Malwarewipe

bruce lee · le 26 juillet 2006

re,

Si durant la procedure ci bas, il y a des etapes que tu n'as pas reussi a faire, merci de

continuer la procedure jusqu'au bout et de les signaler dans ta prochaine reponse.

1/Télécharge http://www.ewido.net/en/download/ Ewido anti-spyware

Lance Ewido et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.

Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"

Ferme Ewido. Ne pas le lancer tout de suite.

2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

3/lance hijackthis en cliquant sur do a scan system only coche ces lignes:

R3 - URLSearchHook: (no name) - {67B035C1-A775-83DD-06E7-804A30DCA4BC} - C:\WINDOWS\system32\pblhvesk.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\MANTEC~1\rundll.exe" -vt yazr

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: C:\WINDOWS\system32\regedit.dll

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

4/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

5/supprime ce qui est en gras:

C:\WINDOWS\system32\ pblhvesk.dll<== le fichier

C:\WINDOWS\system32\ regedit.dll<== le fichier

C:\WINDOWS\ MANTEC~1<== tout le dossier

6/ Du mode Sans Échec, lance Ewido et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.

Ewido affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. Ewido affichera "All actions have been applied" du côté droit.

Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).

7/redemarre en mode normal

8/poste le rapport d'ewido ainsi qu'un nouveau log hijackthis.

bon courage, et si tu as la moindre question n'hesite surtout pas

@+

breAkouille · le 26 juillet 2006

le nouveau hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 00:13:50, on 27/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\LVComS.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\DOCUME~1\breAk\MESDOC~1\RACLE~1\SERINI~1.EXE

C:\Documents and Settings\breAk\Menu Démarrer\Programmes\Démarrage\WlanUtl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\breAk\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Nvb] C:\DOCUME~1\breAk\MESDOC~1\RACLE~1\SERINI~1.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: WlanUtl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec &BitSpirit - Z:\Program Files\BitSpirit\bsurl.htm

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB94E29-44CA-4968-AC05-E44DE2D360C3}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB192626-458F-4E4C-A0FF-C76D273DD329}: NameServer = 192.168.1.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

et le petit ewido

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

+ Created at: 00:06:03 27/07/2006

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{06CA2DA3-3A44-4FC7-8FD9-246C0F53407C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP491\A0042423.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Documents and Settings\breAk\Mes documents\АрpPatch\lоgonui.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP490\A0042282.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP491\A0042409.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP493\A0042737.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP494\A0042936.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP494\A0042937.EXE -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

[1092] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

[1636] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

[288] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

[340] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

[352] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

[496] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

[580] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

[656] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

[896] C:\WINDOWS\system32\regedit.dll -> Adware.PurityScan : Error during cleaning.

HKU\S-1-5-21-1023014860-1387649648-47737079-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined).

C:\WINDOWS\system32\hggdbba.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\pmkhe.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\vtuts.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\yayyywv(2).dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP490\A0042273.dll -> Downloader.Zlob.aak : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP491\A0042574.dll -> Downloader.Zlob.aak : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP491\A0042601.dll -> Downloader.Zlob.aak : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP490\A0042288.exe -> Downloader.Zlob.aal : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP493\A0042837.exe -> Downloader.Zlob.aal : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP491\A0042424.exe -> Dropper.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP490\A0042276.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP490\A0042279.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP491\A0042414.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP491\A0042419.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP491\A0042589.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP493\A0042845.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.

:mozilla.108:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.109:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.110:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\breAk\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.104:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.68:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.71:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.72:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.73:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.74:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.75:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.76:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.77:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.78:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.79:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.80:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.81:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.83:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\breAk\Cookies\break@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.

:mozilla.100:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.

C:\Documents and Settings\breAk\Cookies\break@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.

:mozilla.24:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Estat : Cleaned.

C:\Documents and Settings\breAk\Cookies\break@need2find[2].txt -> TrackingCookie.Need2find : Cleaned.

C:\Documents and Settings\breAk\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.105:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.84:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.85:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.86:C:\Documents and Settings\breAk\Application Data\Mozilla\Firefox\Profiles\4seflcd0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\breAk\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\breAk\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP490\A0042271.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP490\A0042272.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\system32\drivers\DP.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\system32\hiidrhaq.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\Documents and Settings\breAk\Mes documents\Mes fichiers reçus\Guitar Pro 5 + keygen + codes.zip/guitar_pro_5_keygen.exe -> Trojan.Agent.qt : Error during cleaning.

C:\Documents and Settings\breAk\Mes documents\Mes fichiers reçus\guitar_pro_5_keygen.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP490\A0042284.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2854697A-944D-4967-AF79-9FE82B61526D}\RP494\A0042935.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).

::Report end

bruce lee · le 27 juillet 2006

Bonjour,

ton rapport est deja plus propre

1/ demarre en mode sans echec

2/ avec hijackthis, tu coches et tu fixes cette ligne:

O4 - HKCU\..\Run: [Nvb] C:\DOCUME~1\breAk\MESDOC~1\RACLE~1\SERINI~1.EXE

3/ supprime ce qui est en gras:

C:\Documents and Settings\breAk\mes documents\ RACLE~1<== tout le dossier qui commence par

racle

4/ redemarre en mode normal

5/suis scurpuleursement les instructions de ce lien:

http://www.libellules.ch/desactiver_restauration.php

7/demarrer/panneau de configuration/performances et maintenance/systeme

8/tu vas dans l'onglet restauration du systeme

9/tu decoches la case devant:

Desactiver la restauration du systeme sur tout les lecteurs. puis tu cliques sur

appliquer et enfin ok

10/ redemarre ton PC

11/demarrer/tous les programmes/accessoires/outils systeme/restauration du systeme

12/ une nouvelle fenetre s'ouvre, coche la case devant:

creer un point de restauration

13/clique sur suivant (en bas a droite)

14/ sous Description du point de restauration il y a un restangle blanc, donne un nom au

point de creation que tu vas creer(celui que tu veux)

15/ clique sur creer (en bas a droite) puis patiente un peu, quand le point sera creer tu

en sera averti par un message disant qu'un point de restauration a été créer puis enfin tu

cliques sur fermer (en bas a droite)

16/ poste un nouveau rapport hijackthis.

breAkouille · le 27 juillet 2006

quelle est l'étape 6? elle n'existe pas?

bruce lee · le 27 juillet 2006

re,

C'est ma faute, oublie l'etape 6 et fais la suite. (j'ai mis un 7 a la place)

@+

breAkouille · le 27 juillet 2006

ok ok je me doutais bien alors c'est ce que j'ai fais.

le nouveau hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 20:57:19, on 27/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\LVComS.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\WINDOWS\MANTEC~1\rundll.exe