Précédent
- 1
- 2
-
Salut
En fait il redemarre pas?
Redemarre manuellement alors.
A+ -
t'es sur qu'en le rédemarrant Manuellement, pocket killbox va quand meme exécuter sa suppression ? Et faut il que je redémarre avec le message d'erreur afficher ou je clique sur ok , puis je ferme pocket killbox ?
-
Salut
Oui oui t inquietes pas lol
Tu clik sur ok, tu fermes kill box et toutes les applications et tu redemarres.
A+ -
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"WinUpdate.exe" = "H:\Program Files\Windows\WinUpdate.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TkBellExe" = ""H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "H:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "H:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e OODBS" [file not found], [MS], [file not found], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\photos\logo\logo noir & vert plastik.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "H:\WINDOWS\System32\sstext3d.scr" [MS]
Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------
E:\
INFECTION WARNING! E:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]
Startup items in "Fr@nckyll" & "All Users" startup folders:
-----------------------------------------------------------
H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{052B12F7-86FA-4921-8482-26C42316B522}"
-> {HKLM...CLSID} = "Safety Bar"
\InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{F053C368-5458-45B2-9B4D-D8914BDDDBFF}" = (no title provided)
-> {HKLM...CLSID} = "TextAloud"
\InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\(Default) = "Safety Bar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]
HKLM\Software\Classes\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF}\(Default) = "TextAloud"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "H:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
H:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 2 lines
HOSTS file
----------
H:\WINDOWS\System32\drivers\etc\HOSTS
maps: 3 domain names to IP addresses,
2 of the IP addresses are *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "H:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "H:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 156 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 25 seconds.
---------- (total run time: 278 seconds) -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Salut
Ahh le bougre, il resiste lol mais on l aura :-)
Regarde s il apparait maintenant:
H:\Program Files\Windows\WinUpdate.exe
(il est dans le H)
Et aussi fais ceci stp:
demarer < poste de travail < c < windows < systeme32< drivers < etc < host, ouvre le avec le bloc note, copie/colle ici ce qu il contient.
A+ -
Le fichier H:\Program Files\Windows\WinUpdate.exe est toujours introuvable ( même en affichant les fichier cachés et systèmes)
Voici le rapport :
# Copyright (c) 1993-2004 Microsoft Corp.
#
# AutoGenerated by Microsoft (R) Windows (R) Malicious Software Removal Tool.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
0.0.0.0 www.zango.com
0.0.0.0 zango.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy -
Salut
Ce qui est la:
0.0.0.0 www.zango.com
0.0.0.0 zango.com
Se trouve dans le fichier host?
a+ -
-
Salut
Tu les supprimes, pour qu il ne reste plus que ceci:
# Copyright (c) 1993-2004 Microsoft Corp. # # AutoGenerated by Microsoft (R) Windows (R) Malicious Software Removal Tool. # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost
Puis clik fichier < enregistrer.
Redemarre, verifie que c est toujours comme au dessu et regarde si tu vois le fichier maintenant
a+ -
Le fichier Hosts a bien été modifié , mais le fichier WinUpdate.exe reste toujours introuvable ... :/
-
Je joint aussi un rapport bitdefender au cas où :
--------------------------------------------------------------------------
BitDefender Online Scanner
Rapport d'analyse généré à: Wed, Jul 19, 2006 - 04:48:03
Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;
Statistiques
Temps
01:54:30
Fichiers
319109
Directoires
5762
Secteurs de boot
5
Archives
10112
Paquets programmes
22767
Résultats
Virus identifiés
2
Fichiers infectés
43
Fichiers suspects
0
Avertissements
0
Désinfectés
39
Fichiers effacés
0
Info sur les moteurs
Définition virus
411865
Version des moteurs
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Analyse des plugins
13
Archive des plugins
39
Unpack des plugins
5
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dc3\wwpClean.exe
Infecté par: Win32.Virtob.C
C:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dc3\wwpClean.exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Process.exe
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Process.exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\restart.exe
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\restart.exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5B.tmp
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5B.tmp
Désinfecté
H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5C.tmp
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5C.tmp
Désinfecté
H:\Documents and Settings\Fr@nckyll\Local Settings\Temporary Internet Files\Content.IE5\RK5VBL56\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Local Settings\Temporary Internet Files\Content.IE5\RK5VBL56\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk=>H:\Program Files\IntelliTamper\intellitamper.exe
Infecté par: Win32.Virtob.C
H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk=>H:\Program Files\IntelliTamper\intellitamper.exe
Désinfecté
H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk
Mis à jour
H:\Program Files\ewido anti-malware\ewidoguard.exe
Infecté par: Win32.Virtob.C
H:\Program Files\ewido anti-malware\ewidoguard.exe
Désinfecté
H:\Program Files\ewido anti-malware\SecuritySuite.exe
Infecté par: Win32.Virtob.C
H:\Program Files\ewido anti-malware\SecuritySuite.exe
Désinfecté
H:\Program Files\ewido anti-spyware 4.0\ewido.exe
Infecté par: Win32.Virtob.C
H:\Program Files\ewido anti-spyware 4.0\ewido.exe
Désinfecté
H:\Program Files\ewido anti-spyware 4.0\guard.exe
Infecté par: Win32.Virtob.C
H:\Program Files\ewido anti-spyware 4.0\guard.exe
Echec de la désinfection
H:\Program Files\ewido anti-spyware 4.0\guard.exe
Echec de la suppression
H:\Program Files\MSN Messenger\msnmsgr.exe
Infecté par: Win32.Virtob.C
H:\Program Files\MSN Messenger\msnmsgr.exe
Echec de la désinfection
H:\Program Files\MSN Messenger\msnmsgr.exe
Echec de la suppression
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh53\WoW.exe
Infecté par: Win32.Virtob.C
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh53\WoW.exe
Désinfecté
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh56.exe
Infecté par: Win32.Virtob.C
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh56.exe
Désinfecté
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh57.exe
Infecté par: Win32.Virtob.C
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh57.exe
Désinfecté
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh62.exe
Infecté par: Win32.Virtob.C
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh62.exe
Désinfecté
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh66.exe
Infecté par: Win32.Virtob.C
H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh66.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046500.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046500.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046573.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046573.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046574.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046574.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046575.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046575.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046576.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046576.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046578.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046578.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046579.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046579.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046592.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046592.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046607.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046607.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046608.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046608.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046728.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046728.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046730.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046730.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046731.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046731.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046732.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046732.exe
Désinfecté
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046733.exe
Infecté par: Win32.Virtob.C
H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046733.exe
Désinfecté
H:\WINDOWS\system32\ati2evxx.exe
Infecté par: Win32.Virtob.C
H:\WINDOWS\system32\ati2evxx.exe
Echec de la désinfection
H:\WINDOWS\system32\ati2evxx.exe
Echec de la suppression
H:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
Infecté par: Win32.Virtob.C
H:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
Désinfecté
H:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Infecté par: Win32.Virtob.C
H:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Désinfecté
H:\WINDOWS\system32\Process.exe
Infecté par: Win32.Virtob.C
H:\WINDOWS\system32\Process.exe
Désinfecté
H:\WINDOWS\system32\spoolsv.exe
Infecté par: Win32.Virtob.C
H:\WINDOWS\system32\spoolsv.exe
Echec de la désinfection
H:\WINDOWS\system32\spoolsv.exe
Echec de la suppression
H:\WINDOWS\system32\swreg.exe
Infecté par: Win32.Virtob.C
H:\WINDOWS\system32\swreg.exe
Désinfecté
H:\WINDOWS\system32\swsc.exe
Infecté par: Win32.Virtob.C
H:\WINDOWS\system32\swsc.exe
Désinfecté -
Il infecte tous les executables ce c** !
Lance un scan avec bitdefender.
Puis;
Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans "Full Path of File to Delete"
- -Sélectionne "single File"
copie et colle:
H:\Program Files\Windows\WinUpdate.exe
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.
Au redemarrage lance ewido et donne le rapport!
Puis remet un silent runner -
Salut,
J'ai un problème, quand je lance silent runner et que je lui demande de scanner, j'ai ce message d 'erreur : Http://dj.franckyll.free.fr/erreur silent runner.jpg
Qu'est ce que c'est ? Que faut uk que je fasse ?
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:57:10 21/07/2006
+ Scan result:
Nothing found.
::Report end
---------------------------------------------------------------------------- -
Re,
tu peux essayer de le retelecharger? -
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"WinUpdate.exe" = "H:\Program Files\Windows\WinUpdate.exe" [file not found]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Win32 Security Protocol" = "secure32.exe" [file not found]
"LogitechSoftwareUpdate" = ""H:\Program Files\Logitech\ManifestEngine.exe" boot" ["Logitech Inc."]
"BitTorrent" = ""H:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TkBellExe" = ""H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
"LVCOMSX" = "H:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "H:\Program Files\Logitech\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "H:\Program Files\Logitech\LogiTray.exe" ["Logitech Inc."]
"Win32 Security Protocol" = "secure32.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "H:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "H:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "H:\Program Files\Logitech\Namespc2.dll" ["Logitech Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e OODBS" [file not found], [MS], [file not found], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\photos\logo\logo noir & vert plastik.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "H:\WINDOWS\System32\sstext3d.scr" [MS]
Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------
E:\
INFECTION WARNING! E:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]
Startup items in "Fr@nckyll" & "All Users" startup folders:
-----------------------------------------------------------
H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{052B12F7-86FA-4921-8482-26C42316B522}"
-> {HKLM...CLSID} = "Safety Bar"
\InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{F053C368-5458-45B2-9B4D-D8914BDDDBFF}" = (no title provided)
-> {HKLM...CLSID} = "TextAloud"
\InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\(Default) = "Safety Bar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]
HKLM\Software\Classes\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF}\(Default) = "TextAloud"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "H:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
H:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "H:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "H:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 206 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 44 seconds.
---------- (total run time: 407 seconds) -
Salute,
Ou en sont tes soucis actuels?
a+ -
salut j'ai le meme probleme !!!
j'ai trouvé un removal pour ce virus sur le site de grisoft !
le nom du virus c'est win32/virut !!!!
il infecte tout les .exe par injection de code dans les fichiers exe !
il n'utilise pas de rootkit pour se cacher mais l'injection!
pour l'instant aucun antivirus n'est capable de proteger et reparer ce virus(a ma connaissance!)
une grosse ***** qui infecte tout les .exe de tout tes disques !
ca craint vraiment !
il faut desactiver tout les options recuperations du systeme !
puis utiliser le removal en mode sans echec en l'ayant telecharger a partir d'un pc non infecté !
voici le lien :
http://www.grisoft.com/doc/34/us/crp/0/ndi/67762
moi mon probleme c'est que j'arrive pas a redemarrer en mode sans echec car il reboot des que je tente le mode sans echec !
donc logiquement j'ai formaté 250 gigas de donnés et je me suis dis ok ca va allé bien maintenant !
et bien non !!!!
il est toujours la ce -****** de virus de *******!!!!!!
donc moi ma solution va etre radicale : je sauvegarde tout mes fichiers importants (tout sauf des .exe car le virus n'infecte que ceux la)
et pour info j'avais avg antispyware a jour installé et avg antivirus 7.5 a jour installé lors de ma contamination !
le virus a contaminé l'antivirus qui detecté des fichiers infecté dans le \sys32 et qui les a donc supprimés ou mis en quarantaine puis au redemarrage plus acces a windows !!!
suite a un bidouillage je recupere la possibilité d'avoir acces a windows et meme en essayant avec avast je recevais un message comme quoi le prograùme est modifié illegalement et qu'il est risqué de continuer a utiliser le programme !
meilleur solution actuelle : sauvegardé tout vos fichiers importants (aucun .exe!!!!) et formater a fond tout vos disques durs !!
rrrrrrrrrrrrrrrrrrrrrrr
ca enerve !
Précédent
- 1
- 2