Problême dut je pense à un/des Trojan(s)
Bidiboy
-
Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour, J'ai été infécté par bon nombres de Trojans dernierement , j'ai scrupuleusement suivi les insctruction des posts précedent le miens , à savoir tout passer sous Spybot s&d et GGcleaner , tout à été netoyé , je n'ai plus aucune alerte sous Avast ou avec les logiciels nommés précédement , mais un probleme perciste , la lenteur de ma connection.
Je m'explique , je n'ai aucun probleme de ping , que ce soit sous les jeux ou sous cmd (ping www.google.com) , en revanche mes pages internets mettent une éternité à s'afficher ... Et mon amie qui à un mac , et qui est connectée avec la meme freebox que moi , n'a elle , aucun probleme .
voici mon rapport HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 16:35:16, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Logiciels\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\dl\celtic.exe
C:\WINDOWS\system32\wscntfy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1B258D6B-25C0-44E0-8904-725CDA11628B} - (no file)
O2 - BHO: (no name) - {49D3B97D-444B-48A9-9CCD-3CC45AF9ABD9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcdeby.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F39F8C1C-A75B-4C5A-AFE5-408EE62EBC8E} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [aocaommk] rundll32.exe "C:\DOCUME~1\Alex\LOCALS~1\Temp\timerjlnh.sys" WLEntryPoint
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcdeby - efcdeby.dll (file missing)
O20 - Winlogon Notify: pgbel - C:\WINDOWS\SYSTEM32\pgbel.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
ps: ma connection est en dent de scies enfait , au démarage les pages s'affichent raisonablement vite , puis cela devient extremement lent , ca revient un peu , puis denouveau lent ... en dent de scie quoi :)
Merci par avance
Je m'explique , je n'ai aucun probleme de ping , que ce soit sous les jeux ou sous cmd (ping www.google.com) , en revanche mes pages internets mettent une éternité à s'afficher ... Et mon amie qui à un mac , et qui est connectée avec la meme freebox que moi , n'a elle , aucun probleme .
voici mon rapport HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 16:35:16, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Logiciels\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\dl\celtic.exe
C:\WINDOWS\system32\wscntfy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1B258D6B-25C0-44E0-8904-725CDA11628B} - (no file)
O2 - BHO: (no name) - {49D3B97D-444B-48A9-9CCD-3CC45AF9ABD9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcdeby.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F39F8C1C-A75B-4C5A-AFE5-408EE62EBC8E} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [aocaommk] rundll32.exe "C:\DOCUME~1\Alex\LOCALS~1\Temp\timerjlnh.sys" WLEntryPoint
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcdeby - efcdeby.dll (file missing)
O20 - Winlogon Notify: pgbel - C:\WINDOWS\SYSTEM32\pgbel.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
ps: ma connection est en dent de scies enfait , au démarage les pages s'affichent raisonablement vite , puis cela devient extremement lent , ca revient un peu , puis denouveau lent ... en dent de scie quoi :)
Merci par avance
A voir également:
- Problême dut je pense à un/des Trojan(s)
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan sms-par google ✓ - Forum Virus
- Trojan agent ✓ - Forum Virus
- Csrss.exe trojan - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
29 réponses
voilà pour toi :
Logfile of HijackThis v1.99.1
Scan saved at 18:32:26, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Logiciels\Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Jeux\ff\SquareEnix\PlayOnlineViewer\pol.exe
D:\Logiciels\Teamspeak2_RC2\TeamSpeak.exe
D:\Jeux\ff\ff\SquareEnix\FINAL FANTASY XI\ap\ApRadar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alex\Bureau\celtic.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [mlnllthf] rundll32.exe "C:\DOCUME~1\Alex\LOCALS~1\Temp\syshaihos.nls" WLEntryPoint
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pgbel - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:32:26, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Logiciels\Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Jeux\ff\SquareEnix\PlayOnlineViewer\pol.exe
D:\Logiciels\Teamspeak2_RC2\TeamSpeak.exe
D:\Jeux\ff\ff\SquareEnix\FINAL FANTASY XI\ap\ApRadar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alex\Bureau\celtic.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [mlnllthf] rundll32.exe "C:\DOCUME~1\Alex\LOCALS~1\Temp\syshaihos.nls" WLEntryPoint
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pgbel - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
passe a la version 7.0 de ie meme si tu as firefox :
internet explorer 6.0 = failles de securitées importantes
alors fais les mises a jour windows : tu veux la version 7.0
https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
puis
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
@+
passe a la version 7.0 de ie meme si tu as firefox :
internet explorer 6.0 = failles de securitées importantes
alors fais les mises a jour windows : tu veux la version 7.0
https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
puis
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
@+
Un ami plein de bonne volonté est passé chez moi , et a commencé a supprimer des fichiers TEMP, tout en refusant tout les changements de registre via Spybot ...
On redémarre , et la 10 messages d'erreurs identiques apparaissent : RUNDLL : erreur de chargement de C:/docume~1/alex~1/loclas/temp/ntfgrdetq.dll
Je ne peux lancer quasi aucun programme sans recevoir se message , sauf BSplayer , Spybot via une liste de fichiers dans Spybot / include / cookies.sbi par exemple , le .exe traditionnel ne marche pas ... Et pour internet , firefox ne marche pas , IE non plus , sauf qd je le lance via Spytobt / aide / page d'acceuil ...
J'ai voulu formater , mais mon clavier marche lors de la page de ma carté mère , au démarage , il se désactive endant le boot sur le CD (lorsqu'il me demande d'appuyer sur une touche) et il se réactive une fois sous windows ...
Sous windows je recois le message d'erreur lorsque je veux lancer le Setup.exe du cd ... Je suis reelement paumé :)
Désolé de completement changer de probleme , mais je ne sais pas si c'est une suite de l'ancien , ou juste une fausse manip de mon bienveillant ami :)Configuration: Windows XP
Internet Explorer 7.0
(sinon le scan que tu demandais enfin je crois ) :
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Wed Apr 09 20:18:26 2008
Quick Scan Results:
----------------
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\mlnllthf
Found virus: Worm:Win32/Locksky.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\mlnllthf
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\syshaihos.nls
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\ftoolsfq
Found virus: Worm:Win32/Locksky.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\ftoolsfq
Found virus: Worm:Win32/Locksky.gen!A in file://C:\WINDOWS\system32\timefsbqs.dll
Found virus: Worm:Win32/Locksky.gen!A in shellopencmd://HKLM\SOFTWARE\CLASSES\exefile\shell\open\command\\
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\ntfgrdetq.dll
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Found virus: Worm:Win32/Locksky.gen!A in autorun://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\timealgas.dll
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Found virus: Worm:Win32/Locksky.gen!A in winlogontaskman://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Found virus: Worm:Win32/Locksky.gen!A in file://C:\WINDOWS\system32\seclkfqpk.nls
Quick Scan Removal Results
----------------
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\mlnllthf
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\ftoolsfq
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Operation succeeded !
Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\mlnllthf
Operation succeeded !
Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\ftoolsfq
Operation succeeded !
Start 'remove' for shellopencmd://HKLM\SOFTWARE\CLASSES\exefile\shell\open\command\\
Operation succeeded !
Start 'remove' for autorun://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Operation succeeded !
Start 'remove' for winlogontaskman://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Operation succeeded !
Start 'remove' for file://\\?\C:\WINDOWS\system32\timefsbqs.dll
Operation succeeded !
Start 'remove' for file://\\?\C:\WINDOWS\system32\seclkfqpk.nls
Operation was scheduled to be completed after next reboot.
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\timealgas.dll
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\syshaihos.nls
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\ntfgrdetq.dll
Operation succeeded !
Results Summary:
----------------
For cleaning Worm:Win32/Locksky.gen!A, the system needs to be restarted.
Return code: 10
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 20:19:04 2008
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Wed Apr 09 20:19:05 2008
Quick Scan Results:
----------------
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\dgetrfgb
Found virus: Worm:Win32/Locksky.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\dgetrfgb
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\xmlgkmglf.nls
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\glmbndsp
Found virus: Worm:Win32/Locksky.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\glmbndsp
Found virus: Worm:Win32/Locksky.gen!A in file://C:\WINDOWS\system32\msxmliecs.nls
Found virus: Worm:Win32/Locksky.gen!A in shellopencmd://HKLM\SOFTWARE\CLASSES\exefile\shell\open\command\\
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\mcimgngg.nls
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Found virus: Worm:Win32/Locksky.gen!A in autorun://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\wuajqiclt.drv
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Found virus: Worm:Win32/Locksky.gen!A in winlogontaskman://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Found virus: Worm:Win32/Locksky.gen!A in file://C:\WINDOWS\system32\seclkfqpk.nls
Quick Scan Removal Results
----------------
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\dgetrfgb
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\glmbndsp
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Operation succeeded !
Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\dgetrfgb
Operation succeeded !
Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\glmbndsp
Operation succeeded !
Start 'remove' for shellopencmd://HKLM\SOFTWARE\CLASSES\exefile\shell\open\command\\
Operation succeeded !
Start 'remove' for autorun://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Operation succeeded !
Start 'remove' for winlogontaskman://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Operation succeeded !
Start 'remove' for file://\\?\C:\WINDOWS\system32\seclkfqpk.nls
Operation was scheduled to be completed after next reboot.
Start 'remove' for file://\\?\C:\WINDOWS\system32\msxmliecs.nls
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\xmlgkmglf.nls
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\wuajqiclt.drv
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\mcimgngg.nls
Operation succeeded !
Results Summary:
----------------
For cleaning Worm:Win32/Locksky.gen!A, the system needs to be restarted.
Return code: 10
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 20:20:28 2008
tiens , la commande ctrl +c / ctrl + v ne marche apparement pas non plus :)
On redémarre , et la 10 messages d'erreurs identiques apparaissent : RUNDLL : erreur de chargement de C:/docume~1/alex~1/loclas/temp/ntfgrdetq.dll
Je ne peux lancer quasi aucun programme sans recevoir se message , sauf BSplayer , Spybot via une liste de fichiers dans Spybot / include / cookies.sbi par exemple , le .exe traditionnel ne marche pas ... Et pour internet , firefox ne marche pas , IE non plus , sauf qd je le lance via Spytobt / aide / page d'acceuil ...
J'ai voulu formater , mais mon clavier marche lors de la page de ma carté mère , au démarage , il se désactive endant le boot sur le CD (lorsqu'il me demande d'appuyer sur une touche) et il se réactive une fois sous windows ...
Sous windows je recois le message d'erreur lorsque je veux lancer le Setup.exe du cd ... Je suis reelement paumé :)
Désolé de completement changer de probleme , mais je ne sais pas si c'est une suite de l'ancien , ou juste une fausse manip de mon bienveillant ami :)Configuration: Windows XP
Internet Explorer 7.0
(sinon le scan que tu demandais enfin je crois ) :
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Wed Apr 09 20:18:26 2008
Quick Scan Results:
----------------
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\mlnllthf
Found virus: Worm:Win32/Locksky.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\mlnllthf
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\syshaihos.nls
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\ftoolsfq
Found virus: Worm:Win32/Locksky.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\ftoolsfq
Found virus: Worm:Win32/Locksky.gen!A in file://C:\WINDOWS\system32\timefsbqs.dll
Found virus: Worm:Win32/Locksky.gen!A in shellopencmd://HKLM\SOFTWARE\CLASSES\exefile\shell\open\command\\
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\ntfgrdetq.dll
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Found virus: Worm:Win32/Locksky.gen!A in autorun://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\timealgas.dll
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Found virus: Worm:Win32/Locksky.gen!A in winlogontaskman://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Found virus: Worm:Win32/Locksky.gen!A in file://C:\WINDOWS\system32\seclkfqpk.nls
Quick Scan Removal Results
----------------
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\mlnllthf
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\ftoolsfq
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Operation succeeded !
Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\mlnllthf
Operation succeeded !
Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\ftoolsfq
Operation succeeded !
Start 'remove' for shellopencmd://HKLM\SOFTWARE\CLASSES\exefile\shell\open\command\\
Operation succeeded !
Start 'remove' for autorun://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Operation succeeded !
Start 'remove' for winlogontaskman://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Operation succeeded !
Start 'remove' for file://\\?\C:\WINDOWS\system32\timefsbqs.dll
Operation succeeded !
Start 'remove' for file://\\?\C:\WINDOWS\system32\seclkfqpk.nls
Operation was scheduled to be completed after next reboot.
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\timealgas.dll
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\syshaihos.nls
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\ntfgrdetq.dll
Operation succeeded !
Results Summary:
----------------
For cleaning Worm:Win32/Locksky.gen!A, the system needs to be restarted.
Return code: 10
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 20:19:04 2008
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Wed Apr 09 20:19:05 2008
Quick Scan Results:
----------------
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\dgetrfgb
Found virus: Worm:Win32/Locksky.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\dgetrfgb
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\xmlgkmglf.nls
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\glmbndsp
Found virus: Worm:Win32/Locksky.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\glmbndsp
Found virus: Worm:Win32/Locksky.gen!A in file://C:\WINDOWS\system32\msxmliecs.nls
Found virus: Worm:Win32/Locksky.gen!A in shellopencmd://HKLM\SOFTWARE\CLASSES\exefile\shell\open\command\\
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\mcimgngg.nls
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Found virus: Worm:Win32/Locksky.gen!A in autorun://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Found virus: Worm:Win32/Locksky.gen!A in file://C:\Documents and Settings\Alex\Local Settings\Temp\wuajqiclt.drv
Found virus: Worm:Win32/Locksky.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Found virus: Worm:Win32/Locksky.gen!A in winlogontaskman://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Found virus: Worm:Win32/Locksky.gen!A in file://C:\WINDOWS\system32\seclkfqpk.nls
Quick Scan Removal Results
----------------
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\dgetrfgb
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\glmbndsp
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Operation succeeded !
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Operation succeeded !
Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\dgetrfgb
Operation succeeded !
Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\glmbndsp
Operation succeeded !
Start 'remove' for shellopencmd://HKLM\SOFTWARE\CLASSES\exefile\shell\open\command\\
Operation succeeded !
Start 'remove' for autorun://HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR\\AUTORUN
Operation succeeded !
Start 'remove' for winlogontaskman://HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\TASKMAN
Operation succeeded !
Start 'remove' for file://\\?\C:\WINDOWS\system32\seclkfqpk.nls
Operation was scheduled to be completed after next reboot.
Start 'remove' for file://\\?\C:\WINDOWS\system32\msxmliecs.nls
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\xmlgkmglf.nls
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\wuajqiclt.drv
Operation succeeded !
Start 'remove' for file://\\?\C:\Documents and Settings\Alex\Local Settings\Temp\mcimgngg.nls
Operation succeeded !
Results Summary:
----------------
For cleaning Worm:Win32/Locksky.gen!A, the system needs to be restarted.
Return code: 10
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 20:20:28 2008
tiens , la commande ctrl +c / ctrl + v ne marche apparement pas non plus :)
