Se connecter avec
S'enregistrer | Connectez-vous

pb winantivirus sysprotect

Dernière réponse : dans Sécurité

bonjour tout le monde

je suis nouveau sur ce forum et je vous demande un coups de main

comme intituler dans mon message je suis infester par ces 2 trucs que j arrive pas a deloger

j ai bien chercher et ecouter tout les conseils deja poster comme analuse avec cccleaner spybot ...
mais ca revient toujours donc si j ai bien compris faudrais faire une analyse avec hijack mais mes competence ne permettes pas de l i,terpreter donc je cherche un volontaire pour m aider ?


par avance merci

Autres pages sur : winantivirus sysprotect

Lassé par la pub ? Créez un compte

voila:


Logfile of HijackThis v1.99.1
Scan saved at 15:17:05, on 03/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update\updmangr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\System32\winzip.exe
C:\WINDOWS\System32\lEXPLORE.EXE
C:\WINDOWS\System32\vmmon32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\STEM32~1\wuauboot.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Documents and Settings\Administrateur\Mes documents\?icrosoft\?xplorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
C:\WINDOWS\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {FB954BD9-FB30-80B2-38A7-815D44C013CA} - C:\WINDOWS\System32\iwtl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [AdobeReaderPro] winzip.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\vmmon32.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [NI.USYP_0001_N85M2606] "C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe" -nag
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Security Panagers] ktqlxjiq.exe
O4 - HKLM\..\RunServices: [Nortons Syncmon] eschbntabqxm.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wuamkops.exe
O4 - HKLM\..\RunServices: [Winddows Servicer] servicer.exe
O4 - HKLM\..\RunServices: [MS taskbar] taskbars.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\RunServices: [Microsoft Conference] msconf.exe
O4 - HKLM\..\RunServices: [Microsoft System Application] winpool.exe
O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\vmmon32.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe
O4 - HKLM\..\RunServices: [Microsoft System Debug] winded.exe
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKCU\..\Run: [Microsoft Conference] msconf.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Crpr] "C:\WINDOWS\STEM32~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\vmmon32.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunServices: [Microsoft Conference] msconf.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_nos_med.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonphenix.com/npaecviz.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_...
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41o...
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B13CC35-06EC-4ECF-9AFF-A793B4154FEA}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs:  Jsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Re,

Je vais te faire passer Ewido avant d'attaquer manuellement car tu est multi-infecté :-o

La procédure est longue et en partie en mode sans échec. Attention, tu n'as pas accès à Internet dans ce mode, enregistre cette page Web (clique sur fichier/enregistrer sous/choisis « Bureau ») ou imprime ce que tu as à faire.

Télécharge la version d'évaluation d'Ewido:
http://www.ewido.net/en/download/
Installe le sur ton bureau

Démarre Ewido avec l'icône qui se trouve sur ton Bureau.
Clique sur Update Now,
attend la fin de cette mise à jour,
puis ferme le programme.

Redémarre en mode Sans Échec
(au démarrage, tapote immédiatement la touche F8), puis tu verras un écran avec choix de démarrages :
choisis Mode sans échecavec les flèches du clavier, puis valide avec Entrée.
Choisis ton compte usuel (et non Administrateur).

Relance Ewido et clique sur Scanner
Puis sur l'onglets Settings, pour How to Act sélèctionne Quarantine.

Reviens a l'onglet Scan cliques Complete system Scan.
Le scan démarre.

A la fin cliquer sur Apply all actions
Puis sur Save report et pour finir Save report asposte le rapport dans ta réponse et poste un rapport HijackThis[/b].

voici le rapports hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 16:19:31, on 03/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {FB954BD9-FB30-80B2-38A7-815D44C013CA} - C:\WINDOWS\System32\iwtl.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NI.USYP_0001_N85M2606] "C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe" -nag
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Security Panagers] ktqlxjiq.exe
O4 - HKLM\..\RunServices: [Nortons Syncmon] eschbntabqxm.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wuamkops.exe
O4 - HKLM\..\RunServices: [Winddows Servicer] servicer.exe
O4 - HKLM\..\RunServices: [MS taskbar] taskbars.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\RunServices: [Microsoft Conference] msconf.exe
O4 - HKLM\..\RunServices: [Microsoft System Application] winpool.exe
O4 - HKLM\..\RunServices: [Microsoft System Debug] winded.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Conference] msconf.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Crpr] "C:\WINDOWS\STEM32~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\RunServices: [Microsoft Conference] msconf.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_nos_med.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonphenix.com/npaecviz.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_...
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41o...
O20 - AppInit_DLLs:  Jsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe



et le rapport ewido:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:16:14 03/08/2006

+ Scan result:



C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_26-07-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_27-07-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_28-07-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_29-07-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\AI_30-07-2005.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\CxtPls.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\CxtPls.exe -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\ace.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\libexpat.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Aprps\uninstaller.exe -> Adware.Apropos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP203\A0133714.exe -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Mes documents\Мicrosoft\еxplorer.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP209\A0143147.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126252.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126254.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126256.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126257.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126258.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126259.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126260.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126261.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126262.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126263.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126264.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126265.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126267.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126268.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126269.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126270.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126271.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126272.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126273.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126274.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126277.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126278.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126279.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126280.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126281.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126282.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126283.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126285.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126286.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126287.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126289.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126291.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126293.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126294.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126300.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126301.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126302.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126303.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126304.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126306.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126307.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126310.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126311.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126313.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126314.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126317.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126318.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126319.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126320.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126326.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126359.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126375.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126379.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0127393.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0128408.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132411.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132426.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132437.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132462.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP203\A0132671.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP203\A0133669.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP203\A0133674.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ajdiosrv.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ajfsipc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dwcdll.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\en6ol1j31.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fp8003lme.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ir4ol5h31.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jt0s07d7e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\meconf.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mfrddm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mgfutil.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mvr0l99m1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\n46q0ej5eho.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\n8n6li5s18.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\o2rolc931f.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\oaepro32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pqrfts.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qxartz.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rXsctrs.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rjchost.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\shdpapi.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sqmsg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sxrio800.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\uxildll.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP203\A0133746.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Τasks\mѕhta.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\iwtl.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\uuczw.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wuauclt.dll_tobedeleted -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132640.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\ww32.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0108407.exe/rmz.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0109445.exe/rmz.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0111455.exe/rmz.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0111473.exe/rmz.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP194\A0113544.exe/rmz.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP199\A0119015.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP199\A0119040.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP199\A0119064.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP201\A0124101.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP201\A0124102.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP201\A0125102.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP201\A0125138.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125182.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125184.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125251.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126344.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126398.exe/dotrm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\awtqp.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ch32.exe/rmz.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\geedc.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jkhhh.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mljgf.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mllmn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pmkhe.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pmnnn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rmz.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ssqpm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ssqrp.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sstqp.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ssttu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125203.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\sck32.exe -> Backdoor.Agent.abc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126343.exe -> Backdoor.Agent.abc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126397.exe -> Backdoor.Agent.abc : Cleaned with backup (quarantined).
C:\WINDOWS\update\updmangr.exe -> Backdoor.Agent.abc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126288.dll -> Backdoor.Agent.vc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mswap.dll -> Backdoor.Agent.vc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xmn32.dll -> Backdoor.Agent.vc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0107287.exe -> Backdoor.Agobot.ail : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP228\A0155865.exe -> Backdoor.Agobot.ail : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP228\A0155866.exe -> Backdoor.IRCBot.qu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126316.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\TFTP1724 -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP228\A0155874.EXE -> Backdoor.Rbot.adf : Cleaned with backup (quarantined).
C:\WINDOWS\Iseult.dll -> Dialer.CDUpdater.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10B9609B-1E75-49ED-8E1B-057BEF1F9B1F}\RP0\A0000004.dll -> Dialer.InstantAccess : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sysinetsvc32.dll -> Dialer.InstantAccess.e : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\ww32.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0108407.exe/drz.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0109445.exe/drz.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0111455.exe/drz.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP193\A0111473.exe/drz.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP194\A0113544.exe/drz.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP199\A0119015.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP199\A0119040.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP199\A0119064.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP201\A0124101.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP201\A0125102.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP201\A0125138.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125182.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125251.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126344.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126345.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126398.exe/dotdr.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132440.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ch32.exe/drz.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\drz.exe -> Downloader.Adload.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126249.exe -> Downloader.Adload.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125244.exe -> Downloader.Adload.bv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125260.exe -> Downloader.Adload.bv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126348.exe -> Downloader.Adload.bv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126357.exe -> Downloader.Adload.bv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132453.exe -> Downloader.Adload.bv : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Local Settings\Temp\ICD1.tmp\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3BH37KBR\SysProtectScannerInstall[1].cab/USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N86M0507NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N86M0507NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PV_0001_N86M0507NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PV_0001_N86M0507NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PV_0001_N86M0507NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PV_0001_N86M0507NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6PV_0001_N86M0507NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N86M0507NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
[1028] C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Error during cleaning.
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RDYM1KK8\ptd32[1].exe/blank.html -> Downloader.IstBar.aq : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RDYM1KK8\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SEAYOJDN\!update-3820[1].0000 -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\WINDOWS\Ѕymantec\mmc.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125243.exe -> Downloader.VB.abm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125255.exe -> Downloader.VB.abm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126350.exe -> Downloader.VB.abm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126355.exe -> Downloader.VB.abm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132452.exe -> Downloader.VB.abm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125259.exe -> Downloader.VB.adw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126346.exe -> Downloader.VB.adw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126390.exe -> Downloader.VB.adw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP203\A0133728.exe -> Downloader.VB.adw : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UK11TCZO\France[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125247.exe -> Hijacker.StartPage.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0125256.exe -> Hijacker.StartPage.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126349.exe -> Hijacker.StartPage.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0126356.exe -> Hijacker.StartPage.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B981F135-9DB4-4276-87D7-D064AE0AEED1}\RP202\A0132451.exe -> Hijacker.StartPage.aju : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6V_0001_N68M1103NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6V_0001_N68M1103NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS6V_0001_N68M1103NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EETWYX7P\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RDYM1KK8\ptd32[1].exe/re11.REG -> Trojan.LowZones.a : Cleaned with backup (quarantined).
C:\WINDOWS\ѕуstem32\wuauboot.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\TFTP1988 -> Worm.SpyBot.gn : Cleaned with backup (quarantined).


::Report end



voila

Re,

Il y a encore pas mal de boulot :-D

1/ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse.

2/ Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.

Télécharge Look2Me-Destroyer.exe sur ton Bureau.

http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un rapport HijackThis! dans ta prochaine réponse.

#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSC...

voila c est fait

et ensuite y a le rapport a te faire voir ?


[08/03/2006, 19:10:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[08/03/2006, 19:11:02] - Detected System Information:
[08/03/2006, 19:11:02] - Windows Version: 5.1.2600, Service Pack 1
[08/03/2006, 19:11:02] - Current Username: Administrateur (Admin)
[08/03/2006, 19:11:02] - Windows is in NORMAL mode.
[08/03/2006, 19:11:02] - Searching for Browser Helper Objects:
[08/03/2006, 19:11:02] - BHO 1: {79646435-C6ED-4AC7-92D4-C3AC31325A6C} ()
[08/03/2006, 19:11:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/03/2006, 19:11:02] - Checking for HKLM\...\Winlogon\Notify\awvtr
[08/03/2006, 19:11:02] - Found: HKLM\...\Winlogon\Notify\awvtr - This is probably Virtumundo.
[08/03/2006, 19:11:02] - Assigning {79646435-C6ED-4AC7-92D4-C3AC31325A6C} MSEvents Object
[08/03/2006, 19:11:02] - BHO list has been changed! Starting over...
[08/03/2006, 19:11:02] - BHO 1: {79646435-C6ED-4AC7-92D4-C3AC31325A6C} (MSEvents Object)
[08/03/2006, 19:11:02] - ALERT: Found MSEvents Object!
[08/03/2006, 19:11:02] - BHO 2: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[08/03/2006, 19:11:02] - BHO 3: {FB954BD9-FB30-80B2-38A7-815D44C013CA} ()
[08/03/2006, 19:11:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/03/2006, 19:11:02] - Checking for HKLM\...\Winlogon\Notify\iwtl
[08/03/2006, 19:11:02] - Key not found: HKLM\...\Winlogon\Notify\iwtl, continuing.
[08/03/2006, 19:11:02] - Finished Searching Browser Helper Objects
[08/03/2006, 19:11:02] - *** Detected MSEvents Object
[08/03/2006, 19:11:02] - Trying to remove MSEvents Object...
[08/03/2006, 19:11:03] - Terminating Process: IEXPLORE.EXE
[08/03/2006, 19:11:03] - Terminating Process: RUNDLL32.EXE
[08/03/2006, 19:11:03] - Disabling Automatic Shell Restart
[08/03/2006, 19:11:03] - Terminating Process: EXPLORER.EXE
[08/03/2006, 19:11:03] - Suspending the NT Session Manager System Service
[08/03/2006, 19:11:03] - Terminating Windows NT Logon/Logoff Manager
[08/03/2006, 19:11:03] - Re-enabling Automatic Shell Restart
[08/03/2006, 19:11:03] - File to disable: C:\WINDOWS\System32\awvtr.dll
[08/03/2006, 19:11:03] - Renaming C:\WINDOWS\System32\awvtr.dll -> C:\WINDOWS\System32\awvtr.dll.vir
[08/03/2006, 19:11:03] - ! File rename was unsucessful.
[08/03/2006, 19:11:03] - Attempting to Deny Access to C:\WINDOWS\System32\awvtr.dll
[08/03/2006, 19:11:04] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[08/03/2006, 19:11:04] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[08/03/2006, 19:11:04] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[08/03/2006, 19:11:04] - Removing HKLM\...\Browser Helper Objects\{79646435-C6ED-4AC7-92D4-C3AC31325A6C}
[08/03/2006, 19:11:04] - Removing HKCR\CLSID\{79646435-C6ED-4AC7-92D4-C3AC31325A6C}
[08/03/2006, 19:11:04] - Adding Kill Bit for ActiveX for GUID: {79646435-C6ED-4AC7-92D4-C3AC31325A6C}
[08/03/2006, 19:11:04] - Deleting ATLEvents/MSEvents Registry entries
[08/03/2006, 19:11:04] - Removing HKLM\...\Winlogon\Notify\awvtr
[08/03/2006, 19:11:04] - Searching for Browser Helper Objects:
[08/03/2006, 19:11:04] - BHO 1: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[08/03/2006, 19:11:04] - BHO 2: {FB954BD9-FB30-80B2-38A7-815D44C013CA} ()
[08/03/2006, 19:11:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/03/2006, 19:11:04] - Checking for HKLM\...\Winlogon\Notify\iwtl
[08/03/2006, 19:11:04] - Key not found: HKLM\...\Winlogon\Notify\iwtl, continuing.
[08/03/2006, 19:11:04] - Finished Searching Browser Helper Objects
[08/03/2006, 19:11:04] - Finishing up...
[08/03/2006, 19:11:04] - A restart is needed.
[08/03/2006, 19:11:21] - Attempting to Restart via STOP error (Blue Screen!)

voila

salut et merci de prendre encore de ton remps pour m aider

pour ca qui est de VirtumundoBeGone desole mais il plante car il ne se passe rien qd je le lance (en mode sans echec ) il me reboot le pc en me disant que ca marche pas pour ce qui est de hijackthis voici le rapport:

Logfile of HijackThis v1.99.1
Scan saved at 14:03:13, on 04/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {FB954BD9-FB30-80B2-38A7-815D44C013CA} - C:\WINDOWS\System32\iwtl.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NI.USYP_0001_N85M2606] "C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe" -nag
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Security Panagers] ktqlxjiq.exe
O4 - HKLM\..\RunServices: [Nortons Syncmon] eschbntabqxm.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wuamkops.exe
O4 - HKLM\..\RunServices: [Winddows Servicer] servicer.exe
O4 - HKLM\..\RunServices: [MS taskbar] taskbars.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\RunServices: [Microsoft Conference] msconf.exe
O4 - HKLM\..\RunServices: [Microsoft System Application] winpool.exe
O4 - HKLM\..\RunServices: [Microsoft System Debug] winded.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Conference] msconf.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Crpr] "C:\WINDOWS\STEM32~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\RunServices: [Microsoft Conference] msconf.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_nos_med.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonphenix.com/npaecviz.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_...
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41o...
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B13CC35-06EC-4ECF-9AFF-A793B4154FEA}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs:  Jsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe


Bonjour

Tu n'as pas bien vu ce que te demandais Bob.
Effectivement, Vundo (remplacé par Virtumondobegone) mais aussi Look2me Destroyer.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.


&& Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

Clique sur ce lien
http://www.google.fr/search?hl=fr&q=metallica+%2B+bfu+&btnG=Rechercher&meta=
Ensuite
FAIS UN CLIC-DROIT sur le premier lien (celui de metallica)
et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).


&& Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.


&& Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

EGDACCESS.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.


&& Redémarre normalement

Poste les 3 rapports
- Nouveau HijackThis
- Le rapport situé ici C:\egd.txt
- Le rapport situé ici : C:\Look2Me-Destroyer.txt

tout d abord merci cherhceurpca et bob pour votre aide

hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 15:14:35, on 05/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {FB954BD9-FB30-80B2-38A7-815D44C013CA} - C:\WINDOWS\System32\iwtl.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NI.USYP_0001_N85M2606] "C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe" -nag
O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Security Panagers] ktqlxjiq.exe
O4 - HKLM\..\RunServices: [Nortons Syncmon] eschbntabqxm.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wuamkops.exe
O4 - HKLM\..\RunServices: [Winddows Servicer] servicer.exe
O4 - HKLM\..\RunServices: [MS taskbar] taskbars.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\RunServices: [Microsoft Conference] msconf.exe
O4 - HKLM\..\RunServices: [Microsoft System Application] winpool.exe
O4 - HKLM\..\RunServices: [Microsoft System Debug] winded.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Conference] msconf.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Crpr] "C:\WINDOWS\STEM32~1\wuauboot.exe" -vt yazr
O4 - HKCU\..\RunServices: [Microsoft Conference] msconf.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_nos_med.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/i...
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonphenix.com/npaecviz.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41o...
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B13CC35-06EC-4ECF-9AFF-A793B4154FEA}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs:  Jsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

rapports bfu:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

rapports look 2 me:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 05/08/2006 15:07:14


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded

voila en esperant avoir fait les bonnes manip
Lassé par la pub ? Créez un compte

Créer un nouveau sujet

  • Contenus similaires :
Tags :
Tom's guide dans le monde