Au secours
mloukhiya
Messages postés
5
Statut
Membre
-
Kristopher Messages postés 3752 Statut Contributeur -
Kristopher Messages postés 3752 Statut Contributeur -
Bonjour je suis débutante dans le monde d'internet j'ai téléchargé limewire et en ramenant un fichier j'ai dû faire pénétrer des virus avec moi car mon ordi est complètement out!!! trop lent ainsi que des messages d'erreurs et l'espace sur s qui est bouffé.aidez moi je vous en prie car en plus des pubs n'arretent pas d'envahir mon écran et me bloquent la navigation.
voici le rapport hijackthis.
merci pour votre attention
Logfile of HijackThis v1.99.1
Scan saved at 15:20:42, on 23/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Z3I\command.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
D:\LogiTray.exe
C:\Program Files\outlook\outlook.exe
C:\dfndra.exe
C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\gr\MESDOC~1\DOBE~1\dllhost.exe
C:\Program Files\Movie Maker\wmm2eres.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\gr\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fhelp%2fHelp4%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.menara.ma
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\ISStart.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MP3Chansons] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3Chansons:t
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rnua] "C:\DOCUME~1\gr\MESDOC~1\DOBE~1\dllhost.exe" -vt yazr
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MP3Chansons - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\MP3Chansons (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {44995052-1F17-47DC-B68F-1C48F079E9B4} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.menara.ma
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fphotos.msn.fr%2fresources%2fneutral%2fcontrols%2fMsnPPick.cab%3f10%2c0%2c910%2c0
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - https://www.songtexte.de
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5FF1ABE-9633-4BEB-8EC3-E2B9D5DD8E02}: NameServer = 212.217.1.4 212.217.0.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\l8p2li7o18.dll (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\dn2601fse.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\l8p2li7o18.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Z3I\command.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
voici le rapport hijackthis.
merci pour votre attention
Logfile of HijackThis v1.99.1
Scan saved at 15:20:42, on 23/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Z3I\command.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
D:\LogiTray.exe
C:\Program Files\outlook\outlook.exe
C:\dfndra.exe
C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\gr\MESDOC~1\DOBE~1\dllhost.exe
C:\Program Files\Movie Maker\wmm2eres.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\gr\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fhelp%2fHelp4%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.menara.ma
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\ISStart.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MP3Chansons] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3Chansons:t
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rnua] "C:\DOCUME~1\gr\MESDOC~1\DOBE~1\dllhost.exe" -vt yazr
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MP3Chansons - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\MP3Chansons (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {44995052-1F17-47DC-B68F-1C48F079E9B4} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.menara.ma
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fphotos.msn.fr%2fresources%2fneutral%2fcontrols%2fMsnPPick.cab%3f10%2c0%2c910%2c0
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - https://www.songtexte.de
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5FF1ABE-9633-4BEB-8EC3-E2B9D5DD8E02}: NameServer = 212.217.1.4 212.217.0.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\l8p2li7o18.dll (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\dn2601fse.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\l8p2li7o18.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Z3I\command.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
2 réponses
Bonjour mloukhiya,
Belle infection ;)
Pour commencer, rends toi sur cette page :
virus methode preliminaire de desinfection version fr
Prends bien le temps de tout lire, et recommence tout depuis le début : réinstalle HijackThis comme il faut (car il est mal installé et tu peux avoir de gros problèmes dans le futur).
Finallement, après avoir fait tout comme il faut, n'oublie pas les 3 rapports à la fin, dans l'ordre ;)
Courage, Kristopher
Belle infection ;)
Pour commencer, rends toi sur cette page :
virus methode preliminaire de desinfection version fr
Prends bien le temps de tout lire, et recommence tout depuis le début : réinstalle HijackThis comme il faut (car il est mal installé et tu peux avoir de gros problèmes dans le futur).
Finallement, après avoir fait tout comme il faut, n'oublie pas les 3 rapports à la fin, dans l'ordre ;)
Courage, Kristopher
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 19:41:29 23/06/2006
+ Scan result:
C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
C:\Program Files\TClock\__delete_on_reboot__w_t_c_l_o_c_k_._e_x_e_ -> Adware.Agent : No action taken.
C:\WINDOWS\Z3I\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : No action taken.
C:\WINDOWS\Z3I\__delete_on_reboot__c_o_m_m_a_n_d_._e_x_e_ -> Adware.CommAd : No action taken.
[1160] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[1384] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[1472] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[1496] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[1504] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[1748] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[220] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[3016] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[308] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[3500] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[3760] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[460] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
[804] C:\WINDOWS\Z3I\asappsrv.dll -> Adware.CommAd : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__u_r_i_l_d_l_l_._d_l_l_ -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\bipanui.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ciiconfg.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\cknfmsp.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\en0ql1d51.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\fp2803fue.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\g0jola131d.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\hrl2053oe.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ktn8l75u1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ldrhelp.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\lrasrv.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\lv0009dme.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mhjter40.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mv4ml9h11.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mvj8l91u1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\o4role931h.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\q4nule591h.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\sncurity.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\stmedia.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wsn32spl.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\xnsp2res.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : No action taken.
C:\warebundle.exe -> Adware.Look2Me : No action taken.
C:\Documents and Settings\gr\Local Settings\Temporary Internet Files\Content.IE5\YURS2Z5L\AppWrap[1].exe -> Adware.Zestyfind : No action taken.
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : No action taken.
C:\WINDOWS\temp\bw2.com -> Adware.Zestyfind : No action taken.
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : No action taken.
C:\dfndra.exe -> Downloader.Adload.ce : No action taken.
C:\drsmartload46f.exe -> Downloader.Adload.ch : No action taken.
C:\drsmartload46g.exe -> Downloader.Adload.ch : No action taken.
C:\Documents and Settings\gr\Mes documents\Αdobe\__delete_on_reboot__d_l_l_h_o_s_t_._e_x_e_ -> Downloader.PurityScan.cl : No action taken.
C:\Program Files\Common Files\svchostsys\svchostsys.exe -> Downloader.Small : No action taken.
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : No action taken.
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : No action taken.
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : No action taken.
C:\Program Files\Outlook Express\hotegytip.dll -> Downloader.Small.ctp : No action taken.
C:\drsmartload45g.exe -> Downloader.VB.afn : No action taken.
C:\drsmartload849a.exe -> Downloader.VB.afn : No action taken.
C:\drsmartload849f.exe -> Downloader.VB.afn : No action taken.
C:\drsmartload849g.exe -> Downloader.VB.afn : No action taken.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\temp\Cookies\gr@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Program Files\Common Files\simtest\sysstall.exe -> Trojan.Zapchast.bl : No action taken.
C:\Documents and Settings\gr\Complete\ Games.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\ Music.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\ Software.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Advanced search.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\All RSS feeds.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\All Software.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Audio & Video Software.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Business & Productivity.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\CNET Channel.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\CNET News.com.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Chat & E-mail.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Compare Prices.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Design Tools.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Desktop Enhancements.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Developer Tools.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Digital Photography.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Forgot password.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Free MP3s.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Help Center.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Home & Education.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\How to advertise.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\International media.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Mac Software.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Mobile Software.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\PC Starter Kit.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Partnership opportunities.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Privacy policy.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Release 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Security & Spyware.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Spyware Removal.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Submit Software.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Terms of use.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Today on CNET.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Utilities & Drivers.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\gr\Complete\Why join.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Program Files\outlook\__delete_on_reboot__o_u_t_l_o_o_k_._e_x_e_ -> Worm.VB.dw : No action taken.
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : No action taken.
::Report end
voici à présent le rapport bitdefender
BitDefender Online Scanner
Rapport d'analyse généré à: Fri, Jun 23, 2006 - 22:38:48
Voie d'analyse: A:\;C:\;D:\;E:\;
Statistiques
Temps
02:39:35
Fichiers
142855
Directoires
2141
Secteurs de boot
3
Archives
6444
Paquets programmes
14
Résultats
Virus identifiés
1
Fichiers infectés
1
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
1
Info sur les moteurs
Définition virus
310691
Version des moteurs
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Analyse des plugins
2
Archive des plugins
11
Unpack des plugins
1
E-mail plugins
1
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Network Monitor\netmon.exe
Infecté par: Trojan.Dnschange.F
C:\Program Files\Network Monitor\netmon.exe
Echec de la désinfection
C:\Program Files\Network Monitor\netmon.exe
Supprimé
voici à présent le rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at 23:06:32, on 23/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Z3I\command.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\LogiTray.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fhelp%2fHelp4%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.menara.ma/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MP3Chansons - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\MP3Chansons (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {44995052-1F17-47DC-B68F-1C48F079E9B4} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fphotos.msn.fr%2fresources%2fneutral%2fcontrols%2fMsnPPick.cab%3f10%2c0%2c910%2c0
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - https://www.songtexte.de
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5FF1ABE-9633-4BEB-8EC3-E2B9D5DD8E02}: NameServer = 212.217.1.4 212.217.0.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\l8p2li7o18.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\dn2601fse.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\l8p2li7o18.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Z3I\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
merci de votre gentillesse et au plaisir de vous lire.
Refais un scan avec Ewido et colle un nouveau rapport, je voudrais vérifier quelque chose...
a+
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:08:40 25/06/2006
+ Scan result:
C:\Program Files\Movie Maker\__delete_on_reboot__w_m_m_2_r_e_s_2_._e_x_e_ -> Adware.Agent : No action taken.
[600] C:\Program Files\Movie Maker\wmm2res2.exe -> Adware.Agent : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__s_i_d_p_s_r_v_._d_l_l_ -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\en4ol1h31.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : No action taken.
[1264] C:\WINDOWS\system32\sidpsrv.dll -> Adware.Look2Me : No action taken.
[1672] C:\WINDOWS\system32\sidpsrv.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\gr\Local Settings\Temp\Cookies\gr@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\WINDOWS\temp\Cookies\gr@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
::Report end
Pourquoi te contentes-tu de faire un scan avec Ewido sans rien de plus ?
No action taken = pas d'action entreprise...
Alors désinfecte peut être ton PC, non ? :)
Après ça, poste le nouveau log d'Ewido suivi subséquemment d'un nouveau log HijackThis.
a+