[RESOLU] virus W32.Myzor.FK@yf
Dernière réponse : dans Sécurité
Bonjour,
Je suis infecté par le virus W32.Myzor.FK@yf, et je viens de télécharger SmitfraudFix. Je viens de le lancer avec l'option 1 et voici le rapport :
SmitFraudFix v2.113
Rapport fait à 10:23:28,87, 24/10/2006
Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="dxclib303562752.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Que dois-je faire maintenant ?
Merci.
Je suis infecté par le virus W32.Myzor.FK@yf, et je viens de télécharger SmitfraudFix. Je viens de le lancer avec l'option 1 et voici le rapport :
SmitFraudFix v2.113
Rapport fait à 10:23:28,87, 24/10/2006
Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="dxclib303562752.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Que dois-je faire maintenant ?
Merci.
Autres pages sur : resolu virus w32 myzor
Lassé par la pub ? Créez un compte
Bonjour,
- pas de trace de W32.Myzor.FK@yf dans le rapport SmitFraudFix.
où se trouve le/les fichiers infectés ? (nom + emplacement)
- par contre le rapport révèle une infection DeluxeCommunications
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double-clique sur combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra (localisé ici : C:\ComboFix.txt)
Copie/colle ce rapport dans ta prochaine réponse.
- pas de trace de W32.Myzor.FK@yf dans le rapport SmitFraudFix.
où se trouve le/les fichiers infectés ? (nom + emplacement)
- par contre le rapport révèle une infection DeluxeCommunications
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double-clique sur combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra (localisé ici : C:\ComboFix.txt)
Copie/colle ce rapport dans ta prochaine réponse.
Voici le rapport :
Compaq_Propri‚taire - 06-10-24 15:11:04,40 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Compaq_Propri‚taire\Bureau"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Dxccwrd.dll
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Dxcuknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\PrintView
C:\WINDOWS\system32\components
C:\WINDOWS\system32\crunner
C:\Program Files\Fichiers communs\{3CF59AEE-07CF-1036-0902-040804030021}
C:\Program Files\Fichiers communs\{DCF59AEE-07CF-1036-0902-040804030021}
((((((((((((((((((((((((((((((( Files Created from 2006-09-24 to 2006-10-24 ))))))))))))))))))))))))))))))))))
2006-10-23 12:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-20 16:32 67,604 --a------ C:\WINDOWS\system32\qmiomcak.exe
2006-10-19 15:22 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-19 11:28 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-19 11:28 73,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-19 11:24 402,098 ---hs---- C:\WINDOWS\system32\lmllm.ini2
2006-10-17 18:48 426,974 ---hs---- C:\WINDOWS\system32\lmllm.bak2
2006-10-10 12:53 2,146,304 --------- C:\WINDOWS\UNNMP.exe
2006-10-10 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-10 12:47 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-10-10 12:47 2,023,424 --------- C:\WINDOWS\UNNeroVision.exe
2006-10-10 12:46 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-10-10 12:46 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-10-10 12:46 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-10-10 12:46 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-10-10 12:46 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-10-10 12:46 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-10-10 12:46 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-10-08 15:37 143,380 --a------ C:\WINDOWS\system32\dgcosgak.exe
2006-10-08 15:36 684,084 ---hs---- C:\WINDOWS\system32\mllml.dll
2006-10-08 15:36 409,231 ---hs---- C:\WINDOWS\system32\lmllm.bak1
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-24 15:11 -------- d-------- C:\Program Files\Fichiers communs
2006-10-24 14:14 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-24 13:01 -------- d-------- C:\Program Files\CCleaner
2006-10-24 12:42 -------- d-------- C:\Program Files\Yahoo!
2006-10-24 11:29 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Lavasoft
2006-10-24 11:28 -------- d-------- C:\Program Files\Lavasoft
2006-10-23 12:03 -------- d-------- C:\Program Files\Grisoft
2006-10-23 09:37 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Google
2006-10-20 10:44 -------- d-------- C:\Program Files\Windows Defender
2006-10-19 16:50 -------- d-------- C:\Program Files\BeClean
2006-10-19 15:04 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-19 14:57 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-19 14:15 -------- d-------- C:\Program Files\Google
2006-10-19 11:28 -------- d-------- C:\Program Files\Symantec
2006-10-19 11:27 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-18 10:06 -------- d-------- C:\Program Files\Common Files
2006-10-10 12:53 -------- d-------- C:\Program Files\Ahead
2006-10-10 12:49 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-10-10 12:49 -------- d-------- C:\Program Files\Easy Internet signup
2006-10-10 12:47 -------- d-------- C:\Program Files\SlySoft
2006-10-09 17:12 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-08 15:47 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-24 08:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-18 22:00 -------- d-------- C:\Program Files\Kodak
2006-09-18 21:59 -------- d-------- C:\Program Files\Fichiers communs\Kodak
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Acme.PCHButton"="C:\\PROGRA~1\\HELPAN~1\\Presario\\XPHWWRF4\\plugin\\bin\\pchbutton.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"AdslTaskBar"="rundll32.exe stmctrl.dll,TaskBar"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\KODAK Software Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\KODAK Software Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="KODAK Software Updater"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logiciel Kodak EasyShare.lnk"
"backup"="C:\\WINDOWS\\pss\\Logiciel Kodak EasyShare.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Logiciel Kodak EasyShare"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Festoon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Festoon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Santa Cruz Networks\\Festoon\\Festoon.exe /BOOT"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllml
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\netvss
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 06-10-24 15:17:49.53
C:\ComboFix.txt ... 06-10-24 15:17
et maintenant ?
Compaq_Propri‚taire - 06-10-24 15:11:04,40 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Compaq_Propri‚taire\Bureau"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Dxccwrd.dll
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Dxcuknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\PrintView
C:\WINDOWS\system32\components
C:\WINDOWS\system32\crunner
C:\Program Files\Fichiers communs\{3CF59AEE-07CF-1036-0902-040804030021}
C:\Program Files\Fichiers communs\{DCF59AEE-07CF-1036-0902-040804030021}
((((((((((((((((((((((((((((((( Files Created from 2006-09-24 to 2006-10-24 ))))))))))))))))))))))))))))))))))
2006-10-23 12:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-20 16:32 67,604 --a------ C:\WINDOWS\system32\qmiomcak.exe
2006-10-19 15:22 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-19 11:28 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-19 11:28 73,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-19 11:24 402,098 ---hs---- C:\WINDOWS\system32\lmllm.ini2
2006-10-17 18:48 426,974 ---hs---- C:\WINDOWS\system32\lmllm.bak2
2006-10-10 12:53 2,146,304 --------- C:\WINDOWS\UNNMP.exe
2006-10-10 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-10 12:47 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-10-10 12:47 2,023,424 --------- C:\WINDOWS\UNNeroVision.exe
2006-10-10 12:46 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-10-10 12:46 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-10-10 12:46 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-10-10 12:46 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-10-10 12:46 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-10-10 12:46 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-10-10 12:46 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-10-08 15:37 143,380 --a------ C:\WINDOWS\system32\dgcosgak.exe
2006-10-08 15:36 684,084 ---hs---- C:\WINDOWS\system32\mllml.dll
2006-10-08 15:36 409,231 ---hs---- C:\WINDOWS\system32\lmllm.bak1
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-24 15:11 -------- d-------- C:\Program Files\Fichiers communs
2006-10-24 14:14 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-24 13:01 -------- d-------- C:\Program Files\CCleaner
2006-10-24 12:42 -------- d-------- C:\Program Files\Yahoo!
2006-10-24 11:29 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Lavasoft
2006-10-24 11:28 -------- d-------- C:\Program Files\Lavasoft
2006-10-23 12:03 -------- d-------- C:\Program Files\Grisoft
2006-10-23 09:37 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Google
2006-10-20 10:44 -------- d-------- C:\Program Files\Windows Defender
2006-10-19 16:50 -------- d-------- C:\Program Files\BeClean
2006-10-19 15:04 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-19 14:57 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-19 14:15 -------- d-------- C:\Program Files\Google
2006-10-19 11:28 -------- d-------- C:\Program Files\Symantec
2006-10-19 11:27 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-18 10:06 -------- d-------- C:\Program Files\Common Files
2006-10-10 12:53 -------- d-------- C:\Program Files\Ahead
2006-10-10 12:49 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-10-10 12:49 -------- d-------- C:\Program Files\Easy Internet signup
2006-10-10 12:47 -------- d-------- C:\Program Files\SlySoft
2006-10-09 17:12 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-08 15:47 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-24 08:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-18 22:00 -------- d-------- C:\Program Files\Kodak
2006-09-18 21:59 -------- d-------- C:\Program Files\Fichiers communs\Kodak
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Acme.PCHButton"="C:\\PROGRA~1\\HELPAN~1\\Presario\\XPHWWRF4\\plugin\\bin\\pchbutton.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"AdslTaskBar"="rundll32.exe stmctrl.dll,TaskBar"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\KODAK Software Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\KODAK Software Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="KODAK Software Updater"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logiciel Kodak EasyShare.lnk"
"backup"="C:\\WINDOWS\\pss\\Logiciel Kodak EasyShare.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Logiciel Kodak EasyShare"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Festoon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Festoon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Santa Cruz Networks\\Festoon\\Festoon.exe /BOOT"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllml
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\netvss
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 06-10-24 15:17:49.53
C:\ComboFix.txt ... 06-10-24 15:17
et maintenant ?
Re,
Tu as une infection de type Vundo
Télécharge VundoFix.exe et mets le sur le bureau.
Note ou imprime les instructions qui suivent avant de commencer :
> Lance VundoFix.exe
> Clique sur le bouton Scan for Vundo
> Une fois le scan terminé, clique sur le bouton Remove Vundo
> Un message demandera confirmation, clique sur YES
> Le bureau va disparaître. C'est normal.
> Ensuite un message va indiquer que le PC va se fermer. Clique sur OK.
> Redémarre le PC.
> Poste le contenu du rapport situé ici C:\vundofix.txt
> Ensuite :
- Télécharge le programme Hijackthis de Merijn
- Dézippe-le et mets-le dans un dossier specifique (exemple : ..\Bureau\Hijackthis\Hijackthis.exe )
- Renomme le fichier HijackThis.exe par exemple en Scanner.exe
(le renommer permet de faire apparaître des infections qui se cachent dès qu'elles détectent HijackThis.exe)
- Lance Scanner.exe
- Clique sur "Do a system scan and save a logfile" et poste le rapport avec copier/coller
Tu as une infection de type Vundo
Télécharge VundoFix.exe et mets le sur le bureau.
Note ou imprime les instructions qui suivent avant de commencer :
> Lance VundoFix.exe
> Clique sur le bouton Scan for Vundo
> Une fois le scan terminé, clique sur le bouton Remove Vundo
> Un message demandera confirmation, clique sur YES
> Le bureau va disparaître. C'est normal.
> Ensuite un message va indiquer que le PC va se fermer. Clique sur OK.
> Redémarre le PC.
> Poste le contenu du rapport situé ici C:\vundofix.txt
> Ensuite :
- Télécharge le programme Hijackthis de Merijn
- Dézippe-le et mets-le dans un dossier specifique (exemple : ..\Bureau\Hijackthis\Hijackthis.exe )
- Renomme le fichier HijackThis.exe par exemple en Scanner.exe
(le renommer permet de faire apparaître des infections qui se cachent dès qu'elles détectent HijackThis.exe)
- Lance Scanner.exe
- Clique sur "Do a system scan and save a logfile" et poste le rapport avec copier/coller
Voici les 2 rapport :
1- VundoFix :
VundoFix V6.2.6
Checking Java version...
Java version is 1.4.2.3
Scan started at 10:10:31 25/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\dgcosgak.exe
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\dgcosgak.exe
C:\WINDOWS\system32\dgcosgak.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.tmp
C:\WINDOWS\system32\lmllm.tmp Has been deleted!
Performing Repairs to the registry.
Done!
2- Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 10:22:37, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis Version Française\Scan.EXE
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4125E750-77F7-4EF5-A695-14618A4205D5} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA3DCC8-913E-4E8E-9609-51222417275D}: NameServer = 195.220.221.2
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: netvss - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
1- VundoFix :
VundoFix V6.2.6
Checking Java version...
Java version is 1.4.2.3
Scan started at 10:10:31 25/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\dgcosgak.exe
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\dgcosgak.exe
C:\WINDOWS\system32\dgcosgak.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.tmp
C:\WINDOWS\system32\lmllm.tmp Has been deleted!
Performing Repairs to the registry.
Done!
2- Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 10:22:37, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis Version Française\Scan.EXE
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4125E750-77F7-4EF5-A695-14618A4205D5} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA3DCC8-913E-4E8E-9609-51222417275D}: NameServer = 195.220.221.2
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: netvss - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
1/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O2 - BHO: (no name) - {4125E750-77F7-4EF5-A695-14618A4205D5} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O18 - Protocol: Festoon - (no CLSID) - (no file)
O20 - Winlogon Notify: netvss - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
2/ concernant W32.Myzor.FK@yf où se trouve le/les fichiers infectés ? (nom + emplacement)
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O2 - BHO: (no name) - {4125E750-77F7-4EF5-A695-14618A4205D5} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O18 - Protocol: Festoon - (no CLSID) - (no file)
O20 - Winlogon Notify: netvss - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
2/ concernant W32.Myzor.FK@yf où se trouve le/les fichiers infectés ? (nom + emplacement)
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus w32 jeefo et w32.myzor.fk
- ForumVirus infecte par w32.myzor.fk yf
- ForumVirus infecter par w32.myzor.fk yf
- ForumW32.myzor.fk yf virus
- ForumVirus w32 virut.gen
- ForumVirus w32 pate.b.worm virus
- ForumVirus w32 backterra.a.wor
- ForumVirus w32 autorun aha
- ForumVirus w32 bagle-kj
- ForumVirus w32
- Voir plus
