yyy102.html (encore) - help !!
Dernière réponse : dans Sécurité
Bonjour,
Le problème est connu : ouverture incessante de fenêtres pop-ups, notamment en yyy102.html
Mais je ne parviens pas à y remédier et j'avoue que je commence à être un peu à bout !!
Ewido même en mode sans échec ne règle pas la question. Adaware n'est pas plus efficace, ou alors je m'y prends mal. Le dernier hijackthis dit ceci :
Logfile of HijackThis v1.99.1
Scan saved at 20:40:47, on 17/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\fabrice\Bureau\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/def...geUploader...
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\dn8801lue.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Je joins aussi le scan ewido au cas où :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 20:32:52, 17/02/2006
+ Somme de contrôle: 827B9A88
+ Résultats du scan:
[700] C:\WINDOWS\system32\HTZipt12.dll -> Adware.Look2Me : Erreur durant le nettoyage
[776] C:\WINDOWS\system32\HTZipt12.dll -> Adware.Look2Me : Erreur durant le nettoyage
:mozilla.10:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.15:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.16:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.17:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.18:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.19:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.20:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.23:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.24:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.25:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.26:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.27:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.28:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.30:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
:mozilla.31:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
:mozilla.32:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
:mozilla.46:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.48:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.60:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.61:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.62:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.63:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.64:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Clickbank : Nettoyer et sauvegarder
:mozilla.66:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.67:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.68:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.69:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.70:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.71:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.72:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.76:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.90:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.92:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.93:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.95:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.96:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.98:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.114:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.115:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.116:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.117:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.118:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.133:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.134:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.135:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.136:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.151:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.160:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.161:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.162:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.163:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.164:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\Cache\26FAEFF0d01 -> Adware.Zestyfind : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\Cache\3B76AA82d01 -> Not-A-Virus.Downloader.Win32.WinFixer.d : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\Cache\6168C15Dd01 -> Adware.Zestyfind : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\Cache\69953293d01 -> Adware.Zestyfind : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Temp\Cookies\fabrice@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\WINDOWS\system32\fpr2039oe.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\jt4207hoe.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\sdcsccp.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder
::Fin du rapport---------------------------------------------------------
Merci à celui ou celle qui pourra m'apporter son aide, j'en ai grand besoin !!
FabFab
Le problème est connu : ouverture incessante de fenêtres pop-ups, notamment en yyy102.html
Mais je ne parviens pas à y remédier et j'avoue que je commence à être un peu à bout !!
Ewido même en mode sans échec ne règle pas la question. Adaware n'est pas plus efficace, ou alors je m'y prends mal. Le dernier hijackthis dit ceci :
Logfile of HijackThis v1.99.1
Scan saved at 20:40:47, on 17/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\fabrice\Bureau\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/def...geUploader...
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\dn8801lue.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Je joins aussi le scan ewido au cas où :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 20:32:52, 17/02/2006
+ Somme de contrôle: 827B9A88
+ Résultats du scan:
[700] C:\WINDOWS\system32\HTZipt12.dll -> Adware.Look2Me : Erreur durant le nettoyage
[776] C:\WINDOWS\system32\HTZipt12.dll -> Adware.Look2Me : Erreur durant le nettoyage
:mozilla.10:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.15:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.16:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.17:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.18:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.19:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.20:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.23:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.24:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.25:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.26:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.27:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.28:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Goldenpalace : Nettoyer et sauvegarder
:mozilla.30:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
:mozilla.31:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
:mozilla.32:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
:mozilla.46:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.48:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.60:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.61:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.62:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.63:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.64:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Clickbank : Nettoyer et sauvegarder
:mozilla.66:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.67:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.68:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.69:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.70:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.71:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.72:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.76:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.90:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.92:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.93:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.95:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.96:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.98:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.114:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.115:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.116:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.117:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.118:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.133:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.134:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.135:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.136:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.151:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.160:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.161:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.162:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.163:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.164:C:\Documents and Settings\fabrice\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\Cache\26FAEFF0d01 -> Adware.Zestyfind : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\Cache\3B76AA82d01 -> Not-A-Virus.Downloader.Win32.WinFixer.d : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\Cache\6168C15Dd01 -> Adware.Zestyfind : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj1fhfx9.default\Cache\69953293d01 -> Adware.Zestyfind : Nettoyer et sauvegarder
C:\Documents and Settings\fabrice\Local Settings\Temp\Cookies\fabrice@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\WINDOWS\system32\fpr2039oe.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\jt4207hoe.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\sdcsccp.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\__delete_on_reboot__guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder
::Fin du rapport---------------------------------------------------------
Merci à celui ou celle qui pourra m'apporter son aide, j'en ai grand besoin !!
FabFab
Autres pages sur : yyy102 html help
Lassé par la pub ? Créez un compte
Bonjour
Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSC...
Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSC...
Merci !
Voici donc le rapport Look2Me-destroyer.txt :
---------
Look2Me-Destroyer V1.0.5
Scanning for infected files.....
Scan started at 17/02/2006 23:55:38
Infected! C:\WINDOWS\system32\dn8801lue.dll
Infected! C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\dn8801lue.dll
Infected! C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\fp4q03h5e.dll
Infected! C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\kt4sl7h71.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0044915.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0045915.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046915.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046918.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046925.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0047922.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048922.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048923.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048924.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048925.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048926.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048927.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048929.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049929.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049937.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049942.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049947.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050947.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050950.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050951.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050952.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050954.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050959.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051958.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051994.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051995.dll
Infected! C:\WINDOWS\system32\wnbclnt.dll
Attempting to delete infected files...
Attempting to delete: C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\dn8801lue.dll
C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\dn8801lue.dll Deleted successfully!
Attempting to delete: C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\fp4q03h5e.dll
C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\fp4q03h5e.dll Deleted successfully!
Attempting to delete: C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\kt4sl7h71.dll
C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\kt4sl7h71.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0044915.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0044915.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0045915.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0045915.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046915.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046915.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046918.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046918.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046925.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046925.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0047922.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0047922.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048922.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048922.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048923.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048923.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048924.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048924.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048925.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048925.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048926.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048926.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048927.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048927.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048929.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048929.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049929.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049929.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049937.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049937.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049942.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049942.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049947.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049947.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050947.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050947.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050950.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050950.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050951.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050951.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050952.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050952.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050954.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050954.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050959.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050959.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051958.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051958.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051994.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051994.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051995.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051995.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wnbclnt.dll
C:\WINDOWS\system32\wnbclnt.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
-------------
Et le nouveau rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 00:10:21, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\fabrice\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
----
Merci !
On dirait déjà qu'il y a du mieux, non ?
Fab
Voici donc le rapport Look2Me-destroyer.txt :
---------
Look2Me-Destroyer V1.0.5
Scanning for infected files.....
Scan started at 17/02/2006 23:55:38
Infected! C:\WINDOWS\system32\dn8801lue.dll
Infected! C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\dn8801lue.dll
Infected! C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\fp4q03h5e.dll
Infected! C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\kt4sl7h71.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0044915.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0045915.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046915.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046918.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046925.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0047922.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048922.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048923.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048924.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048925.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048926.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048927.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048929.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049929.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049937.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049942.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049947.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050947.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050950.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050951.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050952.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050954.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050959.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051958.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051994.dll
Infected! C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051995.dll
Infected! C:\WINDOWS\system32\wnbclnt.dll
Attempting to delete infected files...
Attempting to delete: C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\dn8801lue.dll
C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\dn8801lue.dll Deleted successfully!
Attempting to delete: C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\fp4q03h5e.dll
C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\fp4q03h5e.dll Deleted successfully!
Attempting to delete: C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\kt4sl7h71.dll
C:\Documents and Settings\fabrice\Mes documents\l2mfix\dlls\kt4sl7h71.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0044915.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0044915.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0045915.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0045915.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046915.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046915.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046918.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046918.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046925.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0046925.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0047922.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0047922.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048922.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048922.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048923.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048923.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048924.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048924.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048925.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048925.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048926.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048926.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048927.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048927.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048929.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0048929.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049929.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049929.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049937.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049937.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049942.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049942.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049947.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0049947.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050947.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050947.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050950.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050950.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050951.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050951.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050952.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050952.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050954.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050954.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050959.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0050959.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051958.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051958.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051994.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051994.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051995.dll
C:\System Volume Information\_restore{F6738141-496E-4840-9EA0-29257410EA50}\RP236\A0051995.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wnbclnt.dll
C:\WINDOWS\system32\wnbclnt.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
-------------
Et le nouveau rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 00:10:21, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\fabrice\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
----
Merci !
On dirait déjà qu'il y a du mieux, non ?
Fab
Re
C'est beaucoup mieux, plus de Look2me.
1 Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
2 Relance un scan HijackThis et coche les lignes ci-dessous :
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex...
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
3 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
4 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
winlog.exe --> Probablement dans C:\WINDOWS\System32 ou C:\WINDOWS
5 Lance le nettoyage avec CCleaner.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
6 Poste un nouveau log HijackThis.
C'est beaucoup mieux, plus de Look2me.
1 Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
2 Relance un scan HijackThis et coche les lignes ci-dessous :
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex...
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
3 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
4 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
winlog.exe --> Probablement dans C:\WINDOWS\System32 ou C:\WINDOWS
5 Lance le nettoyage avec CCleaner.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
6 Poste un nouveau log HijackThis.
Bien compris !
J'ai trouvé un fichier winlogon.exe (et pas winlog) - je suppose qu'il ne s'agit pas de la même chose ?
Pour le reste, voici le dernier log HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 08:42:27, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\fabrice\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Merci ! Y a-t-il d'autres instructions ?
Fab
J'ai trouvé un fichier winlogon.exe (et pas winlog) - je suppose qu'il ne s'agit pas de la même chose ?
Pour le reste, voici le dernier log HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 08:42:27, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\fabrice\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Merci ! Y a-t-il d'autres instructions ?
Fab
Bonjour
Tu as bien fait de ne pas toucher à winlogon.
HijackThis est propre et le PC doit déja mieux se comporter. ;-)
On fini avec une analyse antivirus en ligne sur Kaspersky
http://www.kaspersky.com/downloads/kws/kavwebscan.html
Colle son rapport ici.
Tu as bien fait de ne pas toucher à winlogon.
HijackThis est propre et le PC doit déja mieux se comporter. ;-)
On fini avec une analyse antivirus en ligne sur Kaspersky
http://www.kaspersky.com/downloads/kws/kavwebscan.html
Colle son rapport ici.
En complement au scan Kaspersky
Panda-> http://www.pandasoftware.com/activescan
Desactive ton Antivirus pour eviter les conflits
Colle le rapport ici
Panda-> http://www.pandasoftware.com/activescan
Desactive ton Antivirus pour eviter les conflits
Colle le rapport ici
Re -
Voilà déjà le résultat de Kapersky : il semblerait qu'il y ait encore deux ou trois petits soucis...
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, February 18, 2006 19:05:29
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/02/2006
Kaspersky Anti-Virus database records: 166513
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
G:\
Scan Statistics:
Total number of scanned objects: 38688
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 4703 sec
Infected Object Name - Virus Name
C:\Documents and Settings\fabrice\Bureau\just now\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.d
C:\WINDOWS\system32\atmock32.dll Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\dgststat.exe Infected: Trojan.Win32.Crypt.t
D:\just now\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.d
Scan process completed.
-------------------------------
Merci à vous deux !
Fab
Voilà déjà le résultat de Kapersky : il semblerait qu'il y ait encore deux ou trois petits soucis...
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, February 18, 2006 19:05:29
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/02/2006
Kaspersky Anti-Virus database records: 166513
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
G:\
Scan Statistics:
Total number of scanned objects: 38688
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 4703 sec
Infected Object Name - Virus Name
C:\Documents and Settings\fabrice\Bureau\just now\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.d
C:\WINDOWS\system32\atmock32.dll Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\dgststat.exe Infected: Trojan.Win32.Crypt.t
D:\just now\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.d
Scan process completed.
-------------------------------
Merci à vous deux !
Fab
Re
Télécharge Pocket KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.z...
Ensuite, tu le dézippes sur ton bureau.
Démo animée
http://pageperso.aol.fr/balltrap34/killbox.htm
Ouvre Pocket Killbox
colle dans la petite boite, le chemin complet du fichier suivant:
C:\WINDOWS\system32\atmock32.dll
et clique sur Delete on Reboot, puis clique sur le cercle rouge avec la croix, tu auras le message suivant:"File with be deleted on next reboot, Process and Reboot now?" ,tu cliques sur "yes" .
Le PC doit redémarrer, sinon, fais le.
Télécharge Pocket KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.z...
Ensuite, tu le dézippes sur ton bureau.
Démo animée
http://pageperso.aol.fr/balltrap34/killbox.htm
Ouvre Pocket Killbox
colle dans la petite boite, le chemin complet du fichier suivant:
C:\WINDOWS\system32\atmock32.dll
et clique sur Delete on Reboot, puis clique sur le cercle rouge avec la croix, tu auras le message suivant:"File with be deleted on next reboot, Process and Reboot now?" ,tu cliques sur "yes" .
Le PC doit redémarrer, sinon, fais le.
Merci !
On dirait que ça a marché.
Voici le nouveau rapport HijackThis :
-------------------
Logfile of HijackThis v1.99.1
Scan saved at 08:27:37, on 19/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\fabrice\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
On dirait que ça a marché.
Voici le nouveau rapport HijackThis :
-------------------
Logfile of HijackThis v1.99.1
Scan saved at 08:27:37, on 19/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\fabrice\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Lassé par la pub ? Créez un compte
