Bonjour , je me permet de poster ici afin de vous demander de quoi il en retourne , je suppose que la question à deja été posée 150 fois mais je n'arrive absolument pas à résoudre mon probleme que je vais expliquer de ce pas . Mon ordinateur serait , selon AVG , infecter d'un virus nommé win32hidrag , seulement le sus nommé AVG ne parvient pas à le supprimer... Etant une véritable crétine en matiere d'informatique je m'en remet donc à vous , merci d'avance ...
1/CCleaner
Telecharge ccleaner sur ce site:
CCleaner
Il nettoie ton ordi de tout les fichiers temporaires inutiles.
Fais une analyse puis lance le nettoyage.
2/Ewido
Telecharge ewido sur ce site:
Ewido-Anti-Malware
Fais les mise a jour puis fais un scan et post le rapport
3/ Poster le log Hijackthis:
Telecharge hijackthis sur ce site:
HijackThis
Creer un dossier a son nom , dezip le dedans.
Puis lance hijackthis , appuie sur do a system scan and save a logfile.
La un fichier bloc note va s ouvrir selectionne tout sont contenu et post le .
Merci pour la réponse , seulement j'ai un petit probleme , je ne peux pas installer ewido , l'installation se quitte toute seule... Ca doit etre à cause du virus car ça me le fait sur d'autres applications oO ... Est ce grave si je saute l'étape 2 ?
Ok , le log ça donne ça
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\windows\system32\svchost.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\dfndrb_2.exe
C:\Program Files\ipwins\ipwins.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Spybot - Search & Destroy\wblindman.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AutoIt\AutoIt3.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrb_2.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_2.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmb_2.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Reliability - C:\windows\system32\ir64l5jq1.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\windows\SGVhdmVuUGxhY2UgRWRpdGlvbiBWMQ\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Services TCP/IP simplifiés (SimpTcp) - Unknown owner - C:\windows\system32\tcpsvcs.exe (file missing)
1/ Télécharge Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue
Redémarre en mode sans échec.
2/ Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde puis poste le rapport.
3/Télécharge Look2Me-Destroyer.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré (Look2Me-Destroyer.txt), situé sur le Bureau, ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
*Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
Il y a donc des ligne présent, je vais donc en mode sans echec etc... dés que je le lance , en mode sans échec , tout s'embale ^^
Voila ce qui apparait ( j'ai pris le screen en mode normal mais cela donen la meme chose en mode sans échec ) .
Bonsoir
Laisse SmitfraudFix.
Continue avec Look2me destroyer et poste un nouveau HijackThis.
Euh Look2medestroyer ne se redémarre jamais , j'ai bien du essayer 5 fois.... Je suis désespérée ^^
Personne ne voit ce que je pourrais faire ? 
bonjour
Désactiver la restauration système: pour cela : poste de travail, puis clic droit=> propriétés=>restauration système=>cocher désactiver restauration système OK
télécharge et exécute
Jeefogui
à:
Http://www.sophos.fr/support/cleaners/jeefogui.com
s' il ne se lance pas , il faudra renommer le Disque qui actuellement se nomme C:
Ok ben j'ai essayer jeefogui mais il trouve 0 fichiers infectés... que faire !
Essaie ça:
Démarrer==> exécuter==> ecrire: services.msc
rechercher dans le tableau qui s'ouvre
Power Manager
doule clic et dans : Type de démarrage ==>désactiver
puis Arrêter
-----------------------------------------
Démarrer==> exécuter==> ecrire: regedit
" Dérouler" en
cliquant sur la + de
HKEY_LOCAL_MACHINE
==>SOFTWARE ==> Microsoft
==> Windows ==> CurrentVersion ==> Run
et supprimez dans la fenêtre de droite "PowerManager"="%windir%svchost.exe"
puis après tu tentes de relancer Smitfraudfix
et le fix de look2me
Quand je tape services.msc , il n'y a pas ''power manager '' dans le tableau qui s'ouvre .
Ensuite , pour regedit , je tape puis je valide , le message '' regedit n'est pas une application win32 valide '' :-o
edit :
Regardes tes mps ^^
Je ne peux pas le renommer comme ça
Reposte un log Hijackthis
Voili :
Logfile of HijackThis v1.99.1
Scan saved at 15:23:41, on 28/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Network Monitor\netmon.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
C:\dfndrb_2.exe
C:\Program Files\ipwins\ipwins.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TClock\TClock.exe
C:\windows\System32\svchost.exe
C:\Program Files\WinRAR\UnrarSrc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\jeefogui.com
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\windows\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrb_2.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_2.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmb_2.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Setup - C:\windows\system32\ir64l5jq1.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\windows\SGVhdmVuUGxhY2UgRWRpdGlvbiBWMQ\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Services TCP/IP simplifiés (SimpTcp) - Unknown owner - C:\windows\system32\tcpsvcs.exe (file missing)
il y a un probleme avec le nettoyage avec lokk2medestroyer ta une idée angeldark?
. Télécharge delcmdservice (par Marckie), et sauvegardez-le sur ton Bureau.
. Décompresse le contenu sur votre Bureau (un dossier nommé delcmdservice)
. Double-clique sur le dossier delcmdservice
. Double-clique sur delreg.bat afin de lancer l'outil
. Ensuite clique sur le menu Démarrer puis executez
. Dans le champs, tape Services.msc
. Dans la liste vérifie que Command Service n'est pas présent, si c'est le cas, double-clique dessus
. Positionne le type de démarrage sur désactiver
----------
Installe Ewido
Lance Ewido puis mets le à jour en cliquant sur " Update Now "
Ferme le programme.
Aide sur Ewido de Rub_Mic
Redémarre en mode sans échec
Relance Ewido puis choisis l'onglet " Scanner "
Fais un " Complete System Scan "
** Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse **
Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.
nouveau probleme ( ça aurait été trop beau , me direz vous )
Quand je clique sur Command Service ( qui est bien présent dans la liste donc ) , les deux messages suivants apparaissent successivement :
Gestionnaire de configuration : une entrée necessaire dans le Registre manque ou une tentative d'écriture dans le registre à échoué.
puis ,
Le fichier spécifié est introuvable
Bonjour
Pour Look2me, essaye ceci.
Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt" ) dans ta prochaine réponse.
Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.
Voila :
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]
"Asynchronous"=dword:00000000
"DllName"="C:\\windows\\system32\\ir64l5jq1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D997E5A3-BCA6-683C-E8D6-1A8717C13257}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="P‚riph‚riques Plug and Play universels"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{529009A1-59EB-410D-B2CD-518C3B58C253}"=""
"{54CD1FEA-5C19-49BD-96D4-6B5D2B7357A7}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{529009A1-59EB-410D-B2CD-518C3B58C253}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{529009A1-59EB-410D-B2CD-518C3B58C253}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{529009A1-59EB-410D-B2CD-518C3B58C253}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{529009A1-59EB-410D-B2CD-518C3B58C253}\InprocServer32]
@="C:\\windows\\system32\\vascript.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{54CD1FEA-5C19-49BD-96D4-6B5D2B7357A7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{54CD1FEA-5C19-49BD-96D4-6B5D2B7357A7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{54CD1FEA-5C19-49BD-96D4-6B5D2B7357A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{54CD1FEA-5C19-49BD-96D4-6B5D2B7357A7}\InprocServer32]
@="C:\\windows\\system32\\bNtt.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
atmtd.dll Tue 27 Jun 2006 19:34:24 A.... 687 592 671,48 K
bntt.dll Wed 28 Jun 2006 13:38:40 ..S.R 235 737 230,21 K
bszip.dll Tue 27 Jun 2006 19:28:46 A.... 62 464 61,00 K
dn6q01~1.dll Tue 27 Jun 2006 22:29:58 ..S.R 236 298 230,76 K
en66l1~1.dll Tue 27 Jun 2006 22:32:24 ..S.R 234 078 228,59 K
fplq03~1.dll Tue 27 Jun 2006 21:18:42 ..S.R 236 270 230,73 K
ipc86877.dll Wed 28 Jun 2006 7:23:26 A.... 61 440 60,00 K
ir28l5~1.dll Wed 28 Jun 2006 7:35:28 ..S.R 234 160 228,67 K
ir64l5~1.dll Tue 27 Jun 2006 19:34:06 ..S.R 235 737 230,21 K
jtn407~1.dll Tue 27 Jun 2006 19:45:08 ..S.R 236 194 230,66 K
k044la~1.dll Wed 28 Jun 2006 13:38:40 ..S.R 237 177 231,62 K
mnc71.dll Tue 27 Jun 2006 22:30:00 ..S.R 235 737 230,21 K
mv6sl9~1.dll Wed 28 Jun 2006 7:22:48 ..S.R 234 132 228,64 K
smss.dll Tue 27 Jun 2006 19:34:58 A.... 81 920 80,00 K
tgolhelp.dll Tue 27 Jun 2006 19:32:42 ..S.R 234 272 228,78 K
ukeg.dll Tue 27 Jun 2006 19:32:48 ..S.R 234 272 228,78 K
w1ad3c95.dll Wed 28 Jun 2006 7:23:22 A.... 29 696 29,00 K
17 items found: 17 files (12 H/S), 0 directories.
Total of file sizes: 3 747 176 bytes 3,57 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
setupe~1.tmp Tue 27 Jun 2006 19:28:56 A.... 32 768 32,00 K
1 item found: 1 file, 0 directories.
Total of file sizes: 32 768 bytes 32,00 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle Disque local
Le num‚ro de s‚rie du volume est 3CB9-726B
R‚pertoire de C:\windows\System32
28/06/2006 16:16 <REP> ..
28/06/2006 16:16 <REP> .
28/06/2006 13:38 235ÿ737 bNtt.dll
28/06/2006 13:38 237ÿ177 k044lahq1d4e.dll
28/06/2006 07:35 234ÿ160 ir28l5fu1.dll
28/06/2006 07:22 234ÿ132 mv6sl9j71.dll
27/06/2006 22:32 234ÿ078 en66l1js1.dll
27/06/2006 22:29 235ÿ737 MNC71.dll
27/06/2006 22:29 236ÿ298 dn6q01j5e.dll
27/06/2006 21:18 236ÿ270 fplq0335e.dll
27/06/2006 19:45 236ÿ194 jtn4075qe.dll
27/06/2006 19:34 235ÿ737 ir64l5jq1.dll
27/06/2006 19:32 234ÿ272 ukeg.dll
27/06/2006 19:32 234ÿ272 tgolhelp.dll
27/06/2006 19:30 <REP> dllcache
17/02/2006 18:44 <REP> Microsoft
22/01/2006 04:47 25ÿ784 win32.exe
15/01/2006 14:36 601ÿ088 cd.exe
06/11/2005 18:29 171ÿ304 expIorer.exe
15 fichier(s) 3ÿ622ÿ240 octets
4 R‚p(s) 1ÿ132ÿ290ÿ048 octets libres
Bien, on continue.
Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.
Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.
[IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" . Ne pas lancer cet outil en mode Sans Échec !!
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt" ) situé dans le dossier "l2mfix".
Lorsque je le lance puis selectionne l'option 2 , il se ferme puis plus rien...
Comme tu as plusieurs infections différentes, cela doit coincer.
On s'attaque à Alcan. On verra après pour look2me.
Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.
Télécharge Brute Force Uninstaller (de Merijn).
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
FAIS UN CLIC-DROIT sur le lien suivant.
http://metallica.geekstogo.com/alcanshorty.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger Alcanshorty.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Alcanshorty.bfu et BFU.exe (très important).
Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
alcanshorty.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\alcanshorty.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
Redémarre normalement et poste un nouveau HijackThis.
Pour le lien, ca ne marche pas sur IDN (a cause d'une redirection)
Va sur cette page
Tu fais le clic droit sur le premier lien, celui de metallica
Choisis "Enregistrer la cible sous..." afin de télécharger Alcanshorty.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU).
Ok je vais essayer ça
[edit] j'avais pas lu le post d'au dessus
Voici le nouveau HijackThis , apres BFU en mode sans echec :
Logfile of HijackThis v1.99.1
Scan saved at 16:05:12, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\system32\svchost.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
C:\Program Files\eMule\emule.exe
C:\windows\PPPATC~1\services.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\TClock\TClock.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: ShellCompatibility - C:\windows\system32\dnj8011ue.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Services TCP/IP simplifiés (SimpTcp) - Unknown owner - C:\windows\system32\tcpsvcs.exe (file missing)
Bonjour
HijackThis est plus lèger :-D mais encore bien infecté.
On continue le ménage.
Étape 1:
Télécharge eScan Antivirus Toolkit
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.
Étape 2:
Voici comment mettre l'outil à jour :
1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit" ).
2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.
3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.
Ne pas lancer le scan tout de suite !
Étape 3:
Redémarre en mode Sans Échec
Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky
2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.
3.) Il est très important de bien cocher ces boîtes sous Scan Option
Memory, Registry, Startup Folders, System Folders, Services.
4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.
5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.
6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !
7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes" ), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.
Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse avec un nouveau HijackThis.
Tu as deux antivirus, supprime en un, par exemple AVG.
As tu un parefeu ?
Le virus log information :
File C:\PROGRA~1\FICHIE~1\MICROS~1\DAO\svchost.exe tagged as not-a-virus:Monitor.Win32.007SpySoft.308. No Action Taken.
File C:\PROGRA~1\ALWILS~1\Avast4\ashServ.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\PROGRA~1\ALWILS~1\Avast4\ashMaiSv.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\alcrmv.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\alcupd.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\Audio Capture Uninstaller.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\IsUn040c.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\IsUninst.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\MTE3NDI6ODoxNg.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.
File C:\windows\War3Unin.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\warebundle.exe tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\bNtt.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\cd.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\system32\dllayx.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\dn6q01j5e.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\en66l1js1.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\expIorer.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\system32\expIorer.exe tagged as not-a-virus:AdWare.Win32.WinAD.bq. No Action Taken.
File C:\windows\system32\fplq0335e.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\ir28l5fu1.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\javaws.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\system32\jtn4075qe.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\MNC71.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\msconfig.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\system32\mv6sl9j71.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\nvunrm.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\system32\patcher.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\windows\system32\setup.exe.tmp infected by "Trojan-Downloader.Win32.VB.afb" Virus. Action Taken: File Deleted.
File C:\windows\system32\smss.dll tagged as not-a-virus:AdWare.Win32.PurityScan.en. No Action Taken.
File C:\windows\system32\tgolhelp.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\u6ru0g99e6.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\ukeg.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\windows\system32\win32.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\3D Prophet RADEON Series Drivers - Cat3.6\checkver.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\3D Prophet RADEON Series Drivers - Cat3.6\CPanel\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\3D Prophet RADEON Series Drivers - Cat3.6\Driver\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\3D Prophet RADEON Series Drivers - Cat3.6\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\AntiVirScan.exe infected by "P2P-Worm.Win32.VB.dz" Virus. Action Taken: File Deleted.
File C:\ATI\SUPPORT\6-3_xp-2k_dd_30895\makensisw.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Documents and Settings\Administrateur\Bureau\007ssinstall.exe tagged as not-a-virus:Monitor.Win32.007SpySoft.308. No Action Taken.
File C:\Documents and Settings\Administrateur\Bureau\aas_2.0_setup_65.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Documents and Settings\Administrateur\Bureau\aawsepersonal.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Documents and Settings\Administrateur\Bureau\BitTorrentAccelerationPatch_installer.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Documents and Settings\Administrateur\Bureau\GunzInternationalUpdate_20060413.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Documents and Settings\Administrateur\Bureau\GunzInternational_20060413.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Documents and Settings\Administrateur\Bureau\wrar351fr.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Documents and Settings\Administrateur\Mes documents\Craggle.rar tagged as not-a-virus:AdWare.Win32.Craagle.19. No Action Taken.
File C:\Documents and Settings\Administrateur\Mes documents\le´o south park.JPG infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Drivers\000_VID\Cpanel\makensisw.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Drivers\000_VID\Cpanel\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Drivers\001_VID\nvudisp.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Drivers\001_VID\setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Mendoza1.exe infected by "Trojan-Downloader.MSIL.Agent.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrMin\FRA\setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\CoverDesigner\CoverDes.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\Nero BackItUp\NBJ.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\Nero BackItUp\NBR.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Ahead\WMPBurn\WMPBurn.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Alwil Software\Avast4\ashAvast.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Alwil Software\Avast4\ashBug.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Alwil Software\Avast4\ashQuick.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Alwil Software\Avast4\ashSimpl.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Azureus\Azureus.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\eMule\Incoming\Deutsch Swat 4 The Stetchkov Syndicate crack.exe tagged as not-a-virus:AdWare.Win32.WinAD.bq. No Action Taken.
File C:\Program Files\eMule\Incoming\Swat 4 The Stetchkov Syndicate cracked.exe tagged as not-a-virus:AdWare.Win32.WinAD.bq. No Action Taken.
File C:\Program Files\eMule\Incoming\US Swat 4 The Stetchkov Syndicate crack.exe tagged as not-a-virus:AdWare.Win32.WinAD.bq. No Action Taken.
File C:\Program Files\eMule\LinkCreator.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\FDEUnInstaller.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\Driver\10\Intel 32\IDriver.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\Driver\10\Intel 32\IDriver2.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriver.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriver2.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriver.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriver2.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver2.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\IKernel.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe tagged as not-a-virus:Monitor.Win32.007SpySoft.308. No Action Taken.
File C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\Program Files\Gaim\gaim-uninst.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Gaim\le´o claire 21.06.06 03.JPG infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\Guitar Pro 5\GPOnline.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Guitar Pro 5\unins000.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\InstallShield Installation Information\{5E30BDEB-9307-11D4-9AE0-006067325E47}\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\InstallShield Installation Information\{A4A4A090-A384-11D4-AD3F-0050BAD25FF3}\Setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\InstallShield Installation Information\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}\setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Inventel\Gateway\DWBFLASH.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Inventel\Gateway\UNINSTALL.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\K-Lite Codec Pack\gspot\gspot.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\K-Lite Codec Pack\tools\3ivxConfig.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\K-Lite Codec Pack\tools\fixcodecs.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\K-Lite Codec Pack\unins000.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\MagicISO\MagicISO.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\MagicISO\UNWISE.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\magnéto\sndrec32.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\clokspl.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Microsoft Games\Age of Empires II\clokspl.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Microsoft Games\Age of Empires II\DPLAY61A.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\MSN Messenger\dw.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\QuickTime\PictureViewer.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\QuickTime\QTInfo.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\QuickTime\QTSystem\QTPluginInstaller.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\River Past\Audio Capture\AudioCapture.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\RM-X Player V4\rmxsearchbt.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Snowball Wars\License.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Spybot - Search & Destroy\unins000.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Steinberg\Cubase SX 3\open_cubasesx3_application_data_folder.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Steinberg\Cubase SX 3\UNWISE.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Syncrosoft\LCC\LCC.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Syncrosoft\POS\H2O\Uninst.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Syncrosoft\POS\SYNSOPOS.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Syncrosoft\UNWISE.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Webzen\Mu\main.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Webzen\Mu\mu.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Windows Media Components\Encoder\WMEnc.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Windows Media Player\migrate.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Windows Media Player\setup_wm.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Windows Media Player\wmlaunch.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\Windows Media Player\wmsetsdk.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Program Files\WordView\install\INSTALL.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\Trelew.exe infected by "Trojan-Dropper.Win32.VB.mz" Virus. Action Taken: File Deleted.
File C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\$hf_mig$\KB898461\update\update.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\iTunesSetup.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\inf\unregmp2.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\spuninst.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\update\update.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\SoftwareDistribution\Download\fbbf97636558a8b12d2660a1fbe98336\spuninst.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\SoftwareDistribution\Download\fbbf97636558a8b12d2660a1fbe98336\update\update.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\speech\vcmd.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\system32\bNtt.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\dllayx.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\dn6q01j5e.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\en66l1js1.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\fplq0335e.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\ir28l5fu1.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\jtn4075qe.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\system32\MNC71.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\mv6sl9j71.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\smss.dll tagged as not-a-virus:AdWare.Win32.PurityScan.en. No Action Taken.
File C:\WINDOWS\system32\tgolhelp.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\u6ru0g99e6.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\system32\ukeg.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\warebundle.exe tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
Le nouveau HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 17:31:11, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\system32\svchost.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
C:\windows\PPPATC~1\services.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\TClock\TClock.exe
C:\windows\System32\svchost.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Telephony - C:\windows\system32\dnj8011ue.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Services TCP/IP simplifiés (SimpTcp) - Unknown owner - C:\windows\system32\tcpsvcs.exe (file missing)
Un autre ménage a été fait.
On continue.
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Ewido
http://www.ewido.net/en/download/
Tu l'installes et tu le mets à jour.
2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
3 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Telephony - C:\windows\system32\dnj8011ue.dll
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe
C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
C:\Program Files\COMMON FILES\ASKS~1\HKNTFS~1.EXE
C:\windows\PPPATC~1\services.exe
C:\WINDOWS\system32\0106.exe
C:\windows\system32\smss.dll
w1ad3c95.dll
6 Lance le nettoyage avec CCleaner.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
7 Lance Ewido.
Fais un scan en mode complet.
Si un fichier est infecté, choisis l'option " Apply All Actions "
Sauvegardes le rapport.
8 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.
L'installation d'ewido , comme auparavant , se quitte d'elle meme
Bon j'ai réussis à l'installer en mode sans échec mais e peux pas le mettre à jour ici étant donné qu'il se quitte tout seul , je fais quand meme ce que tu m'as dis mais sans ewido ?
Ewido refuse de marcher aussi en mode sans échec ?
Sinon, télécharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire.
Tutorial
http://www.malekal.com/tutorial_SpywareTerminator.html
Et ce qui suis, tu le fais à la place d'Ewido
Lance le.
Clique sur Scan, puis Full Spyware scan.
Clique sur Start Scan Now.
(note : je n'ai pas réussis à supprimer smss.dll ( acces interdit ou en cours d'utilisation... )
le repport ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 19:20:47 29/06/2006
+ Scan result:
HKU\S-1-5-21-725345543-2111687655-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Snowball Wars\License.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Mes documents\Craggle.rar/Craggle\Craggle\craagle_1.91\Craagle.exe -> Adware.Craagle : Cleaned with backup (quarantined).
HKU\S-1-5-21-725345543-2111687655-682003330-500\Software\Prodiff\rmxnavigator\shopping\\sh163 -> Adware.Locators : Cleaned with backup (quarantined).
C:\WINDOWS\system32\MNC71.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bNtt.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dn6q01j5e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\en66l1js1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\f20o0cd3ef0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fplq0335e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gpp4l37q1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ir28l5fu1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jtn4075qe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kadfc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kpdhela3.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\l2r0lc9m1f.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mv6sl9j71.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\o8lu0i39e8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rRsman.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tgolhelp.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\u6ru0g99e6.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ukeg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
[752] C:\windows\system32\jksd400.dll -> Adware.Look2Me : Error during cleaning.
[884] C:\windows\system32\jksd400.dll -> Adware.Look2Me : Error during cleaning.
C:\Program Files\Fichiers communs\uqww\uqwwd\uqwwc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\expIorer.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
le report hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 19:35:36, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
C:\windows\PPPATC~1\services.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\rundll32.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\explorer.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Reliability - C:\windows\system32\dnj8011ue.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Services TCP/IP simplifiés (SimpTcp) - Unknown owner - C:\windows\system32\tcpsvcs.exe (file missing)
j'ai beaucoup moins de pop ups ! y'a du progres
Bien, on progresse doucement.
Il reste encore des choses à supprimer dans HijackThis.
Mais avant, essaye d'utiliser les utilitaires pour détruire ce qui reste de Look2me.
Pour mémoire.
Avec L2mfix
| Citation : Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.
|
S'il ne fonctionne toujours pas, Look2me Destroyer
| Citation : * Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
|
Aucun des deux ne fonctionne
Ok, on continue.
Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.
Ouvre le Bloc-note et copie-colle les lignes en bleu ci-dessous
ProcessKill ibm00004.exe|1
ProcessKill %PROGRAMFILES%\Fichiers communs\Microsoft Shared\DAO\svchost.exe|1
ProcessKill %SYSDIR%\0106.exe|1
ProcessKill HKNTFS~1.EXE|1
ProcessKill %WINDIR%\PPPATC~1\services.exe|1
DllUnregister %SYSDIR%\smss.dll|1
DllUnregister w1ad3c95.dll|1
DllUnregister %PROGRAMFILES%\ToolBar888\MyToolBar.dll|1
FileDelete %PROGRAMFILES%\Fichiers communs\Microsoft Shared\DAO\svchost.exe
FileDelete %SYSDIR%\0106.exe
FileDelete %WINDIR%\PPPATC~1\services.exe
FileDelete %SYSDIR%\smss.dll
FileDelete %PROGRAMFILES%\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe
FileDelete %PROGRAMFILES%\COMMON FILES\ASKS~1\HKNTFS~1.EXE
FileDelete %SYSDIR%\w1ad3c95.dll
FolderDelete %WINDIR%\PPPATC~1
FolderDelete %PROGRAMFILES%\ToolBar888
FolderDelete %PROGRAMFILES%\COMMON FILES\ASKS~1
SystemEmptyTempFolder
SystemEmptyRecycleBin
FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0F8[/b]; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Reliability - C:\windows\system32\dnj8011ue.dll (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
- Coche Show Log after script ends.
- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
Fixme.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
Redémarre normalement.
Poste un nouveau HijackThis avec le rapport de BFU et le rapport situé ici
C:\egd.txt.
Le BFU ça donne ça :
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"H2O"="C:\\Program Files\\SyncroSoft\\Pos\\H2O\\cledx.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
Le hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:46:00, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\explorer.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Reliability - C:\windows\system32\dnj8011ue.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\windows\system32\rCschap.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Services TCP/IP simplifiés (SimpTcp) - Unknown owner - C:\windows\system32\tcpsvcs.exe (file missing)
pas d' autres idée chercheur PDA ?
Quand on te dit de fixer les lignes tu le fais ?
Arrete Emule le temsp que ton pc ne soit pas clean.
Redémarre en mode sans échec
C- Lance Hijackthis ->Do a system scan only
->Coche les lignes puis clique sur Fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Reliability - C:\windows\system32\dnj8011ue.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\windows\system32\rCschap.dll (file missing)
- Suppime ces fichiers ou dossiers s'ils existent encore:
~1 = abreviation
C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe
C:\Program Files\ToolBar888\
C:\WINDOWS\system32\0106.exe
C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
C:\windows\PPPATC~1\services.exe
w1ad3c95.dll
C:\windows\system32\smss.dll
oui je l'ai fait les deux fois ou vous me l'avez demander ^^
apres avooir fixer et supprimer les fichiers en mode sans échec , tout est encore là ...
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TClock\TClock.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Reliability - C:\windows\system32\dnj8011ue.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\windows\system32\rCschap.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Services TCP/IP simplifiés (SimpTcp) - Unknown owner - C:\windows\system32\tcpsvcs.exe (file missing)
Par contre j'ai plus du tout de pop ups .
Ok, on esaye différemment.
Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.
Ouvre le Bloc-note et copie-colle les lignes en bleu ci-dessous
ProcessKill ibm00004.exe|1
ProcessKill %PROGRAMFILES%\Fichiers communs\Microsoft Shared\DAO\svchost.exe|1
ProcessKill %SYSDIR%\0106.exe|1
ProcessKill HKNTFS~1.EXE|1
ProcessKill %WINDIR%\PPPATC~1\services.exe|1
DllUnregister %SYSDIR%\smss.dll|1
DllUnregister w1ad3c95.dll|1
DllUnregister %PROGRAMFILES%\ToolBar888\MyToolBar.dll|1
FileDelete %PROGRAMFILES%\Fichiers communs\Microsoft Shared\DAO\svchost.exe
FileDelete %SYSDIR%\0106.exe
FileDelete %WINDIR%\PPPATC~1\services.exe
FileDelete %SYSDIR%\smss.dll
FileDelete %PROGRAMFILES%\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe
FileDelete %PROGRAMFILES%\COMMON FILES\ASKS~1\HKNTFS~1.EXE
FileDelete %SYSDIR%\w1ad3c95.dll
FolderDelete %WINDIR%\PPPATC~1
FolderDelete %PROGRAMFILES%\ToolBar888
FolderDelete %PROGRAMFILES%\COMMON FILES\ASKS~1
SystemEmptyTempFolder
SystemEmptyRecycleBinF8[/b]; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00004.exe"
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\svchost.exe
O4 - HKLM\..\Run: [ipc86877] RUNDLL32.EXE w1ad3c95.dll,n 001868760000000a1ad3c95
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bzcffbcq] C:\PROGRA~1\COMMON~1\ASKS~1\HKNTFS~1.EXE
O4 - HKCU\..\Run: [Rewi] "C:\windows\PPPATC~1\services.exe" -vt ndrv
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: C:\windows\system32\smss.dll
O20 - Winlogon Notify: Reliability - C:\windows\system32\dnj8011ue.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\windows\system32\rCschap.dll (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
- Coche Show Log after script ends.
- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
Fixme.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique sur Save et Sauvegarde le résultat sur le Bureau.
Clique Exit pour fermer le programme BFU.
Redémarre normalement.
Poste un nouveau HijackThis avec le rapport de BFU.
le nouveau hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 20:21:07, on 30/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAoC Portal\DAoCPortal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\BFU\BFU.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Services TCP/IP simplifiés (SimpTcp) - Unknown owner - C:\windows\system32\tcpsvcs.exe (file missing)
ça a marché non ?
HijackThis est propre.
Mais tu n'as pas mis le rapport de BFU.
Et tu as toujours deux antivirus, c'est un de trop.
Fais une analyse antivirus en ligne sur BitDefender
http://www.bitdefender.fr/scan8/ie.html
Colle son rapport ici.
Il y a 2193 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
