Sujet Précédent Sujet Suivant

Rapport HijackThis

nassim -  
 Utilisateur anonyme -
voici le raport:

Logfile of HijackThis v1.99.1
Scan saved at 22:15:35, on 08/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
\Red\D\Programs\Install_MSN_Messenger.EXE
C:\DOCUME~1\karim\LOCALS~1\Temp\IXP000.TMP\bootstrap.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Documents and Settings\karim\Bureau\HijackThis\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\System32\ssqpm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ids32] rundll32.exe C:\WINDOWS\System32\ids32.dll,start
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad18.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname18.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\RunServices: [Windows ASN Services] ifct.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECDCF6E-4A59-4381-A0E5-511BF367E371}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\l4r00e9meh.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\SYSTEM32\ssqpm.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\system32\keys.exe (file missing)
A voir également:

8 réponses

Réponse 1 / 8
Utilisateur anonyme
 
Salut,

Télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
double clique sur l2mfix.exe pour lancer l'extraction.
dans le dossier l2mfix, double clique sur l2mfix.bat et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.
0
Réponse 2 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
BONSOIR !!!

et belle infection

Vundo + look2me ...

Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe

- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0
Réponse 3 / 8
Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
Grillée Green ... ;-)
0
Réponse 4 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
mdr !!!

avec Boulepate, c'est normal ... trop rapide ! 

 mince, j'avais pas vu 8-)
0
Utilisateur anonyme
 
lOl GrilleD :P

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
nassim
 
Merci les gars!

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l4r00e9meh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpm]
"Asynchronous"=dword:00000001
"DllName"="ssqpm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C6CF8FBF-6DFC-5224-8284-DCCC4D0D7CE0}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{EE1BD36D-C585-4B19-AD01-1AF194582FBC}"=""
"{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}"=""
"{F9936C52-0553-4346-9D1E-00A8971FB2A2}"=""
"{D539357D-B83A-4928-BCF1-2E86FC313A79}"=""
"{6ED97466-15B3-4E99-922B-6083AAF1B22E}"=""
"{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdest.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\oee2nls.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\InprocServer32]
@="C:\\WINDOWS\\system32\\agsldp.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
en4sl1~1.dll Mon 8 May 2006 20:25:18 ..S.R 236 013 230,48 K
hr4605~1.dll Mon 8 May 2006 21:19:24 ..S.R 235 107 229,59 K
irj8l5~1.dll Mon 8 May 2006 21:19:32 ..S.R 234 915 229,41 K
j80s0i~1.dll Mon 8 May 2006 20:50:16 ..S.R 234 272 228,78 K
kjdest.dll Mon 8 May 2006 20:34:02 ..S.R 234 272 228,78 K
l4r00e~1.dll Mon 8 May 2006 22:26:22 ..S.R 235 083 229,57 K
o0ro0a~1.dll Mon 8 May 2006 22:30:54 ..S.R 235 869 230,34 K
oee2nls.dll Mon 8 May 2006 20:47:16 ..S.R 234 272 228,78 K
p0n80a~1.dll Mon 8 May 2006 20:25:24 ..S.R 234 352 228,86 K
qghumeay.dll Mon 8 May 2006 20:36:18 A.... 17 408 17,00 K
rmz.dll Thu 13 Apr 2006 14:34:52 A.... 38 925 38,01 K
ssqpm.dll Thu 13 Apr 2006 14:34:52 ..... 38 925 38,01 K
__dele~1.dll Mon 8 May 2006 22:26:12 A.... 234 462 228,96 K
__dele~2.dll Mon 8 May 2006 22:28:54 A.... 235 869 230,34 K
__dele~3.dll Mon 8 May 2006 22:40:12 A.... 235 083 229,57 K

15 items found: 15 files (9 H/S), 0 directories.
Total of file sizes: 2 914 827 bytes 2,78 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Mon 8 May 2006 22:40:18 A.... 236 190 230,65 K

1 item found: 1 file, 0 directories.
Total of file sizes: 236 190 bytes 230,65 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est D00F-751F

R‚pertoire de C:\WINDOWS\System32

08/05/2006 22:37 <REP> dllcache
08/05/2006 22:30 235ÿ869 o0ro0a93ed.dll
08/05/2006 22:26 235ÿ083 l4r00e9meh.dll
08/05/2006 21:19 234ÿ915 irj8l51u1.dll
08/05/2006 21:19 235ÿ107 hr4605hse.dll
08/05/2006 20:50 234ÿ272 j80s0id7e80.dll
08/05/2006 20:47 234ÿ272 oee2nls.dll
08/05/2006 20:34 234ÿ272 kjdest.dll
08/05/2006 20:25 234ÿ352 p0n80a5ued.dll
08/05/2006 20:25 236ÿ013 en4sl1h71.dll
08/05/2006 20:11 220ÿ160 Anti-Vlrus.exe
08/05/2006 19:55 <REP> Microsoft
10 fichier(s) 2ÿ334ÿ315 octets
2 R‚p(s) 6ÿ832ÿ181ÿ248 octets libres
0
Utilisateur anonyme
 
attention Green Day c'est une femme :O ..mdrr la pôvre :-(

Relances l2mfix.bat et sélectionne l'option 2
L'ordi va redémarrer automatiquement sinon fais le de toi même
Recopie le rapport et colle le ici avec un nouveau rapport hijackthis
0
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163 > Utilisateur anonyme
 
lol

t'inkete pas, je me suis fais une raison lol

et je ne me lasserai pas de le dire ;-)

bonne soirée ! 

 je vais plus tardé : demain école ...

++

0
Réponse 6 / 8
nassim
 
Remercie !!!

log L2mfix

L2mfix 032106
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 820 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 892 'winlogon.exe'
Killing PID 892 'winlogon.exe'
Killing PID 892 'winlogon.exe'
Killing PID 892 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 312 'explorer.exe'
Killing PID 312 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1796 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\__delete_on_reboot__aempvcno.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__aempvcno.dll
Deleting: C:\WINDOWS\system32\__delete_on_reboot__agsldp.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__agsldp.dll
Deleting: C:\WINDOWS\system32\__delete_on_reboot__myrepl40.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__myrepl40.dll
Deleting: C:\WINDOWS\system32\en4sl1h71.dll
Successfully Deleted: C:\WINDOWS\system32\en4sl1h71.dll
Deleting: C:\WINDOWS\system32\hr4605hse.dll
Successfully Deleted: C:\WINDOWS\system32\hr4605hse.dll
Deleting: C:\WINDOWS\system32\irj8l51u1.dll
Successfully Deleted: C:\WINDOWS\system32\irj8l51u1.dll
Deleting: C:\WINDOWS\system32\j80s0id7e80.dll
Successfully Deleted: C:\WINDOWS\system32\j80s0id7e80.dll
Deleting: C:\WINDOWS\system32\kjdest.dll
Successfully Deleted: C:\WINDOWS\system32\kjdest.dll
Deleting: C:\WINDOWS\system32\o0ro0a93ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0ro0a93ed.dll
Deleting: C:\WINDOWS\system32\oee2nls.dll
Successfully Deleted: C:\WINDOWS\system32\oee2nls.dll
Deleting: C:\WINDOWS\system32\p0n80a5ued.dll
Successfully Deleted: C:\WINDOWS\system32\p0n80a5ued.dll
Deleting: C:\WINDOWS\system32\p2p60c7sef.dll
Successfully Deleted: C:\WINDOWS\system32\p2p60c7sef.dll
Deleting: C:\WINDOWS\system32\wzpcd.dll
Successfully Deleted: C:\WINDOWS\system32\wzpcd.dll

msg11?.dll
0 fichier(s) copi‚(s).

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MediaContentIndex]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\o0ro0a93ed.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpm]
"Asynchronous"=dword:00000001
"DllName"="ssqpm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\__delete_on_reboot__aempvcno.dll
C:\WINDOWS\system32\__delete_on_reboot__agsldp.dll
C:\WINDOWS\system32\__delete_on_reboot__myrepl40.dll
C:\WINDOWS\system32\en4sl1h71.dll
C:\WINDOWS\system32\hr4605hse.dll
C:\WINDOWS\system32\irj8l51u1.dll
C:\WINDOWS\system32\j80s0id7e80.dll
C:\WINDOWS\system32\kjdest.dll
C:\WINDOWS\system32\o0ro0a93ed.dll
C:\WINDOWS\system32\oee2nls.dll
C:\WINDOWS\system32\p0n80a5ued.dll
C:\WINDOWS\system32\p2p60c7sef.dll
C:\WINDOWS\system32\wzpcd.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdest.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\oee2nls.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}\InprocServer32]
@="C:\\WINDOWS\\system32\\agsldp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}\InprocServer32]
@="C:\\WINDOWS\\system32\\wzpcd.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{EE1BD36D-C585-4B19-AD01-1AF194582FBC}"=-
"{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}"=-
"{F9936C52-0553-4346-9D1E-00A8971FB2A2}"=-
"{D539357D-B83A-4928-BCF1-2E86FC313A79}"=-
"{6ED97466-15B3-4E99-922B-6083AAF1B22E}"=-
"{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}"=-
"{E2624599-8520-4328-817E-CBFAE5C71314}"=-
[-HKEY_CLASSES_ROOT\CLSID\{EE1BD36D-C585-4B19-AD01-1AF194582FBC}]
[-HKEY_CLASSES_ROOT\CLSID\{A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F9936C52-0553-4346-9D1E-00A8971FB2A2}]
[-HKEY_CLASSES_ROOT\CLSID\{D539357D-B83A-4928-BCF1-2E86FC313A79}]
[-HKEY_CLASSES_ROOT\CLSID\{6ED97466-15B3-4E99-922B-6083AAF1B22E}]
[-HKEY_CLASSES_ROOT\CLSID\{CBDF6756-2BF3-4E31-9F1B-BDE4449E962A}]
[-HKEY_CLASSES_ROOT\CLSID\{E2624599-8520-4328-817E-CBFAE5C71314}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/en4sl1h71.dll (164 bytes security) (deflated 5%)
adding: dlls/hr4605hse.dll (164 bytes security) (deflated 5%)
adding: dlls/irj8l51u1.dll (164 bytes security) (deflated 5%)
adding: dlls/j80s0id7e80.dll (164 bytes security) (deflated 4%)
adding: dlls/kjdest.dll (164 bytes security) (deflated 4%)
adding: dlls/o0ro0a93ed.dll (164 bytes security) (deflated 5%)
adding: dlls/oee2nls.dll (164 bytes security) (deflated 4%)
adding: dlls/p0n80a5ued.dll (164 bytes security) (deflated 4%)
adding: dlls/p2p60c7sef.dll (164 bytes security) (deflated 5%)
adding: dlls/wzpcd.dll (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__aempvcno.dll (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__agsldp.dll (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__myrepl40.dll (164 bytes security) (deflated 4%)
adding: backregs/A6B40F90-C786-4DAF-A1BB-DDA7C4E0AFEC.reg (212 bytes security) (deflated 70%)
adding: backregs/CBDF6756-2BF3-4E31-9F1B-BDE4449E962A.reg (212 bytes security) (deflated 70%)
adding: backregs/E2624599-8520-4328-817E-CBFAE5C71314.reg (212 bytes security) (deflated 70%)
adding: backregs/F9936C52-0553-4346-9D1E-00A8971FB2A2.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

------------------------

log HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 23:19:00, on 08/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\mousepad18.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\karim\Bureau\HijackThis\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\System32\ssqpm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ids32] rundll32.exe C:\WINDOWS\System32\ids32.dll,start
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad18.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname18.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\RunServices: [Windows ASN Services] ifct.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECDCF6E-4A59-4381-A0E5-511BF367E371}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\o0ro0a93ed.dll (file missing)
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\SYSTEM32\ssqpm.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\system32\keys.exe (file missing)
0
Utilisateur anonyme
 
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\System32\ssqpm.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ids32] rundll32.exe C:\WINDOWS\System32\ids32.dll,start
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad18.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname18.exe
O4 - HKLM\..\RunServices: [Windows ASN Services] ifct.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\o0ro0a93ed.dll (file missing)
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\SYSTEM32\ssqpm.dll

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.


Puis fait ça:

Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici avec un nouveau rapport hijackthis
Ewido:
Ewido Security Suite
0
Réponse 7 / 8
nassim
 
Merci MASTER

raport VirtumundoBeGone..
-----------------------------------------
[05/08/2006, 23:39:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\karim\Bureau\Contre attaque\VirtumundoBeGone.exe" )
[05/08/2006, 23:39:30] - Detected System Information:
[05/08/2006, 23:39:30] - Windows Version: 5.1.2600, Service Pack 1
[05/08/2006, 23:39:30] - Current Username: karim (Admin)
[05/08/2006, 23:39:30] - Windows is in NORMAL mode.
[05/08/2006, 23:39:30] - Searching for Browser Helper Objects:
[05/08/2006, 23:39:30] - BHO 1: {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} ()
[05/08/2006, 23:39:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2006, 23:39:30] - Checking for HKLM\...\Winlogon\Notify\ssqpm
[05/08/2006, 23:39:30] - Found: HKLM\...\Winlogon\Notify\ssqpm - This is probably Virtumundo.
[05/08/2006, 23:39:30] - Assigning {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} MSEvents Object
[05/08/2006, 23:39:30] - BHO list has been changed! Starting over...
[05/08/2006, 23:39:30] - BHO 1: {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} (MSEvents Object)
[05/08/2006, 23:39:30] - ALERT: Found MSEvents Object!
[05/08/2006, 23:39:30] - Finished Searching Browser Helper Objects
[05/08/2006, 23:39:30] - *** Detected MSEvents Object
[05/08/2006, 23:39:30] - Trying to remove MSEvents Object...
[05/08/2006, 23:39:31] - Terminating Process: IEXPLORE.EXE
[05/08/2006, 23:39:36] - Terminating Process: RUNDLL32.EXE
[05/08/2006, 23:39:36] - Disabling Automatic Shell Restart
[05/08/2006, 23:39:36] - Terminating Process: EXPLORER.EXE
[05/08/2006, 23:39:37] - Suspending the NT Session Manager System Service
[05/08/2006, 23:39:37] - Terminating Windows NT Logon/Logoff Manager
[05/08/2006, 23:39:37] - Re-enabling Automatic Shell Restart
[05/08/2006, 23:39:37] - File to disable: C:\WINDOWS\system32\ssqpm.dll
[05/08/2006, 23:39:37] - Renaming C:\WINDOWS\system32\ssqpm.dll -> C:\WINDOWS\system32\ssqpm.dll.vir
[05/08/2006, 23:39:37] - File successfully renamed!
[05/08/2006, 23:39:37] - Removing HKLM\...\Browser Helper Objects\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}
[05/08/2006, 23:39:37] - Removing HKCR\CLSID\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}
[05/08/2006, 23:39:37] - Adding Kill Bit for ActiveX for GUID: {F2FA09FB-EE7A-46d8-9145-A1EEF7850052}
[05/08/2006, 23:39:37] - Deleting ATLEvents/MSEvents Registry entries
[05/08/2006, 23:39:37] - Removing HKLM\...\Winlogon\Notify\ssqpm
[05/08/2006, 23:39:37] - Searching for Browser Helper Objects:
[05/08/2006, 23:39:37] - Finished Searching Browser Helper Objects
[05/08/2006, 23:39:37] - Finishing up...
[05/08/2006, 23:39:37] - A restart is needed.
[05/08/2006, 23:39:40] - Attempting to Restart via STOP error (Blue Screen!)

///////////////////
rapport HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 23:45:30, on 08/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\karim\Bureau\Contre attaque\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ids32] rundll32.exe C:\WINDOWS\System32\ids32.dll,start
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECDCF6E-4A59-4381-A0E5-511BF367E371}: NameServer = 61.88.88.88 205.252.144.228
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\system32\keys.exe (file missing)
0
Utilisateur anonyme
 
Refais un scan complet avec Ewido et colle le rapport ici j'en ai besoin stp
0
Réponse 8 / 8
nassim
 
+ Résultats du scan:

C:\Documents and Settings\karim\Bureau\Contre attaque\HijackThis\backups\backup-20060508-233745-254.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\Documents and Settings\karim\Cookies\karim@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\karim\Cookies\karim@2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\karim\Cookies\karim@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\karim\Cookies\karim@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\karim\Cookies\karim@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\karim\Local Settings\Temporary Internet Files\Content.IE5\9X2F2UT1\AppWrap[1].exe -> Adware.AdURL : Nettoyer et sauvegarder
C:\Installer.exe -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\icont.exe -> Adware.AdURL : Nettoyer et sauvegarder
C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Nettoyer et sauvegarder
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\35C3KKGL\Installer[1].exe -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XLV4QWSY\ad[1].exe -> Adware.WinAD : Nettoyer et sauvegarder
C:\WINDOWS\system32\rmz.dll -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\WINDOWS\system32\ssqpm.dll.vir -> Adware.Virtumonde : Nettoyer et sauvegarder
C:\WINDOWS\Temp\__delete_on_reboot__bw2.com -> Adware.AdURL : Nettoyer et sauvegarder

::Fin du rapport
0
Utilisateur anonyme
 
clique sur demarrer, rechercher, cherche et supprime ces fichiers:

ids32.dll
keyboard18.exe
mousepad18.exe
newname18.exe
ifct.exe

si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui ci tapotes la touche f8, à l'ecran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers, vides ta corbeille et redemarres normalement

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X, pour le faire fonctionner,
une fois qu'il a terminé colle le rapport ici stp avec un nouveau rapport hijackthis

https://www.bitdefender.com/toolbox/
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses