Sujet Précédent Sujet Suivant

Sos dialer trojan (généric)

Résolu/Fermé
momomomodu13 - 28 sept. 2006 à 15:30
darom Messages postés 57 Date d'inscription samedi 11 novembre 2006 Statut Membre Dernière intervention 1 août 2010 - 29 janv. 2007 à 16:00
slt à tous,
j'ai un grave problème virus dialer trojan généric
je lance norton il me les trouve je vide et ils sont toujours la
à chaque relance de norton il trouve des fichiers infectés
donc j'ai suivi à peu près ce que j'ai trouvé sur le forum
mais bon voilà
il y en a toujours des fichiers infectés (trouvé par norton)


voilà l'étape que j'ai suivi
je suis sur windows xp amd 512 mémoires vives 40 go dd


j'ai

utilise tous ces programmes :
_ad-aware se : http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
_le patch francais ad-aware : http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
spybot search and destroy :http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
-the cleaner : https://www.softwarefordown.com/thecleaner/
pour scan complet :
tu desactives ta restauration systeme si tu es sous millenium ou xp : clique droit sur poste de travail/onglet rest.systeme/coche desactiver la rest.systeme
- tu mets a jour les 2 produits que tu as téléchargé
-tu redémarres ton pc en mode sans échec( au demarrage du pc tu tapotes sur la touch f8 ou f5, tu arrives sur une page, et tu choisis " demarrere en mode sans échec"
-tu lances les scans avec les 2 produits en mode sans échec
enfin et apres tous les scans tu utilises hijackthis. Tu lances le scan et fais copier coller du rapport ici.
http://telechargement.zebulon.fr/138-HijackThis-1.98.2.html

donc je vous mets hijacktis mon copier coller ici

Logfile of HijackThis v1.99.1
Scan saved at 14:24:44, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\The Cleaner\cleaner.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C24255E-3DEF-E481-3D42-086ECD3EBA8C} - D:\WINDOWS\system32\eteybpd.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - D:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [cefqrze.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\cefqrze.dll,yxlebtd
O4 - HKLM\..\Run: [PVModule] D:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Corel Print Office Registration.lnk = D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
O4 - Startup: Smartmouse Usb.lnk = D:\Program Files\Smartmouse USB\SMusb.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuns32 - D:\WINDOWS\SYSTEM32\winuns32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe



merci à vous pour votre aide
A voir également:

38 réponses

  • 1
  • 2
Réponse 1 / 38
Utilisateur anonyme
28 sept. 2006 à 23:32
Salut,

Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici avec un nouveau rapport hijackthis
Ewido: (reste gratuit après la période d'essai)
Ewido
0
Réponse 2 / 38
momomomodu13
30 sept. 2006 à 09:57
bonjour à tous ,
voilà j'ai téléchargé "Ewindo"
je l'ai installé et fait un scan
je n'y arrive pas à supprimmer
ensuite j'ai fait un scan avec hijactis
voilà le résultat

Logfile of HijackThis v1.99.1
Scan saved at 09:49:30, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\system32\hphmon03.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\PRINTV~1\pvmodule.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\The Cleaner\tcm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\AOL 9.0\aoltray.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
D:\WINDOWS\system32\HPHipm09.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C24255E-3DEF-E481-3D42-086ECD3EBA8C} - D:\WINDOWS\system32\eteybpd.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - D:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [cefqrze.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\cefqrze.dll,yxlebtd
O4 - HKLM\..\Run: [PVModule] D:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Corel Print Office Registration.lnk = D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
O4 - Startup: Smartmouse Usb.lnk = D:\Program Files\Smartmouse USB\SMusb.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuns32 - D:\WINDOWS\SYSTEM32\winuns32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe


que dois-je faire svp merci encore à vous tous
0
darom Messages postés 57 Date d'inscription samedi 11 novembre 2006 Statut Membre Dernière intervention 1 août 2010
29 janv. 2007 à 16:00
HijackThis v1.99.1
Scan saved at 15:58:50, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lequipe.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [sakopuetmh] c:\windows\system32\sakopuetmh.exe sakopuetmh
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D061514-8D58-40D8-BB88-2BA6DCA9E5E1} (FontDown Class) - http://www.qurancomplex.com/Downloads/DownloadQuranFont.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://support.lenovo.com/fr/en/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.com/Downloads/FontSmooth_New.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97A7F483-EDDC-4C59-9BC0-06525795581C}: NameServer = 86.64.145.144 84.103.237.144
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
0
Réponse 3 / 38
Utilisateur anonyme
30 sept. 2006 à 10:00
Salut,

clic sur démarrer, rechercher et supprime ces fichiers:

winuns32.dll
cefqrze.dll
eteybpd.dll

**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement


Refais un scan complet avec Ewido et choisis "delete"


Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/
0
Réponse 4 / 38
momomomodu13
30 sept. 2006 à 12:57
rebonjour , voilà j'ai simplement réussi à supprimer 2 fichiers sauf
"winuns32.dll ,,,meme en mode sans échec
ensuite j'ai éffectué un scan avec ewindo
j'ai 53 fichiers détecter mais je ne peux supprimer

voici le rapport de ewindo

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:30:39 30/09/2006

+ Scan result:



D:\RECYCLER\NPROTECT\00044483.dll -> Adware.Altnet : Cleaned.
D:\RECYCLER\NPROTECT\00044484.exe -> Adware.Altnet : Cleaned.
HKU\S-1-5-21-1123561945-920026266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned.
D:\WINDOWS\Temp\idd1.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd235.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd269.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd27C.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd27E.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd280.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd375.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd617.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd7.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd7A.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd87.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd8B.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd9B.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd9C.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd9D.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\idd9E.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\iddA2.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\iddA3.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\WINDOWS\Temp\iddA4.tmp.exe -> Dialer.Agent.z : Cleaned.
D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\2J1JS3X6\srvfoo[1].exe -> Dialer.IDialer.m : Cleaned.
D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\2J1JS3X6\srvona[1].exe -> Dialer.IDialer.m : Cleaned.
D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\CTCXEF4T\srvhpw[1].exe -> Dialer.IDialer.m : Cleaned.
D:\WINDOWS\Temp\win202.tmp.exe -> Dialer.IDialer.m : Cleaned.
D:\WINDOWS\Temp\win234.tmp.exe -> Dialer.IDialer.m : Cleaned.
D:\WINDOWS\Temp\win268.tmp.exe -> Dialer.IDialer.m : Cleaned.
D:\WINDOWS\Temp\win616.tmp.exe -> Dialer.IDialer.m : Cleaned.
D:\WINDOWS\Temp\winA3.tmp.exe -> Dialer.IDialer.m : Cleaned.
D:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.amq : Cleaned.
D:\RECYCLER\NPROTECT\00044475.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
D:\WINDOWS\system32\urroxtl.dll_tobedeleted -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@com[1].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
D:\Documents and Settings\elpapou\Cookies\elpapou@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\WINDOWS\Temp\win123.tmp.exe -> Trojan.Dialer.qs : Cleaned.
D:\RECYCLER\NPROTECT\00044926.exe -> Trojan.Starter.65 : Cleaned.


::Report end



voici ausssi le raport en ligne de windosBitDefender Online Scanner



Scan report generated at: Sat, Sep 30, 2006 - 12:51:44





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:29:45

Files
112450

Folders
2764

Boot Sectors
0

Archives
1637

Packed Files
9423




Results

Identified Viruses
7

Infected Files
15

Suspect Files
3

Warnings
0

Disinfected
0

Deleted Files
16




Engines Info

Virus Definitions
463340

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

D:\Documents and Settings\elpapou\Local Settings\Application Data\4f9b6ef6.exe
Suspected of: Generic.Malware.Sdld.D0B44EE2

D:\Documents and Settings\elpapou\Local Settings\Application Data\4f9b6ef6.exe
Disinfection failed

D:\Documents and Settings\elpapou\Local Settings\Application Data\4f9b6ef6.exe
Deleted

D:\Documents and Settings\elpapou\Local Settings\Temp\mst57.tmp
Infected with: Trojan.Klone.H

D:\Documents and Settings\elpapou\Local Settings\Temp\mst57.tmp
Disinfection failed

D:\Documents and Settings\elpapou\Local Settings\Temp\mst57.tmp
Deleted

D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\7YL4BOHH\srvnzl[1].exe
Infected with: Trojan.Dialer.Porn.I

D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\7YL4BOHH\srvnzl[1].exe
Disinfection failed

D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\7YL4BOHH\srvnzl[1].exe
Deleted

D:\RECYCLER\NPROTECT\00015634.dll
Infected with: Trojan.Zlob.CJ

D:\RECYCLER\NPROTECT\00015634.dll
Deleted

D:\RECYCLER\NPROTECT\00015760.BAT
Infected with: Trojan.Zlob.AM

D:\RECYCLER\NPROTECT\00015760.BAT
Disinfection failed

D:\RECYCLER\NPROTECT\00015760.BAT
Deleted

D:\RECYCLER\NPROTECT\00045154.exe
Suspected of: Generic.Malware.Sdld.D0B44EE2

D:\RECYCLER\NPROTECT\00045154.exe
Disinfection failed

D:\RECYCLER\NPROTECT\00045154.exe
Deleted

D:\RECYCLER\NPROTECT\00045155.exe
Infected with: Trojan.Zlob.DC

D:\RECYCLER\NPROTECT\00045155.exe
Disinfection failed

D:\RECYCLER\NPROTECT\00045155.exe
Deleted

D:\RECYCLER\NPROTECT\00045156.DLL
Infected with: Trojan.FakeAlert.CX

D:\RECYCLER\NPROTECT\00045156.DLL
Disinfection failed

D:\RECYCLER\NPROTECT\00045156.DLL
Deleted

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000100.exe
Infected with: Trojan.Starter.V

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000100.exe
Disinfection failed

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000100.exe
Deleted

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000103.dll
Infected with: Trojan.FakeAlert.CX

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000103.dll
Disinfection failed

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000103.dll
Deleted

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000104.dll
Infected with: Trojan.Zlob.CJ

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000104.dll
Deleted

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000105.BAT
Infected with: Trojan.Zlob.AM

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000105.BAT
Disinfection failed

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000105.BAT
Deleted

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000106.exe
Suspected of: Generic.Malware.Sdld.D0B44EE2

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000106.exe
Disinfection failed

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000106.exe
Deleted

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000107.exe
Infected with: Trojan.Zlob.DC

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000107.exe
Disinfection failed

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000107.exe
Deleted

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000108.DLL
Infected with: Trojan.FakeAlert.CX

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000108.DLL
Disinfection failed

D:\System Volume Information\_restore{6EA3DCCC-2A4B-4AF1-B5A9-0639FD24DD5A}\RP2\A0000108.DLL
Deleted

D:\WINDOWS\system32\winuns32.dll
Infected with: Trojan.Klone.H

D:\WINDOWS\system32\winuns32.dll
Disinfection failed

D:\WINDOWS\system32\winuns32.dll
Delete failed

D:\WINDOWS\Temp\iddC2.tmp.exe
Infected with: Trojan.Dialer.Porn.I

D:\WINDOWS\Temp\iddC2.tmp.exe
Disinfection failed

D:\WINDOWS\Temp\iddC2.tmp.exe
Deleted

D:\WINDOWS\Temp\winC1.tmp.exe
Infected with: Trojan.Dialer.Porn.I

D:\WINDOWS\Temp\winC1.tmp.exe
Disinfection failed

D:\WINDOWS\Temp\winC1.tmp.exe
Delete failed










merci encore à vous
que dois-jefaire merci dix mille fois à vous
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 38
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
30 sept. 2006 à 13:05
slt,

Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.


ensuite nettoie ton PC avec ceci :

ccleaner (gratuit)
Tutorial là :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Téléchargement :
www.01net.com

Et fais ceci avec ccleaner:
¤Relance Ccleaner ,vas dans l'onglet "nettoyeur" présent sur la gauche, décoche la dernière case (Avancé si elle est cochée) puis clique sur "lancer le nettoyage"

Tu peux aussi réparer les erreurs de ton registre :
Dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé).


et refait un scan Bitdefender et colle rapport .
et dis nous ou en sont tes probs .


A+
0
Réponse 6 / 38
momomomodu13
30 sept. 2006 à 14:42
slt à tous et voilà le copier coller du rapport


BitDefender Online Scanner



Scan report generated at: Sat, Sep 30, 2006 - 14:37:34





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:26:33

Files
106437

Folders
2674

Boot Sectors
0

Archives
1460

Packed Files
8974




Results

Identified Viruses
3

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
5




Engines Info

Virus Definitions
463340

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\0LO1UF01\srvyum[1].exe
Infected with: Trojan.Dialer.Porn.I

D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\0LO1UF01\srvyum[1].exe
Disinfection failed

D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files\Content.IE5\0LO1UF01\srvyum[1].exe
Deleted

D:\Program Files\Norton AntiVirus\Quarantine\4A256BCB.tmp=>(Quarantine-2)
Infected with: Trojan.Dialer.ADI

D:\Program Files\Norton AntiVirus\Quarantine\4A256BCB.tmp=>(Quarantine-2)
Disinfection failed

D:\Program Files\Norton AntiVirus\Quarantine\4A256BCB.tmp=>(Quarantine-2)
Deleted

D:\WINDOWS\system32\winuns32.dll
Infected with: Trojan.Klone.H

D:\WINDOWS\system32\winuns32.dll
Disinfection failed

D:\WINDOWS\system32\winuns32.dll
Delete failed

D:\WINDOWS\Temp\iddB5.tmp.exe
Infected with: Trojan.Dialer.Porn.I

D:\WINDOWS\Temp\iddB5.tmp.exe
Disinfection failed

D:\WINDOWS\Temp\iddB5.tmp.exe
Deleted

D:\WINDOWS\Temp\iddC8.tmp.exe
Infected with: Trojan.Dialer.Porn.I

D:\WINDOWS\Temp\iddC8.tmp.exe
Disinfection failed

D:\WINDOWS\Temp\iddC8.tmp.exe
Delete failed

D:\WINDOWS\Temp\winB4.tmp.exe
Infected with: Trojan.Dialer.Porn.I

D:\WINDOWS\Temp\winB4.tmp.exe
Disinfection failed

D:\WINDOWS\Temp\winB4.tmp.exe
Deleted

D:\WINDOWS\Temp\winC7.tmp.exe
Infected with: Trojan.Dialer.Porn.I

D:\WINDOWS\Temp\winC7.tmp.exe
Disinfection failed

D:\WINDOWS\Temp\winC7.tmp.exe
Delete failed


norton dectecte toujours dialer trojan
merci pour votre aide
0
Réponse 7 / 38
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
30 sept. 2006 à 19:40
Supprimes les quarantaines de Norton .

Ensuite vide tes fichiers temporaires

D:\Documents and Settings\elpapou\Local Settings\Temporary Internet Files <---- suprime tout ce qui se trouve dans ce dossier

D:\WINDOWS\Temp <------ ainsi que dans ce dossier

D:\WINDOWS\system32\winuns32.dll <-----ainsi que ce fichier.


Si ca resiste fais le en mode sans echec.

Rappel :

Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

vide ta corbeille et dis moi ou en sont tes probs .

A+


0
Réponse 8 / 38
momomomodu13
1 oct. 2006 à 11:47
slt à tous
voilà ,j'ai effectué pas à pas la démarche
donc tout y est supprimé sauf winnuns32.dll
même en mode sans échec j'ai vidé la poubelle
et toujours trojan dialer détecté par norton 2004
j'attends impatiemment un moyen d'éradiqué totalement ces infections

merci encore à vous pour votre rapidité et gentillesse
0
Réponse 9 / 38
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
1 oct. 2006 à 12:46
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

A+
0
Réponse 10 / 38
momomomodu13
1 oct. 2006 à 13:23
rebonjour ,
voilà le rapport " look2Me-des"


Logfile of HijackThis v1.99.1
Scan saved at 13:17:49, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\system32\hphmon03.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\PROGRA~1\PRINTV~1\pvmodule.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\The Cleaner\tcm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\AOL 9.0\aoltray.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
D:\Program Files\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\system32\HPHipm09.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C24255E-3DEF-E481-3D42-086ECD3EBA8C} - (no file)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - D:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [cefqrze.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\cefqrze.dll,yxlebtd
O4 - HKLM\..\Run: [PVModule] D:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Corel Print Office Registration.lnk = D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
O4 - Startup: Smartmouse Usb.lnk = D:\Program Files\Smartmouse USB\SMusb.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuns32 - D:\WINDOWS\SYSTEM32\winuns32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

le rapport "d'Hijactis"


Logfile of HijackThis v1.99.1
Scan saved at 13:17:49, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\system32\hphmon03.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\PROGRA~1\PRINTV~1\pvmodule.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\The Cleaner\tcm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\AOL 9.0\aoltray.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
D:\Program Files\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\system32\HPHipm09.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C24255E-3DEF-E481-3D42-086ECD3EBA8C} - (no file)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - D:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [cefqrze.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\cefqrze.dll,yxlebtd
O4 - HKLM\..\Run: [PVModule] D:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Corel Print Office Registration.lnk = D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
O4 - Startup: Smartmouse Usb.lnk = D:\Program Files\Smartmouse USB\SMusb.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuns32 - D:\WINDOWS\SYSTEM32\winuns32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe


merci encore
je ne sais pas ce qu'il faut faire
0
Réponse 11 / 38
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
1 oct. 2006 à 13:41
Ce sont 2 log hijack ..

Tu as bien fait la manip avec Look2Me destroyer ?
0
Réponse 12 / 38
momomomodu13
1 oct. 2006 à 13:52
slt ,
cela veut dire que c'est bon je ne suis plus infecté

merci
0
Réponse 13 / 38
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
1 oct. 2006 à 13:59
Non fait la manip avec Look2Me destroyer et colle le rapport STP.

A+
0
Réponse 14 / 38
momomomodu13
1 oct. 2006 à 14:23
slt excuse moi ,
voilà le rapport de look2Me-dest




Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 01/10/2006 14:17:20


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded



merci encore
0
Réponse 15 / 38
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
1 oct. 2006 à 14:31
Remet un log hijack

je dois m'absenter.

A+
0
Réponse 16 / 38
momomomodu13
1 oct. 2006 à 14:39
voilà le rapport hijactis

Logfile of HijackThis v1.99.1
Scan saved at 14:39:23, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\system32\hphmon03.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\PROGRA~1\PRINTV~1\pvmodule.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\The Cleaner\tcm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\AOL 9.0\aoltray.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
D:\Program Files\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\system32\HPHipm09.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Samsung\Samsung PC Studio II 2.0\Image Editor\ImageEditor_France.DAT
D:\WINDOWS\TEMP\win17.tmp.exe
D:\WINDOWS\TEMP\idd1.tmp.exe
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C24255E-3DEF-E481-3D42-086ECD3EBA8C} - (no file)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - D:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [cefqrze.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\cefqrze.dll,yxlebtd
O4 - HKLM\..\Run: [PVModule] D:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Corel Print Office Registration.lnk = D:\Fichiers programme\Corel\Print Office 2000\Register\Remind32.exe
O4 - Startup: Smartmouse Usb.lnk = D:\Program Files\Smartmouse USB\SMusb.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuns32 - D:\WINDOWS\SYSTEM32\winuns32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe


y a t'il quelque chose à faire merci
0
Réponse 17 / 38
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
1 oct. 2006 à 16:32
Télécharge L2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe

double clic sur "L2mfix.exe" pour lancer l'extraction.
dans le dossier "L2mfix" double clic sur "l2mfix.bat" et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.


A+
0
Réponse 18 / 38
momomomodu13
1 oct. 2006 à 17:50
voilà merci y a 2 fichiers


pv.exe – PrcView command line utility allows automating common task like
figuring out if particular process is running or killing a running process
on scheduler.

Checking if a particular process is running is easy. For example the
following command will show all instances of explorer that are running:
pv explorer.exe

Setting a process priority is another common task. To set explorer priority
to normal just type:
pv –pn explorer.exe

pv supports the common ‘*’ and ‘?’ wildcards so that the following command
will perfectly work by printing out all the processes starting with ‘e’
pv e*

Don’t like a particular process and would like to kill it? The following
command will do the job:
pv –k thisprocess.exe

And if you don’t like additional questions and would like to force killing:
pv –kf thisprocess.exe

Don’t like this particular instance of the process and know the window title?
The following command will do the job (please note that ‘\’ need to be
represented as a ‘\\’ combination if you enter it from the command line):
pv -k explorer.exe -w"c:\\"

pv.exe can be easealy executed from a batch file to check if process is running.
When writing a command file please note that the ERRORLEVEL number specifies
a true condition if the last program run returned an exit code equal to or
_greater_ than the number specified.

The following script illustrates how this could be done:



@echo off
pv.exe %1 >nul
if ERRORLEVEL 1 goto Process_NotFound
:Process_Found
echo Process %1 is running
goto END
:Process_NotFound
echo Process %1 is not running
goto END
:END

If you just want to wait till specific process is running, the command below will make
such check for the "notepad.exe" every second, pv will exit when the process is there.


pv -r0 -d1000 notepad.exe

now you can wait for the process completion by using:

pv -x notepad.exe

Please note that redirecting standard errors by using 2>file_name does not work under 9x
Windows. Please use "2>file_name" instead. This notation will be processed by pv.exe.

And finally a copy of the -? command (please note that -o and -y options are not supported
on Windows 9x/Me):

pv displays information about the running processes.
pv v 5.2.1.2, Copyright (c) Igor Nys, 2000-2006.

Usage: pv -[<OPTION>]... <ARGUMENT>... -[<OPTION>]

Modes:
-s --summary show usage for the specified MODULE
-h,-? --help display this help information

Actions:
-k --kill kill process
-a --activate brings process main window in the foreground
-c --close close (send WM_CLOSE) to the PROCESS
-p[nihr] --priority set priority to "Normal", "Idle", "High", "Real Time"
[ba] "Below Normal" and "Above Normal" only on W2K or higher

Output Options:
-e, --extend show additional information if available
-q[header],--quiet supress headers and produce a tab-separated list
-b --bare show process ID only ()
-o<format> --output control output using the format string (see below)

Input Options:
-f, --force never prompt
-i, --id use process ID instead of the PROCESS name

Filters:
-l[mask] --long include processes with command line matching mask
-w[mask] --window show processes with visible windows matching mask,
-e includes in search also invisible windows
-u[mask] --usage show processes using modules that matches mask
-y[mask] --user show processes that run under specified user account
-t[root] --tree display process tree starting starting from the root

Extra Information Options:
-g --getenv get startup environment for the PROCESS
-m --module show modules used by specified PROCESS

Execution Options:
-d[time] --delay delay time in milliseconds before executing command
-r[err] --repeat repeat command in a cycle, while (%ERRORLEVEL% > err)
-n --number %ERRORLEVEL% = negated number of matched processes
-x[a] --exit wait for the process completion (exit)
'a' flag waits for all processes, -d sets time-out
-@[file_name] read arguments from specified file or from
standard input after processing the command line

Arguments can contain '*' and '?' wildcards.

Use return code (%ERRORLEVEL%) in batch files:
0 - process found (negated number of processes if -n is specified)
1 - empty result set, 2 - programm error

Format string can use the following placeholders to control the output
%a affinity, %d creation time, %c[time] % cpu
%f full path, %e elapsed cpu time, %i process id
%l command line, %n image name, %m memory (K)
%p priority, %r parent id, %s signature
%t thread count, %u user name, %v version
Specify an optional performance data collecting time
in milliseconds after the %c switch, default is 500ms.
Examples:
pv myprocess.exe get process ID for myprocess.exe.
pv -e get extended list of running processes.
pv -k sleep* kill all processes starting with "sleep"
pv -m -e explorer.exe get extended information about explorer's modules
pv -u oleaut*.dll list of all processes that use matching dll
pv -ph w*.exe set priority to hight for all matching processes
pv explorer.exe -l"*/S" looks for explorer process with /S switch
pv -r0 -d2000 calc.exe "2>nul"
checks every 2 seconds if calc.exe is running
pv --user:SYSTEM shows processes running under system account
pv -o"%i\t%e\t%c2000%%\t%m(K)\t%n" pv.exe sqlservr.exe
shows memory and CPU information collected for 2 sec.



This software is free and freely distributable on a non-commercial basis in the format
ORIGINALLY RELEASED (zip file containing pv or PrcView distribution) with the original
Copyright clause.
The author expressly disclaims any warranty for this software. This software and
any related documentation is provided "as is" without warranty of any kind.

Distribution of the program or any work based on the program by a commercial organization
to any third party is permitted only with the written permission of the author

If you encounter a problem while running PrcView, please visit http://www.prcview.com
to obtain the latest version. If you still have problems, please send a short description
to: support@prcview.com or contact me directly at igornys@writeme.com


-------------------------------------------------
LIABILITY DISCLAIMER -- READ BEFORE using pv.exe
THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EXPRESSED,
IMPLIED OR OTHERWISE, INCLUDING AND WITHOUT LIMITATION, ANY WARRANTY OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL THE
AUTHOR OR HIS COMPANY BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR
CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR
LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR ANY OTHER LOSS) ,
WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR INABILITY TO USE THIS SOFTWARE.


2 emes fichiers


This is a fix/uninstaller for the Version 200 of Look2me
This will only work on this particular version.
This is for xp or windows 2000 only

These infections are usually indicated by these lines in a hijackthis log:

020 - Seeming valid entry or entries followed by nonsense dll names.

First Menu
1. Report Generator to Verify Infection
2. Run Fix
3. This readme.
4. Remove L2mfix account
5. Fix autoexec.nt error on running dos programs.

Upon running the fix The desktop will dissappear and the fix will proceed.
The system will perform the procedure and notify its going to reboot.
Please wait as this can take upwards of 5 mins
After you press any key it will reboot
It will show a log of what was removed and found. If for some reason it does not on bootup open the log
manually from the l2mfix folder. Verify the registry entries that were removed in the log and the registry permissions are set back to normal.
That should be all.

No warranties are expressed or implied. Use at your own risk!!

Follow the approriate instructions from a qualified person on the forums if you are not sure.

Special Thanks to Rubberducky, OSC and Jwbirdsong for the beta tests. Also all the other experts who
were involved in the various threads with input.
Thanks to all the other utility program and script writers Also.
Thanks for yoyo Sharing his ideas and Code.
Thanks to avohir for the ideas.

If you would like to or need to contact me i can be reached at:

spywaresubmit@aol.com

Please visit the following forums for help.

www.subratam.org
www.spywareinfo.com
www.tomcoyote.com
www.castlecops.biz
www.atribune.org
http://net-integration.net


A Special Thanks to Atribune and Subratam for Hosting the file!
Mirrors Available at
http://downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe
Please do not host anywhere else.


Version 1.0
Version 1.01
Fixed find log error.
Version 1.02
Changed Strings routine
Changed registry routines to improve cleanup
Eliminated vbs portion
added sv1 for useragent on xp sp2 machines
added hosts file cleaning.(still beta)
add shortcut to fix autoexec.nt errors(menu option 5)
added menu entries to restore notify defaults if needed.(entries missing under notify)(menu option 4)
Version 1.02a
added filtering for valid classids under shell extension approved key.
Version 1.03 03/12/2004
Updated for new files versions released.
Version 1.03a
updated for licensing issues
version 1.03b
added remove.com files for fixing log error per gary r and mosiac1 (THANKS!)
made winlogon default entries automatic now. it runs when the fix portion is run.
version 1.03c
added fix for windows update per winhelp and the mskb article
version 1.03d
Changed option 4 to manually restore registry permission if necessary if second.bat fails to complete.
Version 1.04
Added pd strings to solve freezing issue
Version 1.04a
used runonceexkey for reboot.
version 1.99rc
beta to remove latest variant as of 112705
Beta 120905
Added Support for different language versions of windows. Text still in english but should work on more locales now.
Tweaked the second bat to kill files better.
Beta 121205
Couple minor bug fixes.
beta 121605
Fixed some zip bugs
Made a stronger password for some corporate environments.
010406
Fixed some bugs and did away with move command
032106
Added support for danish users.
051206
Changed from Process.exe to pv.exe for compatibility with nod32 and other antiviruses.
Thanks SUBs!




merci encore
0
Réponse 19 / 38
Séb08 Messages postés 16502 Date d'inscription dimanche 13 novembre 2005 Statut Contributeur Dernière intervention 17 février 2023 1 429
1 oct. 2006 à 17:53
Heu tu es sur d'avoir fait la manip correctment ?
ce n'est pas le rapport que j'attendais ...
0
Réponse 20 / 38
momomomodu13
1 oct. 2006 à 18:41
slt excuse moi
j'ai telechargé le fichier l2m
et je n'y arrive pas à l installer
il est compressé sous winzip
et quand je fais extraire il y avait que 2 fichiers que j'ai copier coller
et les autres icones ne me permetent pas d'installer le logiciel
peut etre que mon winzip est perimé ,,,,


merci de m'aider
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
'' generic android ''
Flxra._.Atxmics -
Flxra._.Atxmics -

2 réponses
Régulièrement Avast détecte IDP..Generic et je mets en Quarantaine
Sakura01 -
Malekal_morte- -

3 réponses