Sujet Précédent Sujet Suivant

Rutime error :(

Résolu
falsamodestia Messages postés 36 Statut Membre -  
 Utilisateur anonyme -
bonjour a tous, cela fait 2 semaine qu'une fenetre runtime error s'ouvre sans arret a tout bout de champ..lorsque je ferme cette fenetre (sans mettre OK biensur) une autre fenetre de mon pare-feu s'ouvre(kerio), jai dejà fait des scans avec ewido, spybot, adaware, kaspersky, mais rien a faire ce probleme persiste..ensuite une fenetre avec un anti-virus bidon s'ouvre lorsque je suis sur internet, il est très insistant et ne me permet meme pas d'afficher une page web sans se pointer!! il s'appelle "doctor system, ou win anti virus", je ne sais plus quoi faire, au debut j'ai penser que c'etait du a mes mises a jours windows, mais a present je les ai faites et ce probleme persiste toujours, que dois je faire? je n'en peu plus, aidez moi s'il vous plait..

voici mon rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:44:54, on 4/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Murru\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\hjmvtbvm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O2 - BHO: (no name) - {CEC7A0C1-2AC9-42C0-9562-6E3D7FC2C077} - C:\WINDOWS\System32\gebcd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zulrf.exe] C:\WINDOWS\System32\zulrf.exe
O4 - HKLM\..\Run: [dmiho.exe] C:\WINDOWS\System32\dmiho.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FFAD12-B016-4E76-990F-6E870933CD4E}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A03314-9B62-480C-91E8-B8775ED1E30D}: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E7FE72-66CA-4C28-8C0B-5A36EEE0C2D1}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gebcd - C:\WINDOWS\System32\gebcd.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

(ensuite jai un autre petit probleme pas forcement grave mais pourrait etre un obstacle, lorsque je redemarre en mode sans echec les icones n'aparaissent pas ni la barre de tache, il ya just le fond d'ecran noir avec les inscriptions en blanc safe mode...que puis je faire ?)
Merci

25 réponses

  • 1
  • 2
Réponse 1 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
salut, le trojan est a nouveau revenus, j'ai fait le rapport hijackthis, c'est encore pire qu'avant, les objets suspect narretent pas d'apparaitre dans programmes files, voici mon rapport, je crois qu'il faut tout recommencer, merci de m'aider!

Logfile of HijackThis v1.99.1
Scan saved at 22:42:31, on 9/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\alrs.exe
C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\nwnmff_e25.exe
C:\dfndrff_e25.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sunbelt Software\Personal Firewall\assist.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\xxywtsq.dll
O2 - BHO: (no name) - {EA43D48D-9358-40BF-83B0-6E3AC8412459} - C:\WINDOWS\System32\gebcd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zulrf.exe] C:\WINDOWS\System32\zulrf.exe
O4 - HKLM\..\Run: [dmyhc.exe] C:\WINDOWS\System32\dmyhc.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e25.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e25.exe
O4 - HKLM\..\Run: [dmofs.exe] C:\WINDOWS\System32\dmofs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FFAD12-B016-4E76-990F-6E870933CD4E}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A03314-9B62-480C-91E8-B8775ED1E30D}: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E7FE72-66CA-4C28-8C0B-5A36EEE0C2D1}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gebcd - C:\WINDOWS\System32\gebcd.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\hrnq0555e.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: xxywtsq - C:\WINDOWS\SYSTEM32\xxywtsq.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Unknown owner - C:\WINDOWS\alrs.exe
1
Réponse 2 / 25
Utilisateur anonyme
 
Salut,

telecharge
http://www.atribune.org/ccount/click.php?id=4

double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toit même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
0
Réponse 3 / 25
Utilisateur anonyme
 
Salut,

merci de faire ce que je t'ai répondu la premiére fois.

Ensuite,

Clic sur "demarrer", "executer", tape: services.msc ,cherche dans la liste cette ligne, fais un clic droit dessus choisis "propriétés" et régle la sur "désactivé"

Microsoft Windows Als Service

Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici stp
Ewido: (reste gratuit après la période d'essai)
Ewido
0
Réponse 4 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
salut, voilà j'ai tout fait, voici mes deux rapports..j'ai constater que 2 éléments n'ont pas été supprimés avec ewido, je pense qu'ils ont été mis en quarantaine..mais merci ca va déjà mieux comme ca..

VundoFix V6.2.1

Checking Java version...

Sun Java not detected
Scan started at 11:03:14 10/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\pehfnyuw.dll
C:\WINDOWS\system32\rqrqpqo.dll
C:\WINDOWS\system32\tuvtqrr.dll
C:\WINDOWS\system32\xxywtsq.dll
C:\WINDOWS\system32\kstayqpl.exe
C:\WINDOWS\System32\gebcd.dll
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\System32\dcbeg.ini
C:\WINDOWS\System32\dcbeg.bak1
C:\WINDOWS\System32\dcbeg.bak2
C:\WINDOWS\System32\dcbeg.ini2
C:\WINDOWS\System32\dcbeg.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gebcd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dcbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\dcbeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\pehfnyuw.dll
C:\WINDOWS\system32\pehfnyuw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqpqo.dll
C:\WINDOWS\system32\rqrqpqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtqrr.dll
C:\WINDOWS\system32\tuvtqrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywtsq.dll
C:\WINDOWS\system32\xxywtsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kstayqpl.exe
C:\WINDOWS\system32\kstayqpl.exe Has been deleted!

Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 11:50:03, on 10/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zulrf.exe] C:\WINDOWS\System32\zulrf.exe
O4 - HKLM\..\Run: [dmyhc.exe] C:\WINDOWS\System32\dmyhc.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e25.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FFAD12-B016-4E76-990F-6E870933CD4E}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A03314-9B62-480C-91E8-B8775ED1E30D}: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E7FE72-66CA-4C28-8C0B-5A36EEE0C2D1}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\enn4l15q1.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Utilisateur anonyme
 
Salut,

pas de rapport Ewido ?

Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisis l option 1 copie le rapport ici stp

0
Réponse 6 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
salut, oui voici mon rapport ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:39:45 10/10/2006

+ Scan result:

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A05US06K\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Installer4.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__i_w_x_r_i_p_._d_l_l_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gii32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ibxrtmgr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\irlsl5371.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\p66slgj716o.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\VundoFix Backups\rqrqpqo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvtqrr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxywtsq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
[636] C:\nwnmff_e25.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A05US06K\pro[1].exe/dreve.exe -> Downloader.Adload.fu : Error during cleaning.
C:\WINDOWS\system32\Com\dreve.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\pro3_install.exe/dreve.exe -> Downloader.Adload.fu : Error during cleaning.
[1428] VM_008E0000 -> Downloader.Agent.uj : Error during cleaning.
[2036] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning.
[532] VM_003F0000 -> Downloader.Agent.uj : Error during cleaning.
[568] VM_00870000 -> Downloader.Agent.uj : Error during cleaning.
[608] VM_00870000 -> Downloader.Agent.uj : Error during cleaning.
[652] VM_00910000 -> Downloader.Agent.uj : Error during cleaning.
[664] VM_01040000 -> Downloader.Agent.uj : Error during cleaning.
C:\Documents and Settings\Murru\Cookies\murru@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

::Report end
0
Réponse 7 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
voilà l'autre rapport en choisissant l'option 1:

SmitFraudFix v2.107

Scan done at 22:09:56,64, mar. 10/10/2006
Run from C:\Documents and Settings\Murru\Desktop\ne pas supprimer\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\icont.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Murru

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Murru\Application Data

C:\Documents and Settings\Murru\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Murru\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 8 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
salut, qu'est ce que je peu faire pour enlever ces bestioles qui résistent stp, merci
0
Réponse 9 / 25
Utilisateur anonyme
 
Salut,

Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)
Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.

Enregistre le rapport puis Copie/colle le rapport sur le forum stp.

En mode sans echec, toujours:

Fais un scan complet de ton Pc avec Ewdio et supprime tout ce qu'il te trouve, enregistre le rapport et colle le sur le forum stp
0
Réponse 10 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
voilà stp, j'ai tout fait, voici mes 2 rapport,

SmitFraudFix v2.107

Scan done at 20:45:59,06, mer. 11/10/2006
Run from C:\Documents and Settings\Murru\Desktop\ne pas supprimer\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:09:46 11/10/2006

+ Scan result:

C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP119\A0540771.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP120\A0540831.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP120\A0540836.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP121\A0541235.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP121\A0541534.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0541689.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0541986.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0542066.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0542071.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0545071.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0546079.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0546341.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP123\A0546360.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP123\A0546612.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP123\A0546880.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP123\A0546987.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\LlgitCheckControl.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SEP32.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ctm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cxtdll.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ewts.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\k4620ejoehoc0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kddfo.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lv4209hoe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mdports.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mvjul9191.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\norssk.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\o4pqle751h.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\t28u0cl9efq.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wterrenu.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP120\A0540832.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP121\A0541240.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0541690.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0542067.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0543066.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0544066.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0545066.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0545072.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0546071.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP122\A0546080.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP123\A0546365.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP123\A0546639.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E3604ED1-F64F-4685-819A-B0965A8D2976}\RP123\A0546988.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[1384] VM_008E0000 -> Downloader.Agent.uj : Error during cleaning.
[1612] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning.
C:\Documents and Settings\Murru\Cookies\murru@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Murru\Cookies\murru@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

::Report end
0
Réponse 11 / 25
Utilisateur anonyme
 
ok, merci, tu peux supprimer SmitFraudFix

Fait ce nettoyage: (à faire réguliérement)

¤Telecharges et installes ceci:
CCleaner:
Ccleaner

dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes

¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"

Alors ceci; C:\System Volume Information\_restore(voir rapport Ewido) indique que ta restauration du systeme etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.

Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"

¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".

Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:

Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.

Télécharge L2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe

double clic sur "L2mfix.exe" pour lancer l'extraction.
dans le dossier "L2mfix" double clic sur "l2mfix.bat" et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.
0
Réponse 12 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
voilà s'il te plait , mon rapport lm2fix, en tout cas merci c'est vraiment bien sympa, ca fait du bien de sentir mon ptit PC tout propre:)
ca a l'air bien pratique ce systeme de restauration:)
j'ai toujours ce petit soucis avec kerio, un message "intrusion bloquée" qui s'affiche sans arret et quand je le ferme, un message "runtime error" apparait. lorsque j'utilise un autre parefeu ca n'arrive pas, mais je voudrais bien garder kerio car il marche très bien je trouve...
enfin voici mon rapport..Merci encore

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Urls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\u2rulc991f.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CA867D46-6B7E-0B9E-6020-EA2C847B167F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.65 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.65 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.65 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.65 Property Sheet Shell Extension"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{0DFAA453-A4F6-499C-9164-A4A572B18572}"=""
"{FD6A486E-9F73-45B0-B7DA-610929F803FD}"=""
"{37EF0664-4B2E-461C-AC8A-E1B8606741A5}"=""
"{A5264272-CDF1-4A93-9386-1EC275C8DCAC}"=""
"{0B5E50ED-F1DB-45C7-BCEE-656E77331C67}"=""
"{37DEB1D1-BF36-4DD6-96B8-BCB8DE1184EE}"=""
"{375F92B3-A1FE-4104-956E-3B966B7D6DE9}"=""
"{9F6C2B1F-79FC-4946-BF71-C23B5963B7F9}"=""
"{2E503FD6-6142-4AFA-A97E-378443CACD5C}"=""
"{7850a720-705f-11d0-a9eb-0080488625e5}"="BestCrypt Shell Extension"
"{D49E4D29-A3CE-4B1B-B31F-00454A6C3A77}"=""
"{B28C5352-EA0E-49A9-A57E-96443DB87475}"=""
"{D746C549-F7FC-4A25-B3D7-229870D27848}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\aosnw.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aosnw.dll Wed 11 Oct 2006 21:30:18 ..S.R 234.410 228,91 K
hlink.dll Fri 21 Jul 2006 10:30:50 A.... 72.704 71,00 K
hplun.dll Thu 24 Aug 2006 4:40:54 A.... 49.152 48,00 K
j04o0a~1.dll Wed 11 Oct 2006 21:11:40 ..S.R 234.750 229,25 K
k8jsli~1.dll Wed 11 Oct 2006 21:30:18 ..S.R 236.128 230,59 K
netapi32.dll Fri 14 Jul 2006 17:53:28 A.... 307.200 300,00 K
shell32.dll Thu 13 Jul 2006 15:46:56 A.... 8.353.280 7,96 M
u2rulc~1.dll Wed 11 Oct 2006 20:40:48 ..S.R 234.410 228,91 K
urlmon.dll Wed 30 Aug 2006 20:42:56 A.... 461.824 451,00 K
xpsp2res.dll Thu 13 Jul 2006 10:50:38 A.... 595.968 582,00 K

10 items found: 10 files (4 H/S), 0 directories.
Total of file sizes: 10.779.826 bytes 10,28 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
mcrh.tmp Tue 10 Oct 2006 0:43:26 A.... 143 0,14 K

1 item found: 1 file, 0 directories.
Total of file sizes: 143 bytes 0,14 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2487-13A9

R‚pertoire de C:\WINDOWS\System32

11/10/2006 21:30 234.410 aosnw.dll
11/10/2006 21:30 236.128 k8jsli1718.dll
11/10/2006 21:11 234.750 j04o0ah3ed4.dll
11/10/2006 20:40 234.410 u2rulc991f.dll
03/10/2006 14:07 <REP> dllcache
08/09/2006 17:53 952 KGyGaAvL.sys
03/07/2005 19:45 <REP> Microsoft
5 fichier(s) 940.650 octets
2 R‚p(s) 36.124.585.984 octets libres
0
Réponse 13 / 25
Utilisateur anonyme
 
merci, tu "etais" bien infecté on va voir à la fin des manip si ton problème persiste, pour le moment on continu la désinsfection;-)

1. double clic sur "L2mfix.exe" pour lancer l'extraction.
dans le dossier "L2mfix" double clic sur "l2mfix.bat" et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.

2. Télécharge le FixWareout d'un de ces deux sites sur le bureau:
https://www.bleepingcomputer.com/download/linux/

Lance le fix: clic sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clic sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

3. Télécharges Blacklight et sauvegarde le sur ton bureau.
www.f-secure.com/blacklight/try_blacklight.html
Double cliques sur " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"

Un rapport, va se créer sur ton bureau "fslb-....."

Copies et colles le contenu de ce rapport ici.

Ne touche à rien d'autre!

4. remets un rapport Hijackthis et Ewido stp

A++
0
Réponse 14 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
salut boulepate62, jai un souci avec blacklight, lorsque je doubleclique sur l' exe, il ne veut pas demarrer et me met:"your computer settings may prevent acquiring these privileges. A malicious program might disabled these privilege".
voici le rapport hijjackthis, dès que j'ai le rapport ewido je te l'envoi..Merci.a+
ogfile of HijackThis v1.99.1
Scan saved at 1:21:47, on 12/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\Murru\Desktop\ne pas supprimer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FFAD12-B016-4E76-990F-6E870933CD4E}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A03314-9B62-480C-91E8-B8775ED1E30D}: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E7FE72-66CA-4C28-8C0B-5A36EEE0C2D1}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: hplun.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\k8jsli1718.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 15 / 25
Utilisateur anonyme
 
Salut,

il me faut le rapport 1. et 2. au moins stp avant de continuer avec hijackthis ;-)
0
Réponse 16 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
salut, voilà stp mon deuxieme rapport lm2fix, et le rapport ewido
tu travailles la nuit ou t'es au canada? simple curiosité ;)
L2mfix 051206
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (696)
Killing 'winlogon.exe'
winlogon.exe (800)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1988)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\hpink.dll",DllGetVersion (1516)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\hpink.dll
Successfully Deleted: C:\WINDOWS\system32\hpink.dll
Deleting: C:\WINDOWS\system32\hr4o05h3e.dll
Successfully Deleted: C:\WINDOWS\system32\hr4o05h3e.dll
Deleting: C:\WINDOWS\system32\k8jsli1718.dll
Successfully Deleted: C:\WINDOWS\system32\k8jsli1718.dll

msg11?.dll
0 fichier(s) copi‚(s).

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\k8jsli1718.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\hpink.dll
C:\WINDOWS\system32\hr4o05h3e.dll
C:\WINDOWS\system32\k8jsli1718.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\hpink.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0DFAA453-A4F6-499C-9164-A4A572B18572}"=-
"{FD6A486E-9F73-45B0-B7DA-610929F803FD}"=-
"{37EF0664-4B2E-461C-AC8A-E1B8606741A5}"=-
"{A5264272-CDF1-4A93-9386-1EC275C8DCAC}"=-
"{0B5E50ED-F1DB-45C7-BCEE-656E77331C67}"=-
"{37DEB1D1-BF36-4DD6-96B8-BCB8DE1184EE}"=-
"{375F92B3-A1FE-4104-956E-3B966B7D6DE9}"=-
"{9F6C2B1F-79FC-4946-BF71-C23B5963B7F9}"=-
"{2E503FD6-6142-4AFA-A97E-378443CACD5C}"=-
"{D49E4D29-A3CE-4B1B-B31F-00454A6C3A77}"=-
"{B28C5352-EA0E-49A9-A57E-96443DB87475}"=-
"{D746C549-F7FC-4A25-B3D7-229870D27848}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0DFAA453-A4F6-499C-9164-A4A572B18572}]
[-HKEY_CLASSES_ROOT\CLSID\{FD6A486E-9F73-45B0-B7DA-610929F803FD}]
[-HKEY_CLASSES_ROOT\CLSID\{37EF0664-4B2E-461C-AC8A-E1B8606741A5}]
[-HKEY_CLASSES_ROOT\CLSID\{A5264272-CDF1-4A93-9386-1EC275C8DCAC}]
[-HKEY_CLASSES_ROOT\CLSID\{0B5E50ED-F1DB-45C7-BCEE-656E77331C67}]
[-HKEY_CLASSES_ROOT\CLSID\{37DEB1D1-BF36-4DD6-96B8-BCB8DE1184EE}]
[-HKEY_CLASSES_ROOT\CLSID\{375F92B3-A1FE-4104-956E-3B966B7D6DE9}]
[-HKEY_CLASSES_ROOT\CLSID\{9F6C2B1F-79FC-4946-BF71-C23B5963B7F9}]
[-HKEY_CLASSES_ROOT\CLSID\{2E503FD6-6142-4AFA-A97E-378443CACD5C}]
[-HKEY_CLASSES_ROOT\CLSID\{D49E4D29-A3CE-4B1B-B31F-00454A6C3A77}]
[-HKEY_CLASSES_ROOT\CLSID\{B28C5352-EA0E-49A9-A57E-96443DB87475}]
[-HKEY_CLASSES_ROOT\CLSID\{D746C549-F7FC-4A25-B3D7-229870D27848}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/hpink.dll (164 bytes security) (deflated 5%)
adding: dlls/hr4o05h3e.dll (164 bytes security) (deflated 5%)
adding: dlls/k8jsli1718.dll (164 bytes security) (deflated 5%)
adding: backregs/37EF0664-4B2E-461C-AC8A-E1B8606741A5.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 63%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:15:44 12/10/2006

+ Scan result:

C:\WINDOWS\system32\j04o0ah3ed4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[1516] C:\WINDOWS\system32\hpink.dll -> Adware.Look2Me : Error during cleaning.
[1988] C:\WINDOWS\system32\hpink.dll -> Adware.Look2Me : Error during cleaning.
C:\WINDOWS\system32\csjlj.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Murru\Application Data\Mozilla\Firefox\Profiles\woeh67mn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

::Report end
0
Réponse 17 / 25
Utilisateur anonyme
 
Salut Falsamodestia,

je suis en Martinique ;-)

Merci, pour les rapports

Refais un nettoyage avec Ccleaner(voir post 11) ensuite, fais ça

Télécharge FixWareout sur le bureau:
https://www.bleepingcomputer.com/download/linux/

Lance le fix: clic sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clic sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand l'ordi aura redémarrer, clic sur démarrer, poste de travail, C:, program files et supprime ce dossier:

MSN Apps

**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement

0
Réponse 18 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
Salut, yen a qui se payent la dolce vita aux martiniques, et d'autres qui se tapent la déprime en Belgique :) moi je suis italien perdu en Belgique, heureusement j'ai ma dose se soleil un mois par an en Sardaigne..;)
En tout cas c'est génial, je ne vois plus de run time error a l'horison..ca a l'air parfait, est ce que c'est fini? jtai mis un rapport hijackthis...voilà moi je vai dormir..un grand Merci!! ciao ciao
Logfile of HijackThis v1.99.1
Scan saved at 1:09:25, on 13/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Murru\Desktop\ne pas supprimer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FFAD12-B016-4E76-990F-6E870933CD4E}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E7FE72-66CA-4C28-8C0B-5A36EEE0C2D1}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: hplun.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\k8jsli1718.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 19 / 25
Utilisateur anonyme
 
La Belgique c'est bien, manque juste le soleil lol :P

Je ne pense pas que tu es fait ça, car les O17 sont toujours présentes

Télécharge FixWareout sur le bureau:
https://www.bleepingcomputer.com/download/linux/

Lance le fix: clic sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clic sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
0
Réponse 20 / 25
falsamodestia Messages postés 36 Statut Membre 1
 
le solei c qd mem important...fin jpense, pr ma part...;)
voilà sorry, je ne l'avais pas bien fait.. il m'as generé un rapport, jcroi qu'il ya a un truc qui cloche car il reste encore des 017 dans le rapport hijackthis, stp:

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Logfile of HijackThis v1.99.1
Scan saved at 12:00:37, on 13/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Murru\Desktop\ne pas supprimer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-be\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FFAD12-B016-4E76-990F-6E870933CD4E}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A03314-9B62-480C-91E8-B8775ED1E30D}: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E7FE72-66CA-4C28-8C0B-5A36EEE0C2D1}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{40156910-40C8-44FA-A68C-29FCC9A3052A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: hplun.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\k8jsli1718.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\SYSTEM32\DMVEW.EXE 60.937 2003-03-31

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 too
0

Discussions similaires

Iptv smarters pro Network error occured! Please try again
Franck -
bazfile -

4 réponses
Ordi lenovo fan error
citadin6 -
citadin6 -

4 réponses
message d'erreur network error
fc02 -
Alekseï -

50 réponses
Problème de pointage antenne satellite
Eric0169 -
Sonny252 -

11 réponses
LENOVO fan error au démarrage
Domdomdom -
Domdomdom -

1 réponse