:44] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/11/2007, 18:45:44] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
    [07/11/2007, 18:45:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/11/2007, 18:45:44] - Checking for HKLM\...\Winlogon\Notify\mafikyva
    [07/11/2007, 18:45:44] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
    [07/11/2007, 18:45:44] - BHO 3: {D1C62DBB-655B-4D14-8C98-5181165B51D1} ()
    [07/11/2007, 18:45:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/11/2007, 18:45:44] - No filename found. Continuing.
    [07/11/2007, 18:45:44] - Finished Searching Browser Helper Objects
    [07/11/2007, 18:45:44] - Finishing up...
    [07/11/2007, 18:45:44] - A restart is needed.
    [07/11/2007, 18:45:44] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
    [07/11/2007, 18:45:54] - Attempting to Restart via STOP error (Blue Screen!)

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:50, on 2007-07-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\LClock\lclock.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\adslTV\adsltv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\adslTV\vlc.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Logiciels\Working\Notepad 2\Notepad2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
    O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xbpsplin.dll",forkonce
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  14. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Très bien !

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt , poste le stp avec un nouveau hijack

    ++
    0
  15. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    "Salim" - 2007-07-11 19:07:50 - ComboFix 07-07-10.1 - Service Pack 2 [SAFE MODE]

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\xbpsplin.dll
    C:\WINDOWS\system32\wvurqqn.dll
    C:\WINDOWS\system32\winufg32.dll
    C:\WINDOWS\system32\nilpspbx.ini

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
    C:\WINDOWS\system32\sysdm.exe

    ((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))

    2007-07-11 18:30 <REP> d-------- C:\Program Files\Navilog1
    2007-07-11 18:24 73,728 --a------ C:\WINDOWS\system32\pv.exe
    2007-07-11 18:24 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
    2007-07-11 18:24 175,616 --a------ C:\WINDOWS\system32\strings.exe
    2007-07-11 18:24 16,384 --a------ C:\WINDOWS\system32\restart.exe
    2007-07-11 18:24 126,976 --a------ C:\WINDOWS\system32\zip.exe
    2007-07-11 18:24 11,254 --a------ C:\WINDOWS\system32\locate.com
    2007-07-10 23:55 66,624 --a------ C:\WINDOWS\system32\mafikyva.dll
    2007-07-10 22:47 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-07-10 22:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-10 22:02 <REP> d-------- C:\Program Files\CCleaner
    2007-07-10 20:10 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-10 20:04 <REP> d-------- C:\DOCUME~1\Salim\APPLIC~1\Webroot
    2007-07-10 19:59 <REP> d-------- C:\DOCUME~1\Salim\APPLIC~1\GetRightToGo
    2007-07-10 19:48 <REP> d-------- C:\VundoFix Backups
    2007-07-10 19:46 66,624 --a------ C:\WINDOWS\system32\hffomubd.dll
    2007-07-09 23:56 31,254 --a------ C:\WINDOWS\system32\ljjgeef.dll.vir
    2007-07-03 21:02 0 --a------ C:\WINDOWS\system32\Ultra.dll
    2007-07-03 02:44 12,417,543 --------- C:\AVG7QT.DAT
    2007-06-19 02:47 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
    2007-06-16 13:04 <REP> d-------- C:\Program Files\Lavasoft
    2007-06-16 13:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-16 13:03 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-11 17:01:06 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Skype
    2007-07-11 16:47:57 -------- d-----w C:\Program Files\adslTV
    2007-07-06 17:24:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-02 22:52:25 -------- d-----w C:\Program Files\Ad-Aware
    2007-06-14 20:00:45 -------- d-----w C:\Program Files\Shareaza
    2007-06-14 19:59:11 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Shareaza
    2007-06-09 20:43:58 -------- d-----w C:\Program Files\tvants
    2007-06-09 20:31:06 -------- d-----w C:\Program Files\Fichiers communs\Synacast
    2007-06-09 18:40:37 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Lavasoft
    2007-06-04 20:41:35 -------- d-----w C:\Program Files\amsn
    2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-01 23:16:43 -------- d-----w C:\Program Files\DAEMON Tools
    2007-06-01 23:13:31 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-06-01 23:06:48 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
    2007-05-23 22:13:28 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\skySpace
    2007-05-22 19:09:45 -------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-05-21 19:14:46 -------- d-----w C:\Program Files\3GP Player
    2007-05-21 17:42:07 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Nokia Multimedia Player
    2007-05-19 13:38:56 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Real
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-12 16:36:08 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2007-05-11 15:22:24 -------- d-----w C:\Program Files\Skype
    2007-05-03 15:16:11 1,277 ----a-w C:\WINDOWS\mozver.dat
    2007-05-02 22:02:09 0 ----a-w C:\WINDOWS\nsreg.dat
    2007-05-02 20:39:35 98,304 ----a-w C:\WINDOWS\system32\Rey_SubClasser.dll
    2007-05-02 19:57:42 76,136 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-05-02 19:57:42 469,622 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-05-02 19:42:54 0 --sha-r C:\MSDOS.SYS
    2007-05-02 19:42:54 0 --sha-r C:\IO.SYS
    2007-05-02 19:42:54 0 ----a-w C:\CONFIG.SYS
    2007-05-02 19:42:54 0 ----a-w C:\AUTOEXEC.BAT
    2007-05-02 19:39:49 21,892 ----a-w C:\WINDOWS\system32\emptyregdb.dat
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2006-07-29 17:18:10 112 --sha-w C:\WINDOWS\system32\Vistadrive\unistl.cmd

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]
    2007-07-10 23:55 66624 --a------ C:\WINDOWS\system32\mafikyva.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1C62DBB-655B-4D14-8C98-5181165B51D1}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE" [2003-05-08 10:19]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-07-16 15:16]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-16 15:19]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-02 22:40]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-03 15:41]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52]
    "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23]
    "TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07]
    "LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-02 22:40]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-05-02 22:39]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe"
    "VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe
    "Vistadrv"=C:\Windows\System32\Vistadrive\vsdrv.exe
    "TweakRAM"=C:\Program Files\TweakRAM\TweakRAM.exe
    "LClock"=C:\Program Files\LClock\lclock.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoRemoteRecursiveEvents"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
    C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    "C:\Program Files\Shareaza\Shareaza.exe" -tray

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService WebClient LmHosts upnphost SSDPSRV

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908c01ea-f96e-11db-b085-00134639e365}]
    verb1\command- desktop.exe

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-11 19:10:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-11 19:13:46 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-11 19:13

    --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:14, on 11/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\TweakRAM\TweakRAM.exe
    C:\Program Files\LClock\lclock.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Logiciels\Working\Notepad 2\Notepad2.exe
    C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
    O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  16. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    on continue :

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    ++
    0
  17. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    SmitFraudFix v2.202

    Rapport fait à 19:22:55,10, 11/07/2007
    Executé à partir de C:\Documents and Settings\Salim\Bureau\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\TweakRAM\TweakRAM.exe
    C:\Program Files\LClock\lclock.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\adslTV\adsltv.exe
    C:\Program Files\adslTV\vlc.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Salim

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Salim\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Salim\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.53.252
    DNS Server Search Order: 212.27.54.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  18. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    suite :

    Télécharge clean.zip
    http://www.malekal.com/download/clean.zip
    Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
    Ouvre le dossier Clean qui se trouve sur ton bureau.
    Double-clic sur clean.cmd.
    Une fenêtre noire va apparaître, choisis l'option 1
    Poste le rapport qui se trouve ici C:\rapport_clean.txt

    ensuite :

    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Double-clic sur clean.cmd.
    Une fenêtre noire va apparaître, choisis l'option 2
    Poste le rapport qui se trouve ici C:\rapport_clean.txt

    ++
    0
  19. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    11/07/2007 a 20:54:06,21

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    0
  20. salim2103 Messages postés 49 Date d'inscription   Statut Membre
     
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 11/07/2007 a 21:02:20,51

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    0
  21. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, poste un nouveau hijack et précise l'évolution de la situation !

    ++
    0
  • 1
  • 2