Aide pour retirer Search Bar
Killerhunter
-
Yoan Messages postés 11905 Statut Modérateur -
Yoan Messages postés 11905 Statut Modérateur -
Voilà j'ai fait un hijack de mon pc et je voudrais vous demandez quel lignes il faut supprimer car je n'arrive toujours pas a enlever cette barre .
Merci à vous.
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINNT\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\internat.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Simon Tools\Cyber Ghost\CGhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ADOS\Bureau\HijackThis(Attention avec ce programme)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.libolpukmckcysuzjaih.com/UkgHtUgqXTaQfb25XQeUFvONODX/zNceFh8DbVKa80dBAkw1_KgATuCs5mL8igm7.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebkxreytceir.com/UkgHtUgqXTbCbIgdBh/gWXnA4Guhtsun9fZyTRirhac.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {23133974-E0E1-DFB9-9EF4-EB4F3DE486A8} - C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {60DF4425-F36F-42D7-AECF-A409EBE4558C} - C:\PROGRA~1\SIMONT~1\CYBERG~1\tbcghost.dll
O2 - BHO: (no name) - {A2E9826E-B5EA-5536-5E22-2D3DB43DE90A} - C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe
O3 - Toolbar: SimonTools - {CC48EB38-F950-48C0-9F22-D64F829AE3DF} - C:\PROGRA~1\SIMONT~1\CYBERG~1\tbcghost.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [usbn] C:\WINNT\system32\usbn.exe -go -c167 -w
O4 - HKLM\..\Run: [avnort] C:\WINNT\msmbw.exe
O4 - HKLM\..\Run: [ltwob] C:\WINNT\System32\formatsys.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TYPE NURB MOVE KNOB] C:\Documents and Settings\All Users.WINNT\Application Data\DALE MP3 TYPE NURB\boltlong.exe
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [bendreflicensetwo] C:\Documents and Settings\All Users.WINNT\Application Data\jumpfilebendref\stop idol.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINNT\msmbw.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [mail poke] C:\DOCUME~1\ADOS\APPLIC~1\CASHST~1\Internet Kind Safe.exe
O4 - Global Startup: CGhost.lnk = C:\Program Files\Simon Tools\Cyber Ghost\CGhost.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: VirusScan.lnk = C:\Program Files\Fichiers communs\Network Associates\On Demand Scanner\Scan32\scan32.exe
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.f5biz.com/dial/htm/WebInstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B741A93B-76A7-48EB-9367-F1AC5A017504}: NameServer = 80.10.246.130 80.10.246.3
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINNT\System32\vbsys2.dll (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
Merci à vous.
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINNT\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\internat.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Simon Tools\Cyber Ghost\CGhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ADOS\Bureau\HijackThis(Attention avec ce programme)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.libolpukmckcysuzjaih.com/UkgHtUgqXTaQfb25XQeUFvONODX/zNceFh8DbVKa80dBAkw1_KgATuCs5mL8igm7.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebkxreytceir.com/UkgHtUgqXTbCbIgdBh/gWXnA4Guhtsun9fZyTRirhac.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {23133974-E0E1-DFB9-9EF4-EB4F3DE486A8} - C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {60DF4425-F36F-42D7-AECF-A409EBE4558C} - C:\PROGRA~1\SIMONT~1\CYBERG~1\tbcghost.dll
O2 - BHO: (no name) - {A2E9826E-B5EA-5536-5E22-2D3DB43DE90A} - C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe
O3 - Toolbar: SimonTools - {CC48EB38-F950-48C0-9F22-D64F829AE3DF} - C:\PROGRA~1\SIMONT~1\CYBERG~1\tbcghost.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [usbn] C:\WINNT\system32\usbn.exe -go -c167 -w
O4 - HKLM\..\Run: [avnort] C:\WINNT\msmbw.exe
O4 - HKLM\..\Run: [ltwob] C:\WINNT\System32\formatsys.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TYPE NURB MOVE KNOB] C:\Documents and Settings\All Users.WINNT\Application Data\DALE MP3 TYPE NURB\boltlong.exe
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [bendreflicensetwo] C:\Documents and Settings\All Users.WINNT\Application Data\jumpfilebendref\stop idol.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINNT\msmbw.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [mail poke] C:\DOCUME~1\ADOS\APPLIC~1\CASHST~1\Internet Kind Safe.exe
O4 - Global Startup: CGhost.lnk = C:\Program Files\Simon Tools\Cyber Ghost\CGhost.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: VirusScan.lnk = C:\Program Files\Fichiers communs\Network Associates\On Demand Scanner\Scan32\scan32.exe
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.f5biz.com/dial/htm/WebInstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B741A93B-76A7-48EB-9367-F1AC5A017504}: NameServer = 80.10.246.130 80.10.246.3
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINNT\System32\vbsys2.dll (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
A voir également:
- Aide pour retirer Search Bar
- Spybot search and destroy - Télécharger - Antivirus & Antimalwares
- Search tool - Télécharger - Divers Web & Internet
- Battery bar - Télécharger - Informations & Diagnostic
- Www.google.com search video download - Télécharger - TV & Vidéo
- Retirer pub youtube - Accueil - Streaming
4 réponses
Bonjour,
Fixe ceci :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.libolpukmckcysuzjaih.com/UkgHtUgqXTaQfb25XQeUFvONODX/zNceFh8DbVKa80dB Akw1_KgATuCs5mL8igm7.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebkxreytceir.com/UkgHtUgqXTbCbIgdBh/gWXnA4Guhtsun9fZyTRirhac.cgi
O2 - BHO: (no name) - {23133974-E0E1-DFB9-9EF4-EB4F3DE486A8} - C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {60DF4425-F36F-42D7-AECF-A409EBE4558C} - C:\PROGRA~1\SIMONT~1\CYBERG~1\tbcghost.dll
O2 - BHO: (no name) - {A2E9826E-B5EA-5536-5E22-2D3DB43DE90A} - C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe
O3 - Toolbar: SimonTools - {CC48EB38-F950-48C0-9F22-D64F829AE3DF} - C:\PROGRA~1\SIMONT~1\CYBERG~1\tbcghost.dll
O4 - HKLM\..\Run: [usbn] C:\WINNT\system32\usbn.exe -go -c167 -w
O4 - HKLM\..\Run: [avnort] C:\WINNT\msmbw.exe
O4 - HKLM\..\Run: [ltwob] C:\WINNT\System32\formatsys.exe
O4 - HKLM\..\Run: [TYPE NURB MOVE KNOB] C:\Documents and Settings\All Users.WINNT\Application Data\DALE MP3 TYPE NURB\boltlong.exe
O4 - HKLM\..\Run: [bendreflicensetwo] C:\Documents and Settings\All Users.WINNT\Application Data\jumpfilebendref\stop idol.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINNT\msmbw.exe
O4 - Global Startup: CGhost.lnk = C:\Program Files\Simon Tools\Cyber Ghost\CGhost.exe
O4 - HKCU\..\Run: [mail poke] C:\DOCUME~1\ADOS\APPLIC~1\CASHST~1\Internet Kind Safe.exe
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.f5biz.com/dial/htm/WebInstall.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINNT\System32\vbsys2.dll (file missing)
L'OS est WinME ? Win2000 ?
Fixe ceci :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.libolpukmckcysuzjaih.com/UkgHtUgqXTaQfb25XQeUFvONODX/zNceFh8DbVKa80dB Akw1_KgATuCs5mL8igm7.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebkxreytceir.com/UkgHtUgqXTbCbIgdBh/gWXnA4Guhtsun9fZyTRirhac.cgi
O2 - BHO: (no name) - {23133974-E0E1-DFB9-9EF4-EB4F3DE486A8} - C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {60DF4425-F36F-42D7-AECF-A409EBE4558C} - C:\PROGRA~1\SIMONT~1\CYBERG~1\tbcghost.dll
O2 - BHO: (no name) - {A2E9826E-B5EA-5536-5E22-2D3DB43DE90A} - C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe
O3 - Toolbar: SimonTools - {CC48EB38-F950-48C0-9F22-D64F829AE3DF} - C:\PROGRA~1\SIMONT~1\CYBERG~1\tbcghost.dll
O4 - HKLM\..\Run: [usbn] C:\WINNT\system32\usbn.exe -go -c167 -w
O4 - HKLM\..\Run: [avnort] C:\WINNT\msmbw.exe
O4 - HKLM\..\Run: [ltwob] C:\WINNT\System32\formatsys.exe
O4 - HKLM\..\Run: [TYPE NURB MOVE KNOB] C:\Documents and Settings\All Users.WINNT\Application Data\DALE MP3 TYPE NURB\boltlong.exe
O4 - HKLM\..\Run: [bendreflicensetwo] C:\Documents and Settings\All Users.WINNT\Application Data\jumpfilebendref\stop idol.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINNT\msmbw.exe
O4 - Global Startup: CGhost.lnk = C:\Program Files\Simon Tools\Cyber Ghost\CGhost.exe
O4 - HKCU\..\Run: [mail poke] C:\DOCUME~1\ADOS\APPLIC~1\CASHST~1\Internet Kind Safe.exe
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\Stoppub\StopPub.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.f5biz.com/dial/htm/WebInstall.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINNT\System32\vbsys2.dll (file missing)
L'OS est WinME ? Win2000 ?
Ensuite, démarre en mode sans échec et supprimer le contenu des dossiers :
C:\Documents and Settings\ADOS\Local Settings\Temp
C:\Documents and Settings\ADOS\Local Settings\Temporary internet files
C:\Program Files\JCA2000\
C:\PROGRA~1\SIMONT~1\Local Settings\Temp
C:\PROGRA~1\SIMONT~1\Local Settings\Temporary internet files
Passe un coup de Cleanup, vide la corbeille. Supprime les fichiers cibles du log ( C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe ; C:\WINNT\system32\usbn.exe ; msmbw.exe ; ..... )
Fais un analyse antivirus.
Pose un nouveau log.
C:\Documents and Settings\ADOS\Local Settings\Temp
C:\Documents and Settings\ADOS\Local Settings\Temporary internet files
C:\Program Files\JCA2000\
C:\PROGRA~1\SIMONT~1\Local Settings\Temp
C:\PROGRA~1\SIMONT~1\Local Settings\Temporary internet files
Passe un coup de Cleanup, vide la corbeille. Supprime les fichiers cibles du log ( C:\DOCUME~1\ADOS\APPLIC~1\filmshim\ooze intra.exe ; C:\WINNT\system32\usbn.exe ; msmbw.exe ; ..... )
Fais un analyse antivirus.
Pose un nouveau log.
Le plus souvent Open Search Web est lié à Lop.com, dont il est difficile de se débarasser. Je suis parvenu à sortir cet espion réputé très corriace en cliquant sur http://lop.com/toolbar_uninstall.exe
Il y a des messages de mise en garde, mais il faut passer outre, et en 2 minutes le tour est joué.
J'attends que d'autres confirment.
Il y a des messages de mise en garde, mais il faut passer outre, et en 2 minutes le tour est joué.
J'attends que d'autres confirment.
