Encore des malwares, toujours des malwares...
Résolu/Fermé
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
-
10 juil. 2007 à 21:03
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 12 juil. 2007 à 12:47
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 12 juil. 2007 à 12:47
A voir également:
- Encore des malwares, toujours des malwares...
- Anti malwares - Télécharger - Antivirus & Antimalwares
- Supprimer les malwares - Guide
- Virus et malwares : comment les détecter facilement - Guide
- Piratage ChatGPT : des hackers détournent l'IA pour créer des malwares - Guide
- SharkBot et Vultur : des malwares qui vident les comptes bancaires - Guide
24 réponses
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
10 juil. 2007 à 21:16
10 juil. 2007 à 21:16
Salut
commence par ceci ;-)
Télécharge ce logiciel sur ton bureau :
Lien : hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
commence par ceci ;-)
Télécharge ce logiciel sur ton bureau :
Lien : hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
10 juil. 2007 à 21:29
10 juil. 2007 à 21:29
Merci pour ta réponse rapide :) Voilà le rapport de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:25, on 2007-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\TEMP\win646.tmp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\hffomubd.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ljjgeef.dll
O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - C:\WINDOWS\system32\vtsts.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win646.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjgeef - C:\WINDOWS\SYSTEM32\ljjgeef.dll
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:25, on 2007-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\TEMP\win646.tmp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\hffomubd.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ljjgeef.dll
O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - C:\WINDOWS\system32\vtsts.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win646.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjgeef - C:\WINDOWS\SYSTEM32\ljjgeef.dll
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
10 juil. 2007 à 21:33
10 juil. 2007 à 21:33
ok,
Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :
http://www.atribune.org/ccount/click.php?id=4
*Double-clique VundoFix.exe afin de le lancer.
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
++
Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :
http://www.atribune.org/ccount/click.php?id=4
*Double-clique VundoFix.exe afin de le lancer.
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
10 juil. 2007 à 21:55
10 juil. 2007 à 21:55
Voilà le rapport de Vundofix :
VundoFix V6.5.4
Checking Java version...
Scan started at 21:48:31 2007-07-10
Listing files found while scanning....
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\vtsts.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtsts.dll Has been deleted!
Performing Repairs to the registry.
Done!
Il faut savoir que j'ai déjà lancé Vundofix avant, et que ce rapport c'est seulement celui du dernier scan. Faut-il aussi que je te donne le début ?
VundoFix V6.5.4
Checking Java version...
Scan started at 21:48:31 2007-07-10
Listing files found while scanning....
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\vtsts.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtsts.dll Has been deleted!
Performing Repairs to the registry.
Done!
Il faut savoir que j'ai déjà lancé Vundofix avant, et que ce rapport c'est seulement celui du dernier scan. Faut-il aussi que je te donne le début ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
10 juil. 2007 à 21:59
10 juil. 2007 à 21:59
oui, je sais que tu l'as déjà utilisé, seulement, il est encore présent !
fais ce qui est indiqué ici stp:
virus methode preliminaire de desinfection version fr
++
fais ce qui est indiqué ici stp:
virus methode preliminaire de desinfection version fr
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
11 juil. 2007 à 17:43
11 juil. 2007 à 17:43
Salut !
Voilà, après quelques heures de scans et une journée de travail, les 3 rapports de AVG Spyware, BitDefender et Hijackthis :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:21 2007-07-10
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019710.exe -> Adware.BugDoctor : Ignoré.
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019711.exe -> Adware.BugDoctor : Ignoré.
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe/keygen.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017292.exe -> Backdoor.Virkel.A : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP79\A0017320.exe -> Downloader.Alphabet : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0018693.exe -> Downloader.Alphabet.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\xc42[1].exe -> Downloader.PurityScan.eg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\qfnxhycf.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine).
D:\Logiciels\Internet\Communication\MSN\Logiciels Annexes\CEDP-Stealer-Setup.exe -> Logger.BJCG.e : Nettoyé et sauvegardé (mise en quarantaine).
F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe -> Not-A-Virus.Joke.Win32.SlipperyMouse.A : Ignoré.
F:\Ha ha ha !\Flight\Blagues\Montre pour femme.htm -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
F:\Ha ha ha !\Flight\Blagues\Montre pour homme.htm -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\xc60[1].exe -> Trojan.Dialer.qn : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\NEQH0AVR\xc23[1].exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Temp\win646.tmp.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
D:\Logiciels\Design\Icônes\Logiciels\E-Icons v3.07\E-Icons Crack.zip/rp_Eicons73_crk.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
D:\Logiciels\Hacked\Cracks et serial logiciels\Win xp\XP Key Essentials.zip/XP_keygen.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\Logiciels\Hacked\Cracks et serial logiciels\Win xp\XPKey.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{E7727C95-A3A9-4C98-AD4C-4AA574F3BDD3}\RP10\A0004602.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
G:\A Trier\Games\DOS\AIRBUCKS\AIRBUCKS.ZIP/JUNGLE.EDY -> Trojan.Susear.a : Nettoyé et sauvegardé (mise en quarantaine).
G:\A Trier\Games\DOS\AIRBUCKS\AIRBUCKS.ZIP/RUNWAY.EDY -> Trojan.Susear.a : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
BitDefender Online Scanner
Scan report generated at: Wed, Jul 11, 2007 - 02:39:21
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time
02:33:03
Files
546365
Folders
17928
Boot Sectors
11
Archives
12950
Packed Files
18836
Results
Identified Viruses
14
Infected Files
24
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
22
Engines Info
Virus Definitions
647883
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
Infected with: Trojan.Vundo.CG
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
Disinfection failed
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
Deleted
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
Infected with: Trojan.Clicker.MNB
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
Disinfection failed
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
Infected with: Trojan.Virtumod.MG
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
Infected with: Trojan.Inject.BW
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
Infected with: Trojan.Downloader.Agent.YGD
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
Infected with: Trojan.ConHook.X
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
Infected with: Generic.Dld.Alpha.EB472BE2
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
Deleted
C:\WINDOWS\system32\winufg32.dll
Infected with: Trojan.Mezzia.AN
C:\WINDOWS\system32\winufg32.dll
Disinfection failed
C:\WINDOWS\system32\winufg32.dll
Delete failed
C:\WINDOWS\system32\xbpsplin.dll
Infected with: Trojan.Vundo.CG
C:\WINDOWS\system32\xbpsplin.dll
Disinfection failed
C:\WINDOWS\system32\xbpsplin.dll
Delete failed
D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
Infected with: Trojan.Spy.Bjcg.E
D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
Disinfection failed
D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
Deleted
D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)
Update failed
F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
Infected with: Joke.Slippery.A
F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
Disinfection failed
F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
Deleted
F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
Infected with: Trojan.Joke.Mona.A
F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
Disinfection failed
F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
Deleted
F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
Infected with: Trojan.Horse.BAQ
F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
Disinfection failed
F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
Deleted
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
Infected with: Joke.Slippery.A
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
Disinfection failed
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
Deleted
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
Infected with: Trojan.Joke.Mona.A
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
Disinfection failed
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
Deleted
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
Infected with: Trojan.Horse.BAQ
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
Disinfection failed
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
Deleted
G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
Disinfection failed
G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
Deleted
G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP
Update failed
G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
Disinfection failed
G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
Deleted
G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
Disinfection failed
G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
Deleted
G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
Infected with: Vienna.648.A
G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
Disinfection failed
G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
Deleted
G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ
Update failed
G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
Disinfection failed
G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
Deleted
G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ
Update failed
G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
Disinfection failed
G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
Deleted
G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP
Update failed
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
Infected with: BehavesLike:BAT.Gen
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
Disinfection failed
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
Deleted
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
Infected with: BehavesLike:BAT.Gen
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
Disinfection failed
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
Deleted
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 06:25, on 2007-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Programmes installés\Winamp\winamp.exe
D:\Logiciels\Utiles\reveilletoi.exe
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ljjgeef.dll
O2 - BHO: (no name) - {B6D41F78-E2C4-4AFA-B740-0D05FF6D4ABF} - C:\WINDOWS\system32\ddaba.dll
O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xbpsplin.dll",forkonce
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll
O20 - Winlogon Notify: ljjgeef - C:\WINDOWS\SYSTEM32\ljjgeef.dll
O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Voilà, après quelques heures de scans et une journée de travail, les 3 rapports de AVG Spyware, BitDefender et Hijackthis :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:21 2007-07-10
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019710.exe -> Adware.BugDoctor : Ignoré.
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019711.exe -> Adware.BugDoctor : Ignoré.
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe/keygen.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017292.exe -> Backdoor.Virkel.A : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP79\A0017320.exe -> Downloader.Alphabet : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0018693.exe -> Downloader.Alphabet.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\xc42[1].exe -> Downloader.PurityScan.eg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\qfnxhycf.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine).
D:\Logiciels\Internet\Communication\MSN\Logiciels Annexes\CEDP-Stealer-Setup.exe -> Logger.BJCG.e : Nettoyé et sauvegardé (mise en quarantaine).
F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe -> Not-A-Virus.Joke.Win32.SlipperyMouse.A : Ignoré.
F:\Ha ha ha !\Flight\Blagues\Montre pour femme.htm -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
F:\Ha ha ha !\Flight\Blagues\Montre pour homme.htm -> Trojan.Cardst : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\xc60[1].exe -> Trojan.Dialer.qn : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\NEQH0AVR\xc23[1].exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Temp\win646.tmp.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
D:\Logiciels\Design\Icônes\Logiciels\E-Icons v3.07\E-Icons Crack.zip/rp_Eicons73_crk.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
D:\Logiciels\Hacked\Cracks et serial logiciels\Win xp\XP Key Essentials.zip/XP_keygen.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\Logiciels\Hacked\Cracks et serial logiciels\Win xp\XPKey.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{E7727C95-A3A9-4C98-AD4C-4AA574F3BDD3}\RP10\A0004602.exe -> Trojan.Small.edz : Nettoyé et sauvegardé (mise en quarantaine).
G:\A Trier\Games\DOS\AIRBUCKS\AIRBUCKS.ZIP/JUNGLE.EDY -> Trojan.Susear.a : Nettoyé et sauvegardé (mise en quarantaine).
G:\A Trier\Games\DOS\AIRBUCKS\AIRBUCKS.ZIP/RUNWAY.EDY -> Trojan.Susear.a : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
BitDefender Online Scanner
Scan report generated at: Wed, Jul 11, 2007 - 02:39:21
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time
02:33:03
Files
546365
Folders
17928
Boot Sectors
11
Archives
12950
Packed Files
18836
Results
Identified Viruses
14
Infected Files
24
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
22
Engines Info
Virus Definitions
647883
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
Infected with: Trojan.Vundo.CG
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
Disinfection failed
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\XN56MIW5\_affvm[1]
Deleted
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
Infected with: Trojan.Clicker.MNB
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
Disinfection failed
C:\Documents and Settings\Salim\Local Settings\Temporary Internet Files\Content.IE5\YXLNMK1A\kcehc_eicooc20070702[1]
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
Infected with: Trojan.Virtumod.MG
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>keygen.exe
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
Infected with: Trojan.Inject.BW
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>crack.exe
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
Infected with: Trojan.Downloader.Agent.YGD
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>install.exe
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
Infected with: Trojan.ConHook.X
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)=>RUNME.bat
Deleted
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP78\A0017294.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
Infected with: Generic.Dld.Alpha.EB472BE2
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
Disinfection failed
C:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019806.exe
Deleted
C:\WINDOWS\system32\winufg32.dll
Infected with: Trojan.Mezzia.AN
C:\WINDOWS\system32\winufg32.dll
Disinfection failed
C:\WINDOWS\system32\winufg32.dll
Delete failed
C:\WINDOWS\system32\xbpsplin.dll
Infected with: Trojan.Vundo.CG
C:\WINDOWS\system32\xbpsplin.dll
Disinfection failed
C:\WINDOWS\system32\xbpsplin.dll
Delete failed
D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
Infected with: Trojan.Spy.Bjcg.E
D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
Disinfection failed
D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)=>lzma_solid_nsis0017
Deleted
D:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019797.exe=>(NSIS o)
Update failed
F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
Infected with: Joke.Slippery.A
F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
Disinfection failed
F:\Ha ha ha !\Flight\Prog's\Alcoholic1.exe
Deleted
F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
Infected with: Trojan.Joke.Mona.A
F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
Disinfection failed
F:\Ha ha ha !\Flight\Prog's\E\Joconde.exe
Deleted
F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
Infected with: Trojan.Horse.BAQ
F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
Disinfection failed
F:\Ha ha ha !\Flight\Prog's\Meilleurs\FatalError.exe
Deleted
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
Infected with: Joke.Slippery.A
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
Disinfection failed
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019825.exe
Deleted
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
Infected with: Trojan.Joke.Mona.A
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
Disinfection failed
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019826.exe
Deleted
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
Infected with: Trojan.Horse.BAQ
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
Disinfection failed
F:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019827.exe
Deleted
G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
Disinfection failed
G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP=>HINSTALL.BAT
Deleted
G:\A Trier\Games\DOS\BATMAN2\BATMAN2.ZIP
Update failed
G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
Disinfection failed
G:\A Trier\Games\DOS\Crazy Cars 3\CC3IN.BAT
Deleted
G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
Disinfection failed
G:\A Trier\Games\DOS\Crazy Cars 3\CCINSTAL.BAT
Deleted
G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
Infected with: Vienna.648.A
G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
Disinfection failed
G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ=>G.COM
Deleted
G:\A Trier\Games\DOS\GUNSHIP\GUNSHIP.ARJ
Update failed
G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
Disinfection failed
G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ=>INSTALL2.BAT
Deleted
G:\A Trier\Games\DOS\LORDS_OF_THE_REALM\LORD.ARJ
Update failed
G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
Infected with: BehavesLike:BAT.Gen
G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
Disinfection failed
G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP=>INSTALL2.BAT
Deleted
G:\A Trier\Games\DOS\LORD_OF_THE_RINGS\LORD.ZIP
Update failed
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
Infected with: BehavesLike:BAT.Gen
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
Disinfection failed
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019828.BAT
Deleted
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
Infected with: BehavesLike:BAT.Gen
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
Disinfection failed
G:\System Volume Information\_restore{C0A64FA2-D433-44CC-BEBB-4D8B44F10E77}\RP85\A0019829.BAT
Deleted
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 06:25, on 2007-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Programmes installés\Winamp\winamp.exe
D:\Logiciels\Utiles\reveilletoi.exe
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ljjgeef.dll
O2 - BHO: (no name) - {B6D41F78-E2C4-4AFA-B740-0D05FF6D4ABF} - C:\WINDOWS\system32\ddaba.dll
O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xbpsplin.dll",forkonce
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddaba - C:\WINDOWS\system32\ddaba.dll
O20 - Winlogon Notify: ljjgeef - C:\WINDOWS\SYSTEM32\ljjgeef.dll
O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
11 juil. 2007 à 18:18
11 juil. 2007 à 18:18
Salut
ok,
P.S.: Le fait que WinAntivirus chaipa koi n'arrête pas de sortir sur internet explorer fait partie de tous ces malwares ?
oui, c'est aussi une bébétte ...
Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe
- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.
++
ok,
P.S.: Le fait que WinAntivirus chaipa koi n'arrête pas de sortir sur internet explorer fait partie de tous ces malwares ?
oui, c'est aussi une bébétte ...
Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe
- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
11 juil. 2007 à 18:25
11 juil. 2007 à 18:25
Voilà qui est fait :
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddaba]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\ddaba.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjgeef]
"Asynchronous"=dword:00000001
"DllName"="ljjgeef.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000000
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winufg32]
"Asynchronous"=dword:00000001
"DllName"="winufg32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
"Maxthon"="IEAK"
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Shell Microsoft AutoComplete"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE Microsoft AutoComplete"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{D120D80B-BD26-4A74-8E43-2C2AF0966139}"="QuickPar ContextMenu extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
browseui.dll Wed Apr 18 2007 2:31:56p A.... 1,024,000 1000.00 K
cdfview.dll Wed Apr 18 2007 2:31:56p A.... 152,064 148.50 K
cdm.dll Mon Apr 16 2007 10:45:28p A.... 92,504 90.34 K
danim.dll Wed Apr 18 2007 2:31:56p A.... 1,056,768 1.01 M
ddaba.dll Tue Jul 10 2007 9:56:56p ..... 266,336 260.09 K
dxtmsft.dll Wed Apr 18 2007 2:31:56p A.... 357,888 349.50 K
dxtrans.dll Wed Apr 18 2007 2:31:58p A.... 205,312 200.50 K
extmgr.dll Wed Apr 18 2007 2:31:58p A.... 55,808 54.50 K
hffomubd.dll Tue Jul 10 2007 7:46:20p A.... 66,624 65.06 K
iepeers.dll Wed Apr 18 2007 2:31:58p A.... 251,392 245.50 K
inetcomm.dll Wed May 16 2007 5:13:54p A.... 683,520 667.50 K
inseng.dll Wed Apr 18 2007 2:31:58p A.... 96,768 94.50 K
jsproxy.dll Wed Apr 18 2007 2:31:58p A.... 16,384 16.00 K
kernel32.dll Mon Apr 16 2007 5:53:12p A.... 1,049,600 1.00 M
ljjgeef.dll Mon Jul 9 2007 11:56:50p A.... 31,254 30.52 K
mafikyva.dll Tue Jul 10 2007 11:55:26p A.... 66,624 65.06 K
mshtml.dll Fri May 4 2007 5:36:14a A.... 3,079,680 2.93 M
mshtmled.dll Wed Apr 18 2007 2:32:00p A.... 449,024 438.50 K
msi.dll Wed Apr 18 2007 6:14:18p A.... 2,854,400 2.72 M
msrating.dll Wed Apr 18 2007 2:32:00p A.... 146,432 143.00 K
mstime.dll Wed Apr 18 2007 2:32:00p A.... 532,480 520.00 K
pngfilt.dll Wed Apr 18 2007 2:32:00p A.... 39,424 38.50 K
rey_su~1.dll Wed May 2 2007 10:39:36p A.... 98,304 96.00 K
schannel.dll Wed Apr 25 2007 4:22:36p A.... 144,896 141.50 K
shdocvw.dll Wed Apr 18 2007 2:32:02p A.... 1,495,040 1.43 M
shlwapi.dll Wed Apr 18 2007 2:32:02p A.... 474,624 463.50 K
ultra.dll Tue Jul 3 2007 9:02:46p A.... 0 0.00 K
urlmon.dll Wed Apr 18 2007 2:32:02p A.... 617,472 603.00 K
wininet.dll Wed Apr 18 2007 2:32:02p A.... 663,040 647.50 K
winufg32.dll Mon Jul 2 2007 8:43:50p A.... 20,480 20.00 K
wuapi.dll Mon Apr 16 2007 10:45:48p A.... 549,720 536.84 K
wuaueng.dll Mon Apr 16 2007 10:45:54p A.... 1,710,936 1.63 M
wucltui.dll Mon Apr 16 2007 10:45:42p A.... 325,976 318.34 K
wups.dll Mon Apr 16 2007 10:47:36p A.... 33,624 32.84 K
wups2.dll Mon Apr 16 2007 10:45:20p A.... 43,352 42.34 K
wuweb.dll Mon Apr 16 2007 10:45:36p A.... 203,096 198.34 K
wvurqqn.dll Tue Jul 10 2007 10:14:04p A.... 31,254 30.52 K
xbpsplin.dll Tue Jul 10 2007 11:55:24p A.... 128,576 125.56 K
xpsp3res.dll Wed Apr 18 2007 3:27:34a A.... 121,856 119.00 K
39 items found: 39 files, 0 directories.
Total of file sizes: 19,236,532 bytes 18.34 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle Salim
Le num‚ro de s‚rie du volume est E498-400F
R‚pertoire de C:\WINDOWS\System32
2007-07-11 18:24 944,071 abadd.ini
2007-07-11 00:01 405 nilpspbx.ini
2007-07-10 23:54 933,121 abadd.bak1
2007-06-14 03:01 <REP> dllcache
2007-05-02 21:54 <REP> Microsoft
3 fichier(s) 1,877,597 octets
2 R‚p(s) 15,591,534,592 octets libres
Salim :)
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddaba]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\ddaba.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjgeef]
"Asynchronous"=dword:00000001
"DllName"="ljjgeef.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000000
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winufg32]
"Asynchronous"=dword:00000001
"DllName"="winufg32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
"Maxthon"="IEAK"
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Shell Microsoft AutoComplete"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE Microsoft AutoComplete"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{D120D80B-BD26-4A74-8E43-2C2AF0966139}"="QuickPar ContextMenu extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
browseui.dll Wed Apr 18 2007 2:31:56p A.... 1,024,000 1000.00 K
cdfview.dll Wed Apr 18 2007 2:31:56p A.... 152,064 148.50 K
cdm.dll Mon Apr 16 2007 10:45:28p A.... 92,504 90.34 K
danim.dll Wed Apr 18 2007 2:31:56p A.... 1,056,768 1.01 M
ddaba.dll Tue Jul 10 2007 9:56:56p ..... 266,336 260.09 K
dxtmsft.dll Wed Apr 18 2007 2:31:56p A.... 357,888 349.50 K
dxtrans.dll Wed Apr 18 2007 2:31:58p A.... 205,312 200.50 K
extmgr.dll Wed Apr 18 2007 2:31:58p A.... 55,808 54.50 K
hffomubd.dll Tue Jul 10 2007 7:46:20p A.... 66,624 65.06 K
iepeers.dll Wed Apr 18 2007 2:31:58p A.... 251,392 245.50 K
inetcomm.dll Wed May 16 2007 5:13:54p A.... 683,520 667.50 K
inseng.dll Wed Apr 18 2007 2:31:58p A.... 96,768 94.50 K
jsproxy.dll Wed Apr 18 2007 2:31:58p A.... 16,384 16.00 K
kernel32.dll Mon Apr 16 2007 5:53:12p A.... 1,049,600 1.00 M
ljjgeef.dll Mon Jul 9 2007 11:56:50p A.... 31,254 30.52 K
mafikyva.dll Tue Jul 10 2007 11:55:26p A.... 66,624 65.06 K
mshtml.dll Fri May 4 2007 5:36:14a A.... 3,079,680 2.93 M
mshtmled.dll Wed Apr 18 2007 2:32:00p A.... 449,024 438.50 K
msi.dll Wed Apr 18 2007 6:14:18p A.... 2,854,400 2.72 M
msrating.dll Wed Apr 18 2007 2:32:00p A.... 146,432 143.00 K
mstime.dll Wed Apr 18 2007 2:32:00p A.... 532,480 520.00 K
pngfilt.dll Wed Apr 18 2007 2:32:00p A.... 39,424 38.50 K
rey_su~1.dll Wed May 2 2007 10:39:36p A.... 98,304 96.00 K
schannel.dll Wed Apr 25 2007 4:22:36p A.... 144,896 141.50 K
shdocvw.dll Wed Apr 18 2007 2:32:02p A.... 1,495,040 1.43 M
shlwapi.dll Wed Apr 18 2007 2:32:02p A.... 474,624 463.50 K
ultra.dll Tue Jul 3 2007 9:02:46p A.... 0 0.00 K
urlmon.dll Wed Apr 18 2007 2:32:02p A.... 617,472 603.00 K
wininet.dll Wed Apr 18 2007 2:32:02p A.... 663,040 647.50 K
winufg32.dll Mon Jul 2 2007 8:43:50p A.... 20,480 20.00 K
wuapi.dll Mon Apr 16 2007 10:45:48p A.... 549,720 536.84 K
wuaueng.dll Mon Apr 16 2007 10:45:54p A.... 1,710,936 1.63 M
wucltui.dll Mon Apr 16 2007 10:45:42p A.... 325,976 318.34 K
wups.dll Mon Apr 16 2007 10:47:36p A.... 33,624 32.84 K
wups2.dll Mon Apr 16 2007 10:45:20p A.... 43,352 42.34 K
wuweb.dll Mon Apr 16 2007 10:45:36p A.... 203,096 198.34 K
wvurqqn.dll Tue Jul 10 2007 10:14:04p A.... 31,254 30.52 K
xbpsplin.dll Tue Jul 10 2007 11:55:24p A.... 128,576 125.56 K
xpsp3res.dll Wed Apr 18 2007 3:27:34a A.... 121,856 119.00 K
39 items found: 39 files, 0 directories.
Total of file sizes: 19,236,532 bytes 18.34 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle Salim
Le num‚ro de s‚rie du volume est E498-400F
R‚pertoire de C:\WINDOWS\System32
2007-07-11 18:24 944,071 abadd.ini
2007-07-11 00:01 405 nilpspbx.ini
2007-07-10 23:54 933,121 abadd.bak1
2007-06-14 03:01 <REP> dllcache
2007-05-02 21:54 <REP> Microsoft
3 fichier(s) 1,877,597 octets
2 R‚p(s) 15,591,534,592 octets libres
Salim :)
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
11 juil. 2007 à 18:28
11 juil. 2007 à 18:28
bien,
o Prendre connaissance du contenu du lien suivant: http://www.f-secure.com/products/license-terms/eult_fra.pdf
o Vous avez donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que vous allez télécharger.
o Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
o Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
o Faire un clic droit sur navilog1.zip et choisir "tout extraire"
o Double-cliquez sur navilog1.bat
o Arriver au menu principal, choisir l'option 1 et valider.
o Patientez jusqu'au message : Analyse Termine le ...
o Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt), poste le stp
++
o Prendre connaissance du contenu du lien suivant: http://www.f-secure.com/products/license-terms/eult_fra.pdf
o Vous avez donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que vous allez télécharger.
o Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
o Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
o Faire un clic droit sur navilog1.zip et choisir "tout extraire"
o Double-cliquez sur navilog1.bat
o Arriver au menu principal, choisir l'option 1 et valider.
o Patientez jusqu'au message : Analyse Termine le ...
o Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt), poste le stp
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
11 juil. 2007 à 18:36
11 juil. 2007 à 18:36
Search Navipromo version 2.0.5 commencé le 2007-07-11 à 18:31:33.73
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Salim\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.
[+] Started on 07/11/07 at 18:31:39.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ....................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/11/07 at 18:34:13 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\system32\syswin.exe trouvé !
3)Recherche Certificats :
*** Analyse Terminé le 2007-07-11 à 18:34:49.07 ***
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Salim\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.
[+] Started on 07/11/07 at 18:31:39.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ....................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/11/07 at 18:34:13 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\system32\syswin.exe trouvé !
3)Recherche Certificats :
*** Analyse Terminé le 2007-07-11 à 18:34:49.07 ***
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
11 juil. 2007 à 18:38
11 juil. 2007 à 18:38
ok,
o Double-cliquer sur navilog1.bat
o Arriver au menu principal, choisir l'option 2 et valider.
o Indiquer le mode de nettoyage "automatique"
o Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
o Patienter jusqu'au message : Nettoyage Termine le ...
o Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
o Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt)
ensuite :
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
++
o Double-cliquer sur navilog1.bat
o Arriver au menu principal, choisir l'option 2 et valider.
o Indiquer le mode de nettoyage "automatique"
o Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
o Patienter jusqu'au message : Nettoyage Termine le ...
o Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
o Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt)
ensuite :
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
11 juil. 2007 à 18:51
11 juil. 2007 à 18:51
[07/11/2007, 18:45:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Salim\Bureau\VirtumundoBeGone.exe" )
[07/11/2007, 18:45:41] - Detected System Information:
[07/11/2007, 18:45:41] - Windows Version: 5.1.2600, Service Pack 2
[07/11/2007, 18:45:41] - Current Username: Salim (Admin)
[07/11/2007, 18:45:41] - Windows is in NORMAL mode.
[07/11/2007, 18:45:41] - Searching for Browser Helper Objects:
[07/11/2007, 18:45:41] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 18:45:41] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
[07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\mafikyva
[07/11/2007, 18:45:41] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
[07/11/2007, 18:45:41] - BHO 3: {941508F8-CCD9-44E0-AC29-4F1E141373F7} ()
[07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\ljjgeef
[07/11/2007, 18:45:41] - Found: HKLM\...\Winlogon\Notify\ljjgeef - This is probably Virtumundo.
[07/11/2007, 18:45:41] - Assigning {941508F8-CCD9-44E0-AC29-4F1E141373F7} MSEvents Object
[07/11/2007, 18:45:41] - BHO list has been changed! Starting over...
[07/11/2007, 18:45:41] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 18:45:41] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
[07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\mafikyva
[07/11/2007, 18:45:41] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
[07/11/2007, 18:45:41] - BHO 3: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/11/2007, 18:45:41] - ALERT: Found MSEvents Object!
[07/11/2007, 18:45:41] - BHO 4: {D1C62DBB-655B-4D14-8C98-5181165B51D1} ()
[07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:41] - No filename found. Continuing.
[07/11/2007, 18:45:41] - Finished Searching Browser Helper Objects
[07/11/2007, 18:45:41] - *** Detected MSEvents Object
[07/11/2007, 18:45:41] - Trying to remove MSEvents Object...
[07/11/2007, 18:45:42] - Terminating Process: IEXPLORE.EXE
[07/11/2007, 18:45:43] - Terminating Process: RUNDLL32.EXE
[07/11/2007, 18:45:43] - Disabling Automatic Shell Restart
[07/11/2007, 18:45:43] - Terminating Process: EXPLORER.EXE
[07/11/2007, 18:45:43] - Suspending the NT Session Manager System Service
[07/11/2007, 18:45:43] - Terminating Windows NT Logon/Logoff Manager
[07/11/2007, 18:45:44] - Re-enabling Automatic Shell Restart
[07/11/2007, 18:45:44] - File to disable: C:\WINDOWS\system32\ljjgeef.dll
[07/11/2007, 18:45:44] - Renaming C:\WINDOWS\system32\ljjgeef.dll -> C:\WINDOWS\system32\ljjgeef.dll.vir
[07/11/2007, 18:45:44] - File successfully renamed!
[07/11/2007, 18:45:44] - Removing HKLM\...\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/11/2007, 18:45:44] - Removing HKCR\CLSID\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/11/2007, 18:45:44] - Adding Kill Bit for ActiveX for GUID: {941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/11/2007, 18:45:44] - Deleting ATLEvents/MSEvents Registry entries
[07/11/2007, 18:45:44] - Removing HKLM\...\Winlogon\Notify\ljjgeef
[07/11/2007, 18:45:44] - Searching for Browser Helper Objects:
[07/11/2007, 18:45:44] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 18:45:44] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
[07/11/2007, 18:45:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:44] - Checking for HKLM\...\Winlogon\Notify\mafikyva
[07/11/2007, 18:45:44] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
[07/11/2007, 18:45:44] - BHO 3: {D1C62DBB-655B-4D14-8C98-5181165B51D1} ()
[07/11/2007, 18:45:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:44] - No filename found. Continuing.
[07/11/2007, 18:45:44] - Finished Searching Browser Helper Objects
[07/11/2007, 18:45:44] - Finishing up...
[07/11/2007, 18:45:44] - A restart is needed.
[07/11/2007, 18:45:44] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/11/2007, 18:45:54] - Attempting to Restart via STOP error (Blue Screen!)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:50, on 2007-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\adslTV\adsltv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\adslTV\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Logiciels\Working\Notepad 2\Notepad2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xbpsplin.dll",forkonce
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
[07/11/2007, 18:45:41] - Detected System Information:
[07/11/2007, 18:45:41] - Windows Version: 5.1.2600, Service Pack 2
[07/11/2007, 18:45:41] - Current Username: Salim (Admin)
[07/11/2007, 18:45:41] - Windows is in NORMAL mode.
[07/11/2007, 18:45:41] - Searching for Browser Helper Objects:
[07/11/2007, 18:45:41] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 18:45:41] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
[07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\mafikyva
[07/11/2007, 18:45:41] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
[07/11/2007, 18:45:41] - BHO 3: {941508F8-CCD9-44E0-AC29-4F1E141373F7} ()
[07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\ljjgeef
[07/11/2007, 18:45:41] - Found: HKLM\...\Winlogon\Notify\ljjgeef - This is probably Virtumundo.
[07/11/2007, 18:45:41] - Assigning {941508F8-CCD9-44E0-AC29-4F1E141373F7} MSEvents Object
[07/11/2007, 18:45:41] - BHO list has been changed! Starting over...
[07/11/2007, 18:45:41] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 18:45:41] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
[07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:41] - Checking for HKLM\...\Winlogon\Notify\mafikyva
[07/11/2007, 18:45:41] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
[07/11/2007, 18:45:41] - BHO 3: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/11/2007, 18:45:41] - ALERT: Found MSEvents Object!
[07/11/2007, 18:45:41] - BHO 4: {D1C62DBB-655B-4D14-8C98-5181165B51D1} ()
[07/11/2007, 18:45:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:41] - No filename found. Continuing.
[07/11/2007, 18:45:41] - Finished Searching Browser Helper Objects
[07/11/2007, 18:45:41] - *** Detected MSEvents Object
[07/11/2007, 18:45:41] - Trying to remove MSEvents Object...
[07/11/2007, 18:45:42] - Terminating Process: IEXPLORE.EXE
[07/11/2007, 18:45:43] - Terminating Process: RUNDLL32.EXE
[07/11/2007, 18:45:43] - Disabling Automatic Shell Restart
[07/11/2007, 18:45:43] - Terminating Process: EXPLORER.EXE
[07/11/2007, 18:45:43] - Suspending the NT Session Manager System Service
[07/11/2007, 18:45:43] - Terminating Windows NT Logon/Logoff Manager
[07/11/2007, 18:45:44] - Re-enabling Automatic Shell Restart
[07/11/2007, 18:45:44] - File to disable: C:\WINDOWS\system32\ljjgeef.dll
[07/11/2007, 18:45:44] - Renaming C:\WINDOWS\system32\ljjgeef.dll -> C:\WINDOWS\system32\ljjgeef.dll.vir
[07/11/2007, 18:45:44] - File successfully renamed!
[07/11/2007, 18:45:44] - Removing HKLM\...\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/11/2007, 18:45:44] - Removing HKCR\CLSID\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/11/2007, 18:45:44] - Adding Kill Bit for ActiveX for GUID: {941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/11/2007, 18:45:44] - Deleting ATLEvents/MSEvents Registry entries
[07/11/2007, 18:45:44] - Removing HKLM\...\Winlogon\Notify\ljjgeef
[07/11/2007, 18:45:44] - Searching for Browser Helper Objects:
[07/11/2007, 18:45:44] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2007, 18:45:44] - BHO 2: {938A8A03-A938-4019-B764-03FF8D167D79} ()
[07/11/2007, 18:45:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:44] - Checking for HKLM\...\Winlogon\Notify\mafikyva
[07/11/2007, 18:45:44] - Key not found: HKLM\...\Winlogon\Notify\mafikyva, continuing.
[07/11/2007, 18:45:44] - BHO 3: {D1C62DBB-655B-4D14-8C98-5181165B51D1} ()
[07/11/2007, 18:45:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2007, 18:45:44] - No filename found. Continuing.
[07/11/2007, 18:45:44] - Finished Searching Browser Helper Objects
[07/11/2007, 18:45:44] - Finishing up...
[07/11/2007, 18:45:44] - A restart is needed.
[07/11/2007, 18:45:44] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/11/2007, 18:45:54] - Attempting to Restart via STOP error (Blue Screen!)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:50, on 2007-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\adslTV\adsltv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\adslTV\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Logiciels\Working\Notepad 2\Notepad2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xbpsplin.dll",forkonce
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winufg32 - C:\WINDOWS\SYSTEM32\winufg32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
11 juil. 2007 à 18:58
11 juil. 2007 à 18:58
Très bien !
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt , poste le stp avec un nouveau hijack
++
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt , poste le stp avec un nouveau hijack
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
11 juil. 2007 à 19:16
11 juil. 2007 à 19:16
"Salim" - 2007-07-11 19:07:50 - ComboFix 07-07-10.1 - Service Pack 2 [SAFE MODE]
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\xbpsplin.dll
C:\WINDOWS\system32\wvurqqn.dll
C:\WINDOWS\system32\winufg32.dll
C:\WINDOWS\system32\nilpspbx.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\sysdm.exe
((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))
2007-07-11 18:30 <REP> d-------- C:\Program Files\Navilog1
2007-07-11 18:24 73,728 --a------ C:\WINDOWS\system32\pv.exe
2007-07-11 18:24 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2007-07-11 18:24 175,616 --a------ C:\WINDOWS\system32\strings.exe
2007-07-11 18:24 16,384 --a------ C:\WINDOWS\system32\restart.exe
2007-07-11 18:24 126,976 --a------ C:\WINDOWS\system32\zip.exe
2007-07-11 18:24 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-07-10 23:55 66,624 --a------ C:\WINDOWS\system32\mafikyva.dll
2007-07-10 22:47 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-07-10 22:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-10 22:02 <REP> d-------- C:\Program Files\CCleaner
2007-07-10 20:10 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 20:04 <REP> d-------- C:\DOCUME~1\Salim\APPLIC~1\Webroot
2007-07-10 19:59 <REP> d-------- C:\DOCUME~1\Salim\APPLIC~1\GetRightToGo
2007-07-10 19:48 <REP> d-------- C:\VundoFix Backups
2007-07-10 19:46 66,624 --a------ C:\WINDOWS\system32\hffomubd.dll
2007-07-09 23:56 31,254 --a------ C:\WINDOWS\system32\ljjgeef.dll.vir
2007-07-03 21:02 0 --a------ C:\WINDOWS\system32\Ultra.dll
2007-07-03 02:44 12,417,543 --------- C:\AVG7QT.DAT
2007-06-19 02:47 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-16 13:04 <REP> d-------- C:\Program Files\Lavasoft
2007-06-16 13:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-16 13:03 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-11 17:01:06 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Skype
2007-07-11 16:47:57 -------- d-----w C:\Program Files\adslTV
2007-07-06 17:24:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-02 22:52:25 -------- d-----w C:\Program Files\Ad-Aware
2007-06-14 20:00:45 -------- d-----w C:\Program Files\Shareaza
2007-06-14 19:59:11 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Shareaza
2007-06-09 20:43:58 -------- d-----w C:\Program Files\tvants
2007-06-09 20:31:06 -------- d-----w C:\Program Files\Fichiers communs\Synacast
2007-06-09 18:40:37 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Lavasoft
2007-06-04 20:41:35 -------- d-----w C:\Program Files\amsn
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-01 23:16:43 -------- d-----w C:\Program Files\DAEMON Tools
2007-06-01 23:13:31 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-01 23:06:48 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-05-23 22:13:28 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\skySpace
2007-05-22 19:09:45 -------- d-----w C:\Program Files\Fichiers communs\Skype
2007-05-21 19:14:46 -------- d-----w C:\Program Files\3GP Player
2007-05-21 17:42:07 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Nokia Multimedia Player
2007-05-19 13:38:56 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Real
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 16:36:08 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-11 15:22:24 -------- d-----w C:\Program Files\Skype
2007-05-03 15:16:11 1,277 ----a-w C:\WINDOWS\mozver.dat
2007-05-02 22:02:09 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-02 20:39:35 98,304 ----a-w C:\WINDOWS\system32\Rey_SubClasser.dll
2007-05-02 19:57:42 76,136 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-02 19:57:42 469,622 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-02 19:42:54 0 --sha-r C:\MSDOS.SYS
2007-05-02 19:42:54 0 --sha-r C:\IO.SYS
2007-05-02 19:42:54 0 ----a-w C:\CONFIG.SYS
2007-05-02 19:42:54 0 ----a-w C:\AUTOEXEC.BAT
2007-05-02 19:39:49 21,892 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2006-07-29 17:18:10 112 --sha-w C:\WINDOWS\system32\Vistadrive\unistl.cmd
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]
2007-07-10 23:55 66624 --a------ C:\WINDOWS\system32\mafikyva.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1C62DBB-655B-4D14-8C98-5181165B51D1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE" [2003-05-08 10:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-07-16 15:16]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-16 15:19]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-02 22:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-03 15:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-02 22:40]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-05-02 22:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe"
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe
"Vistadrv"=C:\Windows\System32\Vistadrive\vsdrv.exe
"TweakRAM"=C:\Program Files\TweakRAM\TweakRAM.exe
"LClock"=C:\Program Files\LClock\lclock.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"C:\Program Files\Shareaza\Shareaza.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908c01ea-f96e-11db-b085-00134639e365}]
verb1\command- desktop.exe
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 19:10:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-07-11 19:13:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 19:13
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:14, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Logiciels\Working\Notepad 2\Notepad2.exe
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\xbpsplin.dll
C:\WINDOWS\system32\wvurqqn.dll
C:\WINDOWS\system32\winufg32.dll
C:\WINDOWS\system32\nilpspbx.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\sysdm.exe
((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))
2007-07-11 18:30 <REP> d-------- C:\Program Files\Navilog1
2007-07-11 18:24 73,728 --a------ C:\WINDOWS\system32\pv.exe
2007-07-11 18:24 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2007-07-11 18:24 175,616 --a------ C:\WINDOWS\system32\strings.exe
2007-07-11 18:24 16,384 --a------ C:\WINDOWS\system32\restart.exe
2007-07-11 18:24 126,976 --a------ C:\WINDOWS\system32\zip.exe
2007-07-11 18:24 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-07-10 23:55 66,624 --a------ C:\WINDOWS\system32\mafikyva.dll
2007-07-10 22:47 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-07-10 22:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-10 22:02 <REP> d-------- C:\Program Files\CCleaner
2007-07-10 20:10 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 20:04 <REP> d-------- C:\DOCUME~1\Salim\APPLIC~1\Webroot
2007-07-10 19:59 <REP> d-------- C:\DOCUME~1\Salim\APPLIC~1\GetRightToGo
2007-07-10 19:48 <REP> d-------- C:\VundoFix Backups
2007-07-10 19:46 66,624 --a------ C:\WINDOWS\system32\hffomubd.dll
2007-07-09 23:56 31,254 --a------ C:\WINDOWS\system32\ljjgeef.dll.vir
2007-07-03 21:02 0 --a------ C:\WINDOWS\system32\Ultra.dll
2007-07-03 02:44 12,417,543 --------- C:\AVG7QT.DAT
2007-06-19 02:47 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-16 13:04 <REP> d-------- C:\Program Files\Lavasoft
2007-06-16 13:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-16 13:03 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-11 17:01:06 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Skype
2007-07-11 16:47:57 -------- d-----w C:\Program Files\adslTV
2007-07-06 17:24:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-02 22:52:25 -------- d-----w C:\Program Files\Ad-Aware
2007-06-14 20:00:45 -------- d-----w C:\Program Files\Shareaza
2007-06-14 19:59:11 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Shareaza
2007-06-09 20:43:58 -------- d-----w C:\Program Files\tvants
2007-06-09 20:31:06 -------- d-----w C:\Program Files\Fichiers communs\Synacast
2007-06-09 18:40:37 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Lavasoft
2007-06-04 20:41:35 -------- d-----w C:\Program Files\amsn
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-01 23:16:43 -------- d-----w C:\Program Files\DAEMON Tools
2007-06-01 23:13:31 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-01 23:06:48 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-05-23 22:13:28 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\skySpace
2007-05-22 19:09:45 -------- d-----w C:\Program Files\Fichiers communs\Skype
2007-05-21 19:14:46 -------- d-----w C:\Program Files\3GP Player
2007-05-21 17:42:07 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Nokia Multimedia Player
2007-05-19 13:38:56 -------- d-----w C:\DOCUME~1\Salim\APPLIC~1\Real
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 16:36:08 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-11 15:22:24 -------- d-----w C:\Program Files\Skype
2007-05-03 15:16:11 1,277 ----a-w C:\WINDOWS\mozver.dat
2007-05-02 22:02:09 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-02 20:39:35 98,304 ----a-w C:\WINDOWS\system32\Rey_SubClasser.dll
2007-05-02 19:57:42 76,136 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-02 19:57:42 469,622 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-02 19:42:54 0 --sha-r C:\MSDOS.SYS
2007-05-02 19:42:54 0 --sha-r C:\IO.SYS
2007-05-02 19:42:54 0 ----a-w C:\CONFIG.SYS
2007-05-02 19:42:54 0 ----a-w C:\AUTOEXEC.BAT
2007-05-02 19:39:49 21,892 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2006-07-29 17:18:10 112 --sha-w C:\WINDOWS\system32\Vistadrive\unistl.cmd
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]
2007-07-10 23:55 66624 --a------ C:\WINDOWS\system32\mafikyva.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1C62DBB-655B-4D14-8C98-5181165B51D1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE" [2003-05-08 10:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-07-16 15:16]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-16 15:19]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-02 22:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-03 15:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-02 22:40]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-05-02 22:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe"
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe
"Vistadrv"=C:\Windows\System32\Vistadrive\vsdrv.exe
"TweakRAM"=C:\Program Files\TweakRAM\TweakRAM.exe
"LClock"=C:\Program Files\LClock\lclock.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"C:\Program Files\Shareaza\Shareaza.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908c01ea-f96e-11db-b085-00134639e365}]
verb1\command- desktop.exe
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 19:10:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-07-11 19:13:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 19:13
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:14, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Logiciels\Working\Notepad 2\Notepad2.exe
C:\Documents and Settings\Salim\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binnews.info/index.php?country=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mafikyva.dll
O2 - BHO: (no name) - {D1C62DBB-655B-4D14-8C98-5181165B51D1} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
11 juil. 2007 à 19:21
11 juil. 2007 à 19:21
on continue :
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
11 juil. 2007 à 19:24
11 juil. 2007 à 19:24
SmitFraudFix v2.202
Rapport fait à 19:22:55,10, 11/07/2007
Executé à partir de C:\Documents and Settings\Salim\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\adslTV\adsltv.exe
C:\Program Files\adslTV\vlc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Salim
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Salim\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Salim\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 19:22:55,10, 11/07/2007
Executé à partir de C:\Documents and Settings\Salim\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\adslTV\adsltv.exe
C:\Program Files\adslTV\vlc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Salim
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Salim\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Salim\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7C4264A8-C11F-4807-8D06-28C64EFE74C1}: NameServer=212.27.53.252,212.27.54.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
11 juil. 2007 à 20:10
11 juil. 2007 à 20:10
ok,
suite :
Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1
Poste le rapport qui se trouve ici C:\rapport_clean.txt
ensuite :
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt
++
suite :
Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1
Poste le rapport qui se trouve ici C:\rapport_clean.txt
ensuite :
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt
++
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
11 juil. 2007 à 21:02
11 juil. 2007 à 21:02
11/07/2007 a 20:54:06,21
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
salim2103
Messages postés
48
Date d'inscription
lundi 18 septembre 2006
Statut
Membre
Dernière intervention
23 décembre 2009
11 juil. 2007 à 21:08
11 juil. 2007 à 21:08
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 11/07/2007 a 21:02:20,51
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Script execute en mode sans echec 11/07/2007 a 21:02:20,51
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
11 juil. 2007 à 21:54
11 juil. 2007 à 21:54
ok, poste un nouveau hijack et précise l'évolution de la situation !
++
++
