Malware "CiD"
Résolu
Jowy
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Hello les gens :)
bon vwalà j'ai exactement le même souci que le type de la dernière discution sur ce malware ouvrant des tas de fenêtres intespestives sur Internet Explorer - logiquement bloqué par mon antivirus puisque j'utilise firefox, cherchez un peu le côté vicieux de la chose >_<'
par contre je suis pas calé en info alors me faudrait qq1 de patient pour me guider dans ce qu'il faut utiliser et en plus pour jouer le rwa des boulets je suis une nouille en anglais...
swat vous m'aidez, swat je me tire une balle (des pop-up okay, mais des pop-up de femmes nues pour un gay c'est très irritant à force !!)
merci de m'avwar lu ^^
bon vwalà j'ai exactement le même souci que le type de la dernière discution sur ce malware ouvrant des tas de fenêtres intespestives sur Internet Explorer - logiquement bloqué par mon antivirus puisque j'utilise firefox, cherchez un peu le côté vicieux de la chose >_<'
par contre je suis pas calé en info alors me faudrait qq1 de patient pour me guider dans ce qu'il faut utiliser et en plus pour jouer le rwa des boulets je suis une nouille en anglais...
swat vous m'aidez, swat je me tire une balle (des pop-up okay, mais des pop-up de femmes nues pour un gay c'est très irritant à force !!)
merci de m'avwar lu ^^
A voir également:
- Malware "CiD"
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Mcafee malware - Accueil - Piratage
- Supprimer malware - Guide
- Win64 malware gen - Forum Virus
- Gridinsoft anti-malware ✓ - Forum Virus
6 réponses
Salut
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:17:27, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Sims Weather\SimsWeather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tonmoteur.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Plan Two.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Insidehelp] C:\DOCUME~1\Jowy\APPLIC~1\FLAGAD~1\32 Axis Close.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SimsWeather.lnk = C:\Program Files\Sims Weather\SimsWeather.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SimsWeather.lnk = C:\Program Files\Sims Weather\SimsWeather.exe (User 'Default user')
O4 - Startup: SimsWeather.lnk = C:\Program Files\Sims Weather\SimsWeather.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jowy\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103652167529
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Scan saved at 08:17:27, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Sims Weather\SimsWeather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tonmoteur.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Plan Two.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Insidehelp] C:\DOCUME~1\Jowy\APPLIC~1\FLAGAD~1\32 Axis Close.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SimsWeather.lnk = C:\Program Files\Sims Weather\SimsWeather.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SimsWeather.lnk = C:\Program Files\Sims Weather\SimsWeather.exe (User 'Default user')
O4 - Startup: SimsWeather.lnk = C:\Program Files\Sims Weather\SimsWeather.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jowy\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103652167529
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Salut
Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
++
Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
++
Rapport Lopxp fait le 09/11/2007 à 9:04:35
Exécuté dans : C:\Program Files\Lopxp
___________________________________________________________________________
[Threads Internet Explorer]
/!\ Suspect iexplore.exe pid: 460 710: C:\DOCUME~1\ALLUSE~1\APPLIC~1\FRAGGR~1\CITYHE~1.EXE
___________________________________________________________________________
[Tâches planifiées]
C:\windows\tasks\AppleSoftwareUpdate.job
Fichier exécuté : C\Program Files\Apple Software Update\SoftwareUpdate.exe -task
Tâche crée le : 14/09/2007 à 05:11
Dernière modification le : 06/11/2007 à 12:13
C:\windows\tasks\B1DDDCC6906A5602.job
Tâche crée le : 08/11/2007 à 15:51
Dernière modification le : 09/11/2007 à 09:00
Fichier exécuté : C:\Documents and Settings\Jowy\Application Data\Flag Admin\Link Drive 64.exe
___________________________________________________________________________
[Listing des dossiers Application Data]
Cr = Date Création | Mo = Date Modification
C:\Documents and Settings\All Users\Application Data
Cr: 05/01/2005 15:58:41 | Mo: 05/01/2005 15:58:41 - - ACD Systems
Cr: 06/02/2005 20:08:03 | Mo: 21/07/2007 08:59:27 - - Adobe
Cr: 06/07/2007 18:41:49 | Mo: 06/07/2007 18:41:49 - - Apple
Cr: 22/12/2004 09:36:26 | Mo: 28/09/2006 19:55:48 - - Apple Computer
Cr: 05/01/2005 13:50:57 | Mo: 05/01/2005 13:51:29 - - AVG7
Cr: 01/01/2005 09:05:52 | Mo: 01/01/2005 09:05:52 - - CyberLink
Cr: 06/08/2007 10:42:36 | Mo: 08/11/2007 15:51:02 - - Frag great bend logo
Cr: 21/07/2007 11:06:45 | Mo: 28/08/2007 06:51:50 - - LogiShrd
Cr: 19/07/2006 11:32:53 | Mo: 19/07/2006 11:32:53 - - Messenger Plus!
Cr: 21/12/2004 16:43:50 | Mo: 19/07/2007 13:47:37 - - Microsoft
Cr: 24/01/2007 17:09:02 | Mo: 24/01/2007 17:09:02 - - NVIDIA
Cr: 24/12/2004 01:27:17 | Mo: 24/12/2004 01:27:17 - - nView_Profiles
Cr: 22/12/2004 09:36:35 | Mo: 16/03/2005 17:41:55 - - QuickTime
Cr: 06/08/2007 10:42:41 | Mo: 21/08/2007 14:23:00 - - settings blue film frag
Cr: 05/01/2005 15:01:53 | Mo: 26/05/2005 13:36:24 - - Symantec
Cr: 04/01/2007 09:05:54 | Mo: 08/11/2007 15:51:01 - - TimeSignPhoneTest
Cr: 09/09/2005 19:25:54 | Mo: 09/09/2005 19:25:54 - - Windows Genuine Advantage
C:\Documents and Settings\Jowy\Application Data
Cr: 28/12/2004 16:22:12 | Mo: 28/12/2004 16:22:13 - - ACD Systems
Cr: 06/02/2005 20:06:03 | Mo: 21/07/2007 09:09:47 - - Adobe
Cr: 06/02/2005 20:08:59 | Mo: 16/04/2007 17:56:31 - - AdobeUM
Cr: 06/06/2007 19:13:08 | Mo: 16/06/2007 12:59:14 - - aMule
Cr: 22/12/2004 09:36:52 | Mo: 13/11/2005 23:08:17 - - Apple Computer
Cr: 04/09/2005 22:02:13 | Mo: 06/09/2005 19:15:14 - - Azureus
Cr: 22/12/2004 15:59:16 | Mo: 22/12/2004 17:07:53 - - Creative
Cr: 19/09/2006 07:48:48 | Mo: 19/01/2007 18:07:21 - - dvdcss
Cr: 04/01/2007 09:05:32 | Mo: 08/11/2007 15:51:09 - - Flag Admin
Cr: 28/05/2007 14:51:55 | Mo: 28/05/2007 15:19:24 - - fltk.org
Cr: 15/08/2005 14:20:26 | Mo: 15/08/2005 14:20:26 - - Google
Cr: 21/12/2004 17:13:01 | Mo: 21/12/2004 17:13:01 - - Help
Cr: 21/12/2004 16:57:40 | Mo: 21/12/2004 16:57:40 - - Identities
Cr: 20/12/2006 15:31:31 | Mo: 02/03/2007 06:55:47 - - IMVU
Cr: 18/06/2006 18:16:52 | Mo: 11/11/2006 21:18:40 - - La Bataille pour la Terre du Milieu
Cr: 20/02/2005 10:47:37 | Mo: 04/01/2006 12:52:45 - - Lavasoft
Cr: 20/08/2006 13:00:35 | Mo: 20/08/2006 13:00:35 - - Leadertech
Cr: 21/10/2006 12:45:59 | Mo: 11/11/2006 21:14:08 - - Lionhead Studios
Cr: 21/12/2004 17:10:09 | Mo: 28/12/2004 19:53:38 - - Macromedia
Cr: 21/12/2004 16:57:29 | Mo: 28/08/2007 06:55:04 - - Microsoft
Cr: 21/12/2004 17:08:20 | Mo: 21/12/2004 17:08:32 - - Mozilla
Cr: 15/08/2005 02:05:15 | Mo: 01/10/2005 04:04:19 - - NASA
Cr: 16/07/2006 16:23:26 | Mo: 16/07/2006 16:27:07 - - Publish Providers
Cr: 13/02/2005 17:58:23 | Mo: 13/02/2005 17:58:57 - - Real
Cr: 16/03/2007 06:20:50 | Mo: 30/10/2007 12:41:31 - - Screenshot Sender
Cr: 23/04/2007 07:48:31 | Mo: 23/04/2007 07:56:35 - - SecondLife
Cr: 15/06/2007 19:48:30 | Mo: 15/06/2007 19:48:30 - - SecuROM
Cr: 25/05/2006 10:43:10 | Mo: 25/05/2006 10:43:10 - - SmartFTP
Cr: 15/07/2006 11:33:26 | Mo: 15/07/2006 11:33:26 - - Sonic Foundry
Cr: 16/07/2006 16:19:47 | Mo: 16/07/2006 16:19:47 - - Sony
Cr: 22/12/2004 13:29:21 | Mo: 22/12/2004 13:29:21 - - Sun
Cr: 05/01/2005 15:02:04 | Mo: 05/01/2005 15:09:35 - - Symantec
Cr: 12/02/2007 06:24:56 | Mo: 12/02/2007 06:25:12 - - System Requirements Lab
Cr: 12/12/2005 23:15:58 | Mo: 12/12/2005 23:57:19 - - The Hobbit
Cr: 12/05/2007 23:32:26 | Mo: 12/05/2007 23:32:26 - - vlc
Cr: 15/06/2007 16:53:26 | Mo: 15/06/2007 17:48:12 - - Xfire
Cr: 07/01/2005 20:32:13 | Mo: 07/01/2005 20:32:13 - - Yahoo! Messenger
C:\Documents and Settings\Jowy\Local Settings\Application Data
Cr: 28/12/2004 16:22:12 | Mo: 28/12/2004 16:22:12 - - ACDSee
Cr: 06/02/2005 20:08:29 | Mo: 21/07/2007 09:09:52 - - Adobe
Cr: 14/07/2007 09:22:09 | Mo: 14/07/2007 09:22:09 - - Apple
Cr: 22/12/2004 09:36:52 | Mo: 27/12/2005 18:17:09 - - Apple Computer
Cr: 22/12/2004 11:32:48 | Mo: 16/07/2006 16:19:40 - - ApplicationHistory
Cr: 21/12/2004 17:13:01 | Mo: 21/12/2004 17:13:01 - - Help
Cr: 13/11/2005 13:05:08 | Mo: 13/11/2005 13:05:08 - - Identities
Cr: 21/12/2004 16:57:30 | Mo: 08/11/2007 06:58:59 - - Microsoft
Cr: 27/12/2005 20:42:25 | Mo: 27/12/2005 20:42:25 - - Mozilla
Cr: 31/03/2006 12:30:52 | Mo: 31/03/2006 13:16:59 - - Oblivion
Cr: 01/06/2007 12:03:21 | Mo: 01/06/2007 12:05:54 - - RcIncidents
Cr: 14/07/2007 20:20:58 | Mo: 14/07/2007 20:20:58 - - Shareaza
Cr: 24/03/2007 20:22:58 | Mo: 24/03/2007 20:22:58 - - SimsStart
Cr: 24/03/2007 20:23:20 | Mo: 24/03/2007 20:23:20 - - SimsWeather
Cr: 21/07/2007 07:34:19 | Mo: 21/07/2007 07:34:19 - - Sony
Cr: 29/09/2007 21:15:02 | Mo: 29/09/2007 21:15:02 - - Stardock
Cr: 17/10/2005 00:12:11 | Mo: 17/10/2005 00:25:47 - - WMTools Downloaded Files
___________________________________________________________________________
[Listing du dossier Program Files]
C:\Program Files
Cr: 04/02/2005 22:20:18 | Mo: 04/02/2005 22:20:42 - - ACE Mega CoDecS Pack
Cr: 06/02/2005 20:07:06 | Mo: 21/07/2007 08:58:30 - - Adobe
Cr: 22/12/2004 11:18:22 | Mo: 22/12/2004 11:19:28 - - Ahead
Cr: 31/08/2006 18:57:06 | Mo: 31/08/2006 19:11:27 - - Alt WAV MP3 WMA OGG Converter
Cr: 28/09/2006 19:45:17 | Mo: 15/09/2007 11:05:39 - - Apple Software Update
Cr: 15/06/2007 15:24:03 | Mo: 07/07/2007 10:41:08 - - Atari
Cr: 17/01/2007 16:54:47 | Mo: 17/01/2007 16:54:47 - - ATI Technologies
Cr: 08/11/2005 19:47:57 | Mo: 26/05/2006 12:18:39 - - Bethesda Softworks
Cr: 25/04/2007 09:50:16 | Mo: 25/04/2007 09:50:21 - - Burn4Free
Cr: 31/10/2006 08:54:13 | Mo: 11/11/2006 21:28:20 - - Canon
Cr: 21/12/2004 18:13:47 | Mo: 21/12/2004 18:13:47 - - Common files
Cr: 22/12/2004 15:27:18 | Mo: 05/01/2005 11:40:14 - - Creative
Cr: 01/01/2005 09:05:43 | Mo: 01/01/2005 09:05:49 - - CyberLink
Cr: 27/07/2007 17:06:00 | Mo: 06/08/2007 18:38:23 - - Diablo II
Cr: 30/10/2007 00:47:52 | Mo: 30/10/2007 00:48:06 - - DivX
Cr: 23/10/2007 12:48:27 | Mo: 24/10/2007 06:51:07 - - Dofus-Arena beta 2
Cr: 04/01/2007 09:05:03 | Mo: 04/01/2007 09:05:03 - - Download Plugin
Cr: 28/11/2006 21:03:26 | Mo: 28/04/2007 08:51:41 - - EA GAMES
Cr: 19/03/2006 21:01:16 | Mo: 29/10/2006 15:15:03 - - eMedia Codec
Cr: 02/09/2007 13:15:10 | Mo: 09/11/2007 08:42:21 - - eMule
Cr: 21/12/2004 16:44:25 | Mo: 16/08/2007 11:57:30 - - Fichiers communs
Cr: 07/02/2006 00:38:27 | Mo: 07/02/2006 00:40:49 - - FileZilla
Cr: 07/11/2007 20:55:26 | Mo: 07/11/2007 20:55:26 - - Final Fantasy VII Origin
Cr: 08/11/2007 15:50:19 | Mo: 08/11/2007 15:50:19 - - Flag Admin
Cr: 07/03/2005 19:04:39 | Mo: 25/02/2006 12:06:28 - - GameSpy Arcade
Cr: 26/05/2005 17:46:23 | Mo: 15/06/2007 19:44:57 - - Google
Cr: 09/04/2006 20:33:11 | Mo: 09/04/2006 20:33:12 - - hardwaredetection
Cr: 17/09/2006 17:16:12 | Mo: 17/09/2006 17:16:12 - - ImTOO
Cr: 21/12/2004 17:01:25 | Mo: 07/11/2007 21:08:00 - - InstallShield Installation Information
Cr: 21/12/2004 16:51:44 | Mo: 28/12/2005 01:07:26 - - Internet Explorer
Cr: 22/12/2004 09:36:28 | Mo: 09/10/2007 12:30:26 - - iPod
Cr: 09/10/2007 12:29:49 | Mo: 09/10/2007 12:30:54 - - iTunes
Cr: 21/12/2004 18:13:06 | Mo: 21/12/2004 18:13:06 - - IZArc
Cr: 22/12/2004 13:28:57 | Mo: 05/10/2007 17:33:46 - - Java
Cr: 22/12/2004 11:55:53 | Mo: 09/01/2005 00:16:46 - - K-Lite Codec Pack
Cr: 20/02/2005 10:47:29 | Mo: 20/02/2005 10:47:29 - - Lavasoft
Cr: 21/07/2007 11:07:37 | Mo: 21/07/2007 11:07:37 - - Logitech
Cr: 09/11/2007 09:04:06 | Mo: 09/11/2007 09:04:41 - - Lopxp
Cr: 21/11/2005 17:58:51 | Mo: 03/01/2007 16:20:20 - - Maxis
Cr: 13/07/2006 23:03:11 | Mo: 08/06/2007 05:06:11 - - Messenger Plus! Live
Cr: 23/09/2007 21:07:12 | Mo: 23/09/2007 21:07:35 - - Metin2_France
Cr: 02/07/2007 19:04:23 | Mo: 02/07/2007 19:05:21 - - Microsoft ActiveSync
Cr: 21/12/2004 16:54:08 | Mo: 21/12/2004 16:54:08 - - microsoft frontpage
Cr: 02/01/2005 22:40:09 | Mo: 02/01/2005 22:40:37 - - Microsoft Office
Cr: 02/01/2005 22:40:49 | Mo: 02/01/2005 22:40:49 - - Microsoft Visual Studio
Cr: 12/03/2006 20:33:20 | Mo: 12/03/2006 20:33:20 - - Microsoft Windows Script
Cr: 21/12/2004 16:52:23 | Mo: 09/01/2005 00:16:48 - - Movie Maker
Cr: 21/12/2004 17:08:20 | Mo: 09/11/2007 08:42:21 - - Mozilla Firefox
Cr: 19/07/2007 13:46:13 | Mo: 19/07/2007 13:46:19 - - MP3 to WAV Decoder
Cr: 21/12/2004 16:50:49 | Mo: 21/12/2004 16:50:49 - - MSN Gaming Zone
Cr: 13/07/2006 23:02:19 | Mo: 08/06/2007 05:06:11 - - MSN Messenger
Cr: 28/12/2004 11:57:12 | Mo: 10/04/2006 08:38:43 - - MuseTools
Cr: 03/06/2006 09:13:14 | Mo: 07/07/2007 19:26:23 - - neodivx2006
Cr: 21/12/2004 16:51:56 | Mo: 15/08/2005 22:47:42 - - NetMeeting
Cr: 03/01/2005 10:55:59 | Mo: 03/01/2005 11:03:41 - - OfficeUpdate11
Cr: 21/12/2004 16:51:52 | Mo: 22/12/2004 11:30:54 - - Outlook Express
Cr: 31/12/2004 01:51:00 | Mo: 31/12/2004 01:51:01 - - PhotoFiltre
Cr: 04/11/2005 10:06:37 | Mo: 14/07/2007 09:26:43 - - QuickTime
Cr: 10/06/2007 13:01:28 | Mo: 10/06/2007 13:01:38 - - RocketDock
Cr: 21/12/2004 16:51:03 | Mo: 21/12/2004 16:52:47 - - Services en ligne
Cr: 18/04/2007 19:14:02 | Mo: 18/04/2007 19:14:05 - - Sims Weather
Cr: 04/08/2007 10:22:56 | Mo: 07/11/2007 20:54:15 - - SlySoft
Cr: 03/01/2006 23:13:44 | Mo: 03/01/2006 23:13:44 - - Softwin
Cr: 15/07/2006 11:32:15 | Mo: 15/07/2006 11:32:15 - - Sonic Foundry Setup
Cr: 21/07/2007 07:33:02 | Mo: 21/07/2007 07:34:06 - - Sony
Cr: 16/07/2006 16:17:34 | Mo: 21/07/2007 07:31:50 - - Sony Setup
Cr: 22/08/2006 08:20:44 | Mo: 03/01/2007 16:48:41 - - Super Jukebox
Cr: 05/01/2005 13:24:07 | Mo: 05/01/2005 13:24:07 - - SuperCopier
Cr: 07/11/2007 08:17:12 | Mo: 07/11/2007 08:17:12 - - Trend Micro
Cr: 21/12/2004 16:57:34 | Mo: 21/12/2004 16:57:34 - - Uninstall Information
Cr: 02/07/2007 18:53:07 | Mo: 29/09/2007 20:01:32 - - ViaMichelin
Cr: 12/05/2007 23:31:02 | Mo: 12/05/2007 23:31:02 - - VideoLAN
Cr: 29/09/2007 21:18:57 | Mo: 29/09/2007 21:22:39 - - Vista Start Menu
Cr: 21/07/2007 07:33:25 | Mo: 21/07/2007 07:33:25 - - Vstplugins
Cr: 22/12/2004 09:26:16 | Mo: 29/03/2007 06:02:20 - - Winamp
Cr: 03/06/2006 09:14:42 | Mo: 03/06/2006 09:14:42 - - WinASPI
Cr: 22/12/2004 11:28:41 | Mo: 22/12/2004 11:28:41 - - Windows Journal Viewer
Cr: 08/06/2007 05:06:11 | Mo: 08/06/2007 05:06:11 - - Windows Live
Cr: 22/12/2004 12:16:10 | Mo: 06/12/2006 19:14:37 - - Windows Media Connect
Cr: 06/12/2006 19:19:32 | Mo: 03/01/2007 16:21:10 - - Windows Media Connect 2
Cr: 21/12/2004 16:52:00 | Mo: 03/01/2007 16:23:22 - - Windows Media Player
Cr: 21/12/2004 16:50:41 | Mo: 22/12/2004 10:56:31 - - Windows NT
Cr: 21/12/2004 16:51:03 | Mo: 21/12/2004 19:03:49 - - WindowsUpdate
Cr: 15/08/2007 19:06:35 | Mo: 15/08/2007 19:06:35 - - WoW-2.0.0-frFR-Installer
Cr: 23/08/2007 16:50:43 | Mo: 23/08/2007 16:59:00 - - WowCartographe
Cr: 03/06/2006 09:14:20 | Mo: 03/06/2006 09:14:20 - - x264
Cr: 21/12/2004 16:54:08 | Mo: 21/12/2004 16:54:08 - - xerox
Cr: 15/06/2007 16:53:21 | Mo: 07/11/2007 21:47:57 - - Xfire
___________________________________________________________________________
[Recherche programmes connus, liés à CiD]
Présent : C:\Program Files\Download Plugin
Présent : C:\Program Files\Messenger Plus! Live
___________________________________________________________________________
[Clés registre de démarrage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
bend logo clock film REG_SZ C:\Documents and Settings\All Users\Application Data\Frag great bend logo\City Help.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Insidehelp REG_SZ C:\DOCUME~1\Jowy\APPLIC~1\FLAGAD~1\32 Axis Close.exe
___________________________________________________________________________
[Popups autorisés]
[-] Internet Explorer :
www.gaypax.com
www.taatu.com
dns-look-up.com
www.dns-look-up.com
netsearchsoft.com
www.netsearchsoft.com
netbios-wait.com
www.netbios-wait.com
[-] Mozilla Firefox
host popup 1 fr.worldsbiggestchat.com
host popup 1 ns31742.ovh.net
host popup 1 dell03.gaypax.com
host popup 1 www.infotec.be
host popup 1 www.freegaypix.com
host popup 1 www.smail.fr
host popup 1 fr.worldsbiggestchat.com
host popup 1 www1.mes-dialogues.net
host popup 1 www2.mes-dialogues.net
[-] Suite Mozilla / SeaMonkey
___________________________________________________________________________
[Suggestion nettoyage registre]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Insidehelp"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow]
"dns-look-up.com"=-
"www.dns-look-up.com"=-
"netsearchsoft.com"=-
"www.netsearchsoft.com"=-
"netbios-wait.com"=-
"www.netbios-wait.com"=-
- Fin du rapport -
vwalà pour le second rapport.
sorry d'avwar mis le temps à le poster, je suis actuellement en stages et ne rentre chez mwa que tardivement donc je n'ai pas eu l'occasion de m'en occuper avant.
pour ce qui est du navilog, jefais quand même un essai ou c'est vrmt pas indiqué pour m'aider à virer ce malware ?
Exécuté dans : C:\Program Files\Lopxp
___________________________________________________________________________
[Threads Internet Explorer]
/!\ Suspect iexplore.exe pid: 460 710: C:\DOCUME~1\ALLUSE~1\APPLIC~1\FRAGGR~1\CITYHE~1.EXE
___________________________________________________________________________
[Tâches planifiées]
C:\windows\tasks\AppleSoftwareUpdate.job
Fichier exécuté : C\Program Files\Apple Software Update\SoftwareUpdate.exe -task
Tâche crée le : 14/09/2007 à 05:11
Dernière modification le : 06/11/2007 à 12:13
C:\windows\tasks\B1DDDCC6906A5602.job
Tâche crée le : 08/11/2007 à 15:51
Dernière modification le : 09/11/2007 à 09:00
Fichier exécuté : C:\Documents and Settings\Jowy\Application Data\Flag Admin\Link Drive 64.exe
___________________________________________________________________________
[Listing des dossiers Application Data]
Cr = Date Création | Mo = Date Modification
C:\Documents and Settings\All Users\Application Data
Cr: 05/01/2005 15:58:41 | Mo: 05/01/2005 15:58:41 - - ACD Systems
Cr: 06/02/2005 20:08:03 | Mo: 21/07/2007 08:59:27 - - Adobe
Cr: 06/07/2007 18:41:49 | Mo: 06/07/2007 18:41:49 - - Apple
Cr: 22/12/2004 09:36:26 | Mo: 28/09/2006 19:55:48 - - Apple Computer
Cr: 05/01/2005 13:50:57 | Mo: 05/01/2005 13:51:29 - - AVG7
Cr: 01/01/2005 09:05:52 | Mo: 01/01/2005 09:05:52 - - CyberLink
Cr: 06/08/2007 10:42:36 | Mo: 08/11/2007 15:51:02 - - Frag great bend logo
Cr: 21/07/2007 11:06:45 | Mo: 28/08/2007 06:51:50 - - LogiShrd
Cr: 19/07/2006 11:32:53 | Mo: 19/07/2006 11:32:53 - - Messenger Plus!
Cr: 21/12/2004 16:43:50 | Mo: 19/07/2007 13:47:37 - - Microsoft
Cr: 24/01/2007 17:09:02 | Mo: 24/01/2007 17:09:02 - - NVIDIA
Cr: 24/12/2004 01:27:17 | Mo: 24/12/2004 01:27:17 - - nView_Profiles
Cr: 22/12/2004 09:36:35 | Mo: 16/03/2005 17:41:55 - - QuickTime
Cr: 06/08/2007 10:42:41 | Mo: 21/08/2007 14:23:00 - - settings blue film frag
Cr: 05/01/2005 15:01:53 | Mo: 26/05/2005 13:36:24 - - Symantec
Cr: 04/01/2007 09:05:54 | Mo: 08/11/2007 15:51:01 - - TimeSignPhoneTest
Cr: 09/09/2005 19:25:54 | Mo: 09/09/2005 19:25:54 - - Windows Genuine Advantage
C:\Documents and Settings\Jowy\Application Data
Cr: 28/12/2004 16:22:12 | Mo: 28/12/2004 16:22:13 - - ACD Systems
Cr: 06/02/2005 20:06:03 | Mo: 21/07/2007 09:09:47 - - Adobe
Cr: 06/02/2005 20:08:59 | Mo: 16/04/2007 17:56:31 - - AdobeUM
Cr: 06/06/2007 19:13:08 | Mo: 16/06/2007 12:59:14 - - aMule
Cr: 22/12/2004 09:36:52 | Mo: 13/11/2005 23:08:17 - - Apple Computer
Cr: 04/09/2005 22:02:13 | Mo: 06/09/2005 19:15:14 - - Azureus
Cr: 22/12/2004 15:59:16 | Mo: 22/12/2004 17:07:53 - - Creative
Cr: 19/09/2006 07:48:48 | Mo: 19/01/2007 18:07:21 - - dvdcss
Cr: 04/01/2007 09:05:32 | Mo: 08/11/2007 15:51:09 - - Flag Admin
Cr: 28/05/2007 14:51:55 | Mo: 28/05/2007 15:19:24 - - fltk.org
Cr: 15/08/2005 14:20:26 | Mo: 15/08/2005 14:20:26 - - Google
Cr: 21/12/2004 17:13:01 | Mo: 21/12/2004 17:13:01 - - Help
Cr: 21/12/2004 16:57:40 | Mo: 21/12/2004 16:57:40 - - Identities
Cr: 20/12/2006 15:31:31 | Mo: 02/03/2007 06:55:47 - - IMVU
Cr: 18/06/2006 18:16:52 | Mo: 11/11/2006 21:18:40 - - La Bataille pour la Terre du Milieu
Cr: 20/02/2005 10:47:37 | Mo: 04/01/2006 12:52:45 - - Lavasoft
Cr: 20/08/2006 13:00:35 | Mo: 20/08/2006 13:00:35 - - Leadertech
Cr: 21/10/2006 12:45:59 | Mo: 11/11/2006 21:14:08 - - Lionhead Studios
Cr: 21/12/2004 17:10:09 | Mo: 28/12/2004 19:53:38 - - Macromedia
Cr: 21/12/2004 16:57:29 | Mo: 28/08/2007 06:55:04 - - Microsoft
Cr: 21/12/2004 17:08:20 | Mo: 21/12/2004 17:08:32 - - Mozilla
Cr: 15/08/2005 02:05:15 | Mo: 01/10/2005 04:04:19 - - NASA
Cr: 16/07/2006 16:23:26 | Mo: 16/07/2006 16:27:07 - - Publish Providers
Cr: 13/02/2005 17:58:23 | Mo: 13/02/2005 17:58:57 - - Real
Cr: 16/03/2007 06:20:50 | Mo: 30/10/2007 12:41:31 - - Screenshot Sender
Cr: 23/04/2007 07:48:31 | Mo: 23/04/2007 07:56:35 - - SecondLife
Cr: 15/06/2007 19:48:30 | Mo: 15/06/2007 19:48:30 - - SecuROM
Cr: 25/05/2006 10:43:10 | Mo: 25/05/2006 10:43:10 - - SmartFTP
Cr: 15/07/2006 11:33:26 | Mo: 15/07/2006 11:33:26 - - Sonic Foundry
Cr: 16/07/2006 16:19:47 | Mo: 16/07/2006 16:19:47 - - Sony
Cr: 22/12/2004 13:29:21 | Mo: 22/12/2004 13:29:21 - - Sun
Cr: 05/01/2005 15:02:04 | Mo: 05/01/2005 15:09:35 - - Symantec
Cr: 12/02/2007 06:24:56 | Mo: 12/02/2007 06:25:12 - - System Requirements Lab
Cr: 12/12/2005 23:15:58 | Mo: 12/12/2005 23:57:19 - - The Hobbit
Cr: 12/05/2007 23:32:26 | Mo: 12/05/2007 23:32:26 - - vlc
Cr: 15/06/2007 16:53:26 | Mo: 15/06/2007 17:48:12 - - Xfire
Cr: 07/01/2005 20:32:13 | Mo: 07/01/2005 20:32:13 - - Yahoo! Messenger
C:\Documents and Settings\Jowy\Local Settings\Application Data
Cr: 28/12/2004 16:22:12 | Mo: 28/12/2004 16:22:12 - - ACDSee
Cr: 06/02/2005 20:08:29 | Mo: 21/07/2007 09:09:52 - - Adobe
Cr: 14/07/2007 09:22:09 | Mo: 14/07/2007 09:22:09 - - Apple
Cr: 22/12/2004 09:36:52 | Mo: 27/12/2005 18:17:09 - - Apple Computer
Cr: 22/12/2004 11:32:48 | Mo: 16/07/2006 16:19:40 - - ApplicationHistory
Cr: 21/12/2004 17:13:01 | Mo: 21/12/2004 17:13:01 - - Help
Cr: 13/11/2005 13:05:08 | Mo: 13/11/2005 13:05:08 - - Identities
Cr: 21/12/2004 16:57:30 | Mo: 08/11/2007 06:58:59 - - Microsoft
Cr: 27/12/2005 20:42:25 | Mo: 27/12/2005 20:42:25 - - Mozilla
Cr: 31/03/2006 12:30:52 | Mo: 31/03/2006 13:16:59 - - Oblivion
Cr: 01/06/2007 12:03:21 | Mo: 01/06/2007 12:05:54 - - RcIncidents
Cr: 14/07/2007 20:20:58 | Mo: 14/07/2007 20:20:58 - - Shareaza
Cr: 24/03/2007 20:22:58 | Mo: 24/03/2007 20:22:58 - - SimsStart
Cr: 24/03/2007 20:23:20 | Mo: 24/03/2007 20:23:20 - - SimsWeather
Cr: 21/07/2007 07:34:19 | Mo: 21/07/2007 07:34:19 - - Sony
Cr: 29/09/2007 21:15:02 | Mo: 29/09/2007 21:15:02 - - Stardock
Cr: 17/10/2005 00:12:11 | Mo: 17/10/2005 00:25:47 - - WMTools Downloaded Files
___________________________________________________________________________
[Listing du dossier Program Files]
C:\Program Files
Cr: 04/02/2005 22:20:18 | Mo: 04/02/2005 22:20:42 - - ACE Mega CoDecS Pack
Cr: 06/02/2005 20:07:06 | Mo: 21/07/2007 08:58:30 - - Adobe
Cr: 22/12/2004 11:18:22 | Mo: 22/12/2004 11:19:28 - - Ahead
Cr: 31/08/2006 18:57:06 | Mo: 31/08/2006 19:11:27 - - Alt WAV MP3 WMA OGG Converter
Cr: 28/09/2006 19:45:17 | Mo: 15/09/2007 11:05:39 - - Apple Software Update
Cr: 15/06/2007 15:24:03 | Mo: 07/07/2007 10:41:08 - - Atari
Cr: 17/01/2007 16:54:47 | Mo: 17/01/2007 16:54:47 - - ATI Technologies
Cr: 08/11/2005 19:47:57 | Mo: 26/05/2006 12:18:39 - - Bethesda Softworks
Cr: 25/04/2007 09:50:16 | Mo: 25/04/2007 09:50:21 - - Burn4Free
Cr: 31/10/2006 08:54:13 | Mo: 11/11/2006 21:28:20 - - Canon
Cr: 21/12/2004 18:13:47 | Mo: 21/12/2004 18:13:47 - - Common files
Cr: 22/12/2004 15:27:18 | Mo: 05/01/2005 11:40:14 - - Creative
Cr: 01/01/2005 09:05:43 | Mo: 01/01/2005 09:05:49 - - CyberLink
Cr: 27/07/2007 17:06:00 | Mo: 06/08/2007 18:38:23 - - Diablo II
Cr: 30/10/2007 00:47:52 | Mo: 30/10/2007 00:48:06 - - DivX
Cr: 23/10/2007 12:48:27 | Mo: 24/10/2007 06:51:07 - - Dofus-Arena beta 2
Cr: 04/01/2007 09:05:03 | Mo: 04/01/2007 09:05:03 - - Download Plugin
Cr: 28/11/2006 21:03:26 | Mo: 28/04/2007 08:51:41 - - EA GAMES
Cr: 19/03/2006 21:01:16 | Mo: 29/10/2006 15:15:03 - - eMedia Codec
Cr: 02/09/2007 13:15:10 | Mo: 09/11/2007 08:42:21 - - eMule
Cr: 21/12/2004 16:44:25 | Mo: 16/08/2007 11:57:30 - - Fichiers communs
Cr: 07/02/2006 00:38:27 | Mo: 07/02/2006 00:40:49 - - FileZilla
Cr: 07/11/2007 20:55:26 | Mo: 07/11/2007 20:55:26 - - Final Fantasy VII Origin
Cr: 08/11/2007 15:50:19 | Mo: 08/11/2007 15:50:19 - - Flag Admin
Cr: 07/03/2005 19:04:39 | Mo: 25/02/2006 12:06:28 - - GameSpy Arcade
Cr: 26/05/2005 17:46:23 | Mo: 15/06/2007 19:44:57 - - Google
Cr: 09/04/2006 20:33:11 | Mo: 09/04/2006 20:33:12 - - hardwaredetection
Cr: 17/09/2006 17:16:12 | Mo: 17/09/2006 17:16:12 - - ImTOO
Cr: 21/12/2004 17:01:25 | Mo: 07/11/2007 21:08:00 - - InstallShield Installation Information
Cr: 21/12/2004 16:51:44 | Mo: 28/12/2005 01:07:26 - - Internet Explorer
Cr: 22/12/2004 09:36:28 | Mo: 09/10/2007 12:30:26 - - iPod
Cr: 09/10/2007 12:29:49 | Mo: 09/10/2007 12:30:54 - - iTunes
Cr: 21/12/2004 18:13:06 | Mo: 21/12/2004 18:13:06 - - IZArc
Cr: 22/12/2004 13:28:57 | Mo: 05/10/2007 17:33:46 - - Java
Cr: 22/12/2004 11:55:53 | Mo: 09/01/2005 00:16:46 - - K-Lite Codec Pack
Cr: 20/02/2005 10:47:29 | Mo: 20/02/2005 10:47:29 - - Lavasoft
Cr: 21/07/2007 11:07:37 | Mo: 21/07/2007 11:07:37 - - Logitech
Cr: 09/11/2007 09:04:06 | Mo: 09/11/2007 09:04:41 - - Lopxp
Cr: 21/11/2005 17:58:51 | Mo: 03/01/2007 16:20:20 - - Maxis
Cr: 13/07/2006 23:03:11 | Mo: 08/06/2007 05:06:11 - - Messenger Plus! Live
Cr: 23/09/2007 21:07:12 | Mo: 23/09/2007 21:07:35 - - Metin2_France
Cr: 02/07/2007 19:04:23 | Mo: 02/07/2007 19:05:21 - - Microsoft ActiveSync
Cr: 21/12/2004 16:54:08 | Mo: 21/12/2004 16:54:08 - - microsoft frontpage
Cr: 02/01/2005 22:40:09 | Mo: 02/01/2005 22:40:37 - - Microsoft Office
Cr: 02/01/2005 22:40:49 | Mo: 02/01/2005 22:40:49 - - Microsoft Visual Studio
Cr: 12/03/2006 20:33:20 | Mo: 12/03/2006 20:33:20 - - Microsoft Windows Script
Cr: 21/12/2004 16:52:23 | Mo: 09/01/2005 00:16:48 - - Movie Maker
Cr: 21/12/2004 17:08:20 | Mo: 09/11/2007 08:42:21 - - Mozilla Firefox
Cr: 19/07/2007 13:46:13 | Mo: 19/07/2007 13:46:19 - - MP3 to WAV Decoder
Cr: 21/12/2004 16:50:49 | Mo: 21/12/2004 16:50:49 - - MSN Gaming Zone
Cr: 13/07/2006 23:02:19 | Mo: 08/06/2007 05:06:11 - - MSN Messenger
Cr: 28/12/2004 11:57:12 | Mo: 10/04/2006 08:38:43 - - MuseTools
Cr: 03/06/2006 09:13:14 | Mo: 07/07/2007 19:26:23 - - neodivx2006
Cr: 21/12/2004 16:51:56 | Mo: 15/08/2005 22:47:42 - - NetMeeting
Cr: 03/01/2005 10:55:59 | Mo: 03/01/2005 11:03:41 - - OfficeUpdate11
Cr: 21/12/2004 16:51:52 | Mo: 22/12/2004 11:30:54 - - Outlook Express
Cr: 31/12/2004 01:51:00 | Mo: 31/12/2004 01:51:01 - - PhotoFiltre
Cr: 04/11/2005 10:06:37 | Mo: 14/07/2007 09:26:43 - - QuickTime
Cr: 10/06/2007 13:01:28 | Mo: 10/06/2007 13:01:38 - - RocketDock
Cr: 21/12/2004 16:51:03 | Mo: 21/12/2004 16:52:47 - - Services en ligne
Cr: 18/04/2007 19:14:02 | Mo: 18/04/2007 19:14:05 - - Sims Weather
Cr: 04/08/2007 10:22:56 | Mo: 07/11/2007 20:54:15 - - SlySoft
Cr: 03/01/2006 23:13:44 | Mo: 03/01/2006 23:13:44 - - Softwin
Cr: 15/07/2006 11:32:15 | Mo: 15/07/2006 11:32:15 - - Sonic Foundry Setup
Cr: 21/07/2007 07:33:02 | Mo: 21/07/2007 07:34:06 - - Sony
Cr: 16/07/2006 16:17:34 | Mo: 21/07/2007 07:31:50 - - Sony Setup
Cr: 22/08/2006 08:20:44 | Mo: 03/01/2007 16:48:41 - - Super Jukebox
Cr: 05/01/2005 13:24:07 | Mo: 05/01/2005 13:24:07 - - SuperCopier
Cr: 07/11/2007 08:17:12 | Mo: 07/11/2007 08:17:12 - - Trend Micro
Cr: 21/12/2004 16:57:34 | Mo: 21/12/2004 16:57:34 - - Uninstall Information
Cr: 02/07/2007 18:53:07 | Mo: 29/09/2007 20:01:32 - - ViaMichelin
Cr: 12/05/2007 23:31:02 | Mo: 12/05/2007 23:31:02 - - VideoLAN
Cr: 29/09/2007 21:18:57 | Mo: 29/09/2007 21:22:39 - - Vista Start Menu
Cr: 21/07/2007 07:33:25 | Mo: 21/07/2007 07:33:25 - - Vstplugins
Cr: 22/12/2004 09:26:16 | Mo: 29/03/2007 06:02:20 - - Winamp
Cr: 03/06/2006 09:14:42 | Mo: 03/06/2006 09:14:42 - - WinASPI
Cr: 22/12/2004 11:28:41 | Mo: 22/12/2004 11:28:41 - - Windows Journal Viewer
Cr: 08/06/2007 05:06:11 | Mo: 08/06/2007 05:06:11 - - Windows Live
Cr: 22/12/2004 12:16:10 | Mo: 06/12/2006 19:14:37 - - Windows Media Connect
Cr: 06/12/2006 19:19:32 | Mo: 03/01/2007 16:21:10 - - Windows Media Connect 2
Cr: 21/12/2004 16:52:00 | Mo: 03/01/2007 16:23:22 - - Windows Media Player
Cr: 21/12/2004 16:50:41 | Mo: 22/12/2004 10:56:31 - - Windows NT
Cr: 21/12/2004 16:51:03 | Mo: 21/12/2004 19:03:49 - - WindowsUpdate
Cr: 15/08/2007 19:06:35 | Mo: 15/08/2007 19:06:35 - - WoW-2.0.0-frFR-Installer
Cr: 23/08/2007 16:50:43 | Mo: 23/08/2007 16:59:00 - - WowCartographe
Cr: 03/06/2006 09:14:20 | Mo: 03/06/2006 09:14:20 - - x264
Cr: 21/12/2004 16:54:08 | Mo: 21/12/2004 16:54:08 - - xerox
Cr: 15/06/2007 16:53:21 | Mo: 07/11/2007 21:47:57 - - Xfire
___________________________________________________________________________
[Recherche programmes connus, liés à CiD]
Présent : C:\Program Files\Download Plugin
Présent : C:\Program Files\Messenger Plus! Live
___________________________________________________________________________
[Clés registre de démarrage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
bend logo clock film REG_SZ C:\Documents and Settings\All Users\Application Data\Frag great bend logo\City Help.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Insidehelp REG_SZ C:\DOCUME~1\Jowy\APPLIC~1\FLAGAD~1\32 Axis Close.exe
___________________________________________________________________________
[Popups autorisés]
[-] Internet Explorer :
www.gaypax.com
www.taatu.com
dns-look-up.com
www.dns-look-up.com
netsearchsoft.com
www.netsearchsoft.com
netbios-wait.com
www.netbios-wait.com
[-] Mozilla Firefox
host popup 1 fr.worldsbiggestchat.com
host popup 1 ns31742.ovh.net
host popup 1 dell03.gaypax.com
host popup 1 www.infotec.be
host popup 1 www.freegaypix.com
host popup 1 www.smail.fr
host popup 1 fr.worldsbiggestchat.com
host popup 1 www1.mes-dialogues.net
host popup 1 www2.mes-dialogues.net
[-] Suite Mozilla / SeaMonkey
___________________________________________________________________________
[Suggestion nettoyage registre]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Insidehelp"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow]
"dns-look-up.com"=-
"www.dns-look-up.com"=-
"netsearchsoft.com"=-
"www.netsearchsoft.com"=-
"netbios-wait.com"=-
"www.netbios-wait.com"=-
- Fin du rapport -
vwalà pour le second rapport.
sorry d'avwar mis le temps à le poster, je suis actuellement en stages et ne rentre chez mwa que tardivement donc je n'ai pas eu l'occasion de m'en occuper avant.
pour ce qui est du navilog, jefais quand même un essai ou c'est vrmt pas indiqué pour m'aider à virer ce malware ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question