Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

besoin d'aide pour l'analyse d'Hijackthis


Messages recommandés

:P

Je suis nouveau membre et mon PC est infecté de plein de virus...

Je consulte depuis quelques temps déjà votre site (Génial) mais pour un débutant C qq fois un peut trop technique

Pouvez vous me dire ce que je dois faire :P

 

Voici mon log Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 11:45:32, on 20/06/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\WANADOO\TaskBarIcon.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\M6 Video\M6video.exe

C:\PROGRA~1\WANADOO\EspaceWanadoo.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\WANADOO\ComComp.exe

c:\progra~1\intern~1\iexplore.exe

C:\PROGRA~1\WANADOO\Toaster.exe

C:\PROGRA~1\WANADOO\Inactivity.exe

C:\PROGRA~1\WANADOO\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\WANADOO\Watch.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Movie Maker\wmm2filt.exe

C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe

C:\Documents and Settings\Nicolas\Bureau\SECURITE\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe

O4 - HKLM\..\Run: [mealscrwaymanager] C:\Documents and Settings\All Users\Application Data\SITE EQ MEAL SCR\Fraglies.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [bITSUP] C:\DOCUME~1\Nicolas\APPLIC~1\HOPEME~1\film dumb.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run

O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O15 - Trusted Zone: *.sxload.com

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/c...eInstall_fr.cab

O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/16879da4c97f3f...RdxIE601_fr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078

O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1061_XP.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab

O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1

O17 - HKLM\System\CCS\Services\Tcpip\..\{27CA4AFB-B786-46A9-8353-7B013B03E2D5}: NameServer = 80.10.246.1 80.10.246.132

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\j8j60i1se8.dll

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\lvpu0979e.dll

O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\lvpu0979e.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing)

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Lien vers le commentaire
Partager sur d’autres sites

Salut a toi directnico :P

 

Je te le confirme ton pc est infecté !

 

commence par appliquer la procédure de -=Pré-Nettoyage d'un P.C infecté=- ça devrais déjà pas mal décrasser ta bécane, ensuite poste le rapport hijackthis a la suite de CE topic et un conseillé te dira quoi faire!

 

bon courage :P

Lien vers le commentaire
Partager sur d’autres sites

Est-ce que quelqu'un peut analyser ça

Merci :P

 

Logfile of HijackThis v1.99.1

Scan saved at 14:20:49, on 23/06/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\WANADOO\TaskBarIcon.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\M6 Video\M6video.exe

C:\WINDOWS\logon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe

O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run

O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O15 - Trusted Zone: *.sxload.com

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078

O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1061_XP.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab

O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\jt6607jse.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

 

 

Est-ce que quelqu'un peut analyser ça

Merci :P

 

Logfile of HijackThis v1.99.1

Scan saved at 14:20:49, on 23/06/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\WANADOO\TaskBarIcon.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\M6 Video\M6video.exe

C:\WINDOWS\logon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe

O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run

O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O15 - Trusted Zone: *.sxload.com

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078

O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1061_XP.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab

O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\jt6607jse.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Lien vers le commentaire
Partager sur d’autres sites

Bonjour directnico !

 

Télécharge Ewido anti-spyware

  1. Lance Ewido anti-spyware et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.
     
  2. Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"
     
  3. Ferme Ewido anti-spyware. Ne pas le lancer tout de suite.

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

  • Du mode Sans Échec, lance Ewido anti-spyware et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.
     
  • Ewido affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. Ewido affichera "All actions have been applied" du côté droit.
     
  • Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).

Redémarre ton ordi en mode Normal.

 

 

Je te fais passer un autre outil :

 

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

 

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

 

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Prière de poster les rapports suivant dans ta prochaine réponse :

 

1) Ewido

2) BlackLight

3) Nouveau rapport HijackThis!

 

Bon courage, et @+

Lien vers le commentaire
Partager sur d’autres sites

Merci encore pour tout ce que vous faites... :P

J'ai eu le message suivant en lançant BlackLight :

F. Secure BlackLight could not acquire necessary priviles (SeDebugPrivilege)

- Your computer setting may prevent acquiring these privileges

- A malicious program might have disabled these privileges

 

Voici le rapport Ewido

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 15:00:42 25/06/2006

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025541.dll -> Adware.CommAd : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022297.exe -> Adware.HotBar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022298.dll -> Adware.HotBar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022299.dll -> Adware.HotBar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022300.exe -> Adware.HotBar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022304.EXE -> Adware.Hotbar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022311.exe -> Adware.Hotbar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022312.dll -> Adware.HotBar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022313.dll -> Adware.HotBar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024821.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024851.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024878.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024886.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024893.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024900.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024908.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024915.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024925.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024929.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024937.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024962.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024970.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP179\A0024978.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0024985.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0024995.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025001.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025046.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025051.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025060.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025065.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025076.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025083.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025091.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP180\A0025115.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025140.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025149.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025155.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025165.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025170.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025539.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025542.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025545.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP182\A0025562.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP182\A0025627.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP182\A0025640.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP183\A0025645.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP183\A0025653.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP184\A0025663.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP184\A0027672.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP185\A0028663.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP185\A0028692.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP186\A0028707.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028718.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028724.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028738.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028739.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028740.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028757.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028762.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028789.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028799.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP187\A0028802.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028818.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028823.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028828.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028837.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028842.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0028998.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP188\A0029011.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP189\A0029020.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030016.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030024.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\Axdio3D.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\Aydiodev.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\LUDIS11n.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\OKCodec2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\TSskKeyHook.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\WRDMPS.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\agl71.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\arvapi32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\cgl3d32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\cxdial32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\dHtime.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\dnnm0151e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\e002lado1d0c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\fp8803lue.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\hrj2051oe.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\i060lajm1doa.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\il50_32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\ir40l5hm1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\jbmd400.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\k608lgdu1608.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\k8lq0i35e8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\l44q0eh5eh4.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\m4pole731h.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\m6rm0g91e6.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\mcrepl40.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\mhlbui.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\mqc42loc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\mrratelc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\mtwsock.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\mwvidctl.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\npmsdba.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\rHsppp.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\voa64k.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\wvv8dmod.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

[608] C:\WINDOWS\system32\ccmuid.dll -> Adware.Look2Me : Error during cleaning.

[668] C:\WINDOWS\system32\WRDMPS.dll -> Adware.Look2Me : Error during cleaning.

C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).

C:\WINDOWS\LastGood\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).

C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024873.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP126\A0020029.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP126\A0020038.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP127\A0020839.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP127\A0020866.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP127\A0020885.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP127\A0020894.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP128\A0020919.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP128\A0020937.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP128\A0020949.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP129\A0020959.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP129\A0020967.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP129\A0021969.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0021981.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0021990.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0021998.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0022028.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0022040.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP130\A0022048.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP131\A0022067.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP131\A0022101.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022267.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022275.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022286.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022329.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022338.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022346.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022357.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022363.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022371.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022381.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022391.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022396.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP132\A0022405.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022413.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022662.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022670.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022676.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022688.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022701.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022711.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022728.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP133\A0022755.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP134\A0022771.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP134\A0022834.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP134\A0022842.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP134\A0022857.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP135\A0022869.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP136\A0022880.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP136\A0022890.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP137\A0022905.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP137\A0022918.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP137\A0022930.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP138\A0022946.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP138\A0022954.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP138\A0023057.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP138\A0023074.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP139\A0023106.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP139\A0023115.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP140\A0023128.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP140\A0023150.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP140\A0023157.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP141\A0023178.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP141\A0023182.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP143\A0023249.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP144\A0023267.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP144\A0023279.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023288.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023299.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023312.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023324.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023335.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023345.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023354.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP146\A0023362.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP147\A0023377.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP147\A0023385.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP148\A0023394.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP149\A0023408.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP152\A0023420.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP152\A0023550.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP152\A0023568.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP153\A0023585.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP153\A0023593.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP156\A0023831.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP156\A0023853.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP156\A0023859.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP157\A0023874.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP157\A0023879.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP157\A0023891.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023908.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023918.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023923.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023929.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023960.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP158\A0023989.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP159\A0024056.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP159\A0024065.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP163\A0024112.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP163\A0024141.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP163\A0024157.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024859.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\Program Files\Fichiers communs\quru\qurud\quruc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP177\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP177\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP177\snapshot\MFEX-7.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024825.dll -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024874.EXE -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024875.DLL -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024876.DLL -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\A0024877.exe -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\snapshot\MFEX-6.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP178\snapshot\MFEX-7.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP181\A0025532.EXE -> Downloader.VB.fi : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP184\A0027668.exe -> Downloader.VB.fi : Cleaned with backup (quarantined).

C:\WINDOWS\logon.exe -> Downloader.VB.fi : Cleaned with backup (quarantined).

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\01234567\ABoxInst_int14[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined).

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\W1270L6B\ABoxInst_int14[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.

C:\Documents and Settings\Emilie\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected]s.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected][1].txt -> TrackingCookie.Adviva : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected]streak[1].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected]k[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected]k[2].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@estat[1].txt -> TrackingCookie.Estat : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected]s1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@www.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@ehg-osiris.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@lop[2].txt -> TrackingCookie.Lop : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected]smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\Emilie\Cookies\[email protected]smartadserver[3].txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\nicolas@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

 

 

::Report end

 

Et le nouveau rapport HijackThis!

 

Logfile of HijackThis v1.99.1

Scan saved at 15:17:18, on 25/06/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\WANADOO\TaskBarIcon.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\M6 Video\M6video.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\PROGRA~1\WANADOO\EspaceWanadoo.exe

C:\PROGRA~1\WANADOO\ComComp.exe

C:\PROGRA~1\WANADOO\Toaster.exe

C:\PROGRA~1\WANADOO\Inactivity.exe

C:\PROGRA~1\WANADOO\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\WANADOO\Watch.exe

C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run

O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O15 - Trusted Zone: *.sxload.com

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078

O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1061_XP.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab

O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1

O17 - HKLM\System\CCS\Services\Tcpip\..\{27CA4AFB-B786-46A9-8353-7B013B03E2D5}: NameServer = 80.10.246.1 80.10.246.132

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\ccmuid.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Merci

On va les avoirs :P

Lien vers le commentaire
Partager sur d’autres sites

Re

 

Voici ce que tu vas faire maintenant !

 

 

1) Télécharge Brute Force Uninstaller (de Merijn).

Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

 

FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important). On passera cet outil plus tard.

 

2)Au vu de la longueur de la procédure, je te conseille de l'imprimer, ou d'en sélectionner toutes les lignes et de copier cette sélection dans un fichier texte sur ton PC.

Il faut exécuter toutes les étapes, dans l'ordre exact indiqué ci-dessous.

Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.

 

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les droits "Administrateur" et en ayant désactivé les protections résidentes si il y en a ! (ex:Spybot S&D, Ad-Watch, Microsoft AntiSpyware )

 

3)-Redémarrer en mode sans échec :

(En mode sans échec : seul les processus systèmes sont lancés il est donc plus facile de supprimer ce qui est infecté.)

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé,

Il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu’à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec"et appuyer sur [Entrée].

NB:Si problème aller voir ici: http://service1.symantec.com/SUPPORT/INTER...020325143456924

 

4) Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

 

- Clique sur le petit dossier jaune (à droite de la boîte "Scriptline to execute");

- Double-clique sur EGDACCESS.bfu

- Tu devrais maintenant voir ceci dans la boîte "Scriptline to execute" :

C:\BFU\EGDACCESS.bfu

 

Clique sur Execute et laisse-le faire son travail.

 

Attendre que Complete script execution apparaîsse et clique sur OK (l'exécution est rapide..).

Clique Exit pour fermer le programme BFU.

 

5) Repasse un scan complet avec Ewido (toujours en mode Sans Échec), et sauvegarde son rapport.

 

6) Redémarre en mode Normal.

 

Poste le nouveau rapport d'Ewido

Un nouveau log HijackThis

Et le rapport qui se trouve ici : C:\egd.txt

dans ta prochaine réponse.

 

Bon courage à plus !

Lien vers le commentaire
Partager sur d’autres sites

Voici le nouveau rapport d'Ewido

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 17:23:27 25/06/2006

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030035.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030036.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030037.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030038.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030039.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030040.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030041.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030042.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030043.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030044.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030045.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030046.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030047.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030048.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030049.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030050.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030051.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030052.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030053.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030054.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030055.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030056.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030057.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030058.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030059.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030060.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030061.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030062.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030063.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030064.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030065.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030066.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030067.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030093.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\m6lslg3716.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\WINDOWS\system32\uuildll.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030073.exe -> Adware.Lop : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030070.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030071.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030068.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030069.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030072.dll -> Adware.TargetServer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{791FF9B1-3D86-4BCB-A8E3-44BA2CC8E6CF}\RP190\A0030034.exe -> Downloader.VB.fi : Cleaned with backup (quarantined).

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\ErrorSafeScannerInstallFR[1].cab/UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N76M1904NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.

C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\OHUJSD6N\send_car_int[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.

C:\Documents and Settings\Nicolas\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\[email protected][2].txt -> TrackingCookie.Weborama : Cleaned.

C:\Documents and Settings\Nicolas\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

 

 

::Report end

 

Un nouveau log HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 17:32:04, on 25/06/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\WANADOO\TaskBarIcon.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\M6 Video\M6video.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\PROGRA~1\WANADOO\EspaceWanadoo.exe

C:\PROGRA~1\WANADOO\ComComp.exe

C:\PROGRA~1\WANADOO\Toaster.exe

C:\PROGRA~1\WANADOO\Inactivity.exe

C:\PROGRA~1\WANADOO\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\WANADOO\Watch.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=e

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run

O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O15 - Trusted Zone: *.sxload.com

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149678650500

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149678959078

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\uuildll.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Et le rapport de : C:\egd.txt

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"

"WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"

"WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"mouseElf"="C:\\PROGRA~1\\TWINTO~1\\MouseElf.EXE"

"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"

"CnxDslTaskBar"="\"C:\\Program Files\\ZTE Corporation\\ZXDSL852\\CnxDslTb.exe\" \"ZTE Corporation\\ZXDSL852\""

"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"m6"="C:\\Program Files\\M6 Video\\M6video.exe"

"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

Bon courrage :P

Lien vers le commentaire
Partager sur d’autres sites

Re

 

Voici ce que tu vas devoir faire STP

 

-Vérifier d'avoir accès à tous les fichiers :

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer l'option : Afficher les fichiers et dossiers cachés

Désactiver l'option : Masquer les extensions des fichiers dont le type est connu

Désactiver l'option : Masquer les fichiers protégés du système d'exploitation

Puis cliquer sur "Appliquer à tous les dossiers"

 

Utiliser la fonction rechercher via "démarrer/rechercher/des fichiers ou des dossiers"(si problème voir ici http://www.hiboox.com/image.php?img=go6nc45.jpg )

Rechercher surement dans C:\WINDOWS\System32\ ou C:\WINDOWS\System\

le(s) fichier(s) en gras suivant(s) si présent(s):

shigndo.exe

 

Copie le chemin du fichier tu en aura besoin pour l'étape suivante !

(par ex: C:\WINDOWS\System32\shigndo.exe )

 

Tu as des fichiers inconnus sur ton systèmes alors on va les scanner:

shigndo.exe

C:\WINDOWS\System32\rdkxcx.exe

 

Fais soumettre les fichiers en gras ici =>

1- http://virusscan.jotti.org/

2- http://www.virustotal.com/flash/index_en.html

 

Lorsque tu cliques sur ces deux adresses, tu as une case nommée "Parcourir", tu cliques dessus et une fenêtre s'ouvre=> parcours ton disque dur

Recherche le fichier en cause

Clique une fois sur le fichier (il prend une couleur bleue!) puis tu cliques sur "ouvrir" en bas de la fenêtre puis sur "submit"(soumettre)

Pour le virusscan de jotti et "send" pour virustotal.

Le scan de ce fichier va débuter.

Tu n'as plus qu'à sélectionner puis copier /coller l’analyse. Il est possible que tu reçoives ce message =>

"Server is extremely busy at the moment. Please try again later."Auquel cas il faut retenter le coup plus tard!

communiquer les 2 rapports.

 

 

-Télécharger et installer EasyCleaner de Toni Helenius (Programme faisant partie de la catégorie des nettoyeurs)

http://personal.inet.fi/business/toniarts/ecleane.htm

 

Au vu de la longueur de la procédure, je te conseille de l'imprimer, ou d'en sélectionner toutes les lignes et de copier cette sélection dans un fichier texte sur ton PC.

Il faut exécuter toutes les étapes, dans l'ordre exact indiqué ci-dessous.

Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.

 

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les droits "Administrateur" et en ayant désactivé les protections résidentes si il y en a ! (ex:Spybot S&D, Ad-Watch, Microsoft AntiSpyware )

 

-Redémarrer en mode sans échec :

(En mode sans échec : seul les processus systèmes sont lancés il est donc plus facile de supprimer ce qui est infecté.)

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé,

Il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu’à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec"et appuyer sur [Entrée].

NB:Si problème aller voir ici: http://service1.symantec.com/SUPPORT/INTER...020325143456924

 

-Maintenant Je vais te demander d'arrêter un service qui est lancé automatiquement en mode normal

 

Démarrer > Exécuter et taper Services.msc puis OK

Choisir le mode "Etendu" (onglets inférieurs)

Grâce à la barre de défilement (à droite) rechercher le service suivant:

 

France Telecom Routing Table Service

 

Quand le service est trouvé, pointer dessus, double-cliquer (bouton gauche).

Dans la fenêtre suivante qui apparait, sous l'onglet Général cliquer sur le bouton Arrêter,

puis dérouler le Type de Démarrage pour le modifier en Désactivé

Cliquer sur Appliquer puis OK

 

 

-Maintenant on va modifier la base de registres pour éliminer les lignes liées a l'infection !

Lancer HijackThis, (scan only ou scanner seulement) cocher les lignes suivantes si présentes:

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,shigndo.exe

O4 - HKCU\..\Run: [nqvqd] C:\WINDOWS\System32\rdkxcx.exe reg_run

O4 - HKCU\..\Run: [quru] C:\PROGRA~1\FICHIE~1\quru\qurum.exe

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O15 - Trusted Zone: *.sxload.com

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe

O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Nicolas\LOCALS~1\Temp\mma.chm::/alien.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/E...erInstallFR.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...a17b04ac0f14ce1

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\uuildll.dll (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Tmljb2xhcw\command.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

 

 

Fermer tous les programmes et navigateur, et Cliquer sur Fix Checked

 

On va maintenant renomer les fichiers inconnus :

 

shigndo.exe => shigndo-exe.bad

C:\WINDOWS\System32\rdkxcx.exe => C:\WINDOWS\System32\rdkxcx-exe.bad

 

Maintenant on va supprimer manuellement les fichiers infectieux !

 

Avant de supprimer quelque chose toujours noter la date et l'heure de création et communiquer les informations lors de la prochaine réponse.

 

Clique sur démarrer/executer/

Copie/colle

Rentre le chemin indiqué en rouge C:\PROGRA~1\FICHIE~1\quru\

Le dossier va s'ouvrir

revient dessus et supprime le !

 

Vider la poubelle !

 

-Exécuter EasyCleaner (Utiliser le raccourci sur le bureau):

(Utilitaire qui va supprimer les dossiers temporaires/inutiles et nettoyer la base de registre)

Utiliser les fonctions "Inutiles" et "Registre" seulement. Ne pas toucher à la fonction "doublons".

*Remarque:

-Dans "Inutiles", coche les cases suivantes=>"Normal Types" - "Temp Directories" - "Temp Internet Files" -

"Browser Cookies" puis clique sur "Find".

Lorsque le scan est terminé,clique sur "Delete all".

 

 

Relancer Ewido et cliquer sur scanner puis sur scan complet du système.

 

Si des fichiers infectés sont trouvés, garder l'option par défaut Supprimer

(avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée), et cocher

"Effectuer cette action avec toutes les infections".

 

A la fin du scan, sauvegarder le rapport (Fichier/Enregistrer sous...) sur le Bureau.

 

-Redémarrer en mode normal :

 

-Poster une réponse dans le même sujet

(Cliquer sur répondre entre "flash" et "nouveau " tout en bas de page!)

-Mettre un nouveau rapport HijackThis

-Poster le rapport Ewido

-Indiquer si le Pc présente encore des dysfonctionnements

 

Après avoir posté ta réponse :

 

Peux-tu faire s'il te plait un scan en ligne?=>

-Faire un scan en ligne ici et coller le rapport.

Panda si tu n'y arrives pas : tutorial

 

 

A plus et bon courage ! :P

Modifié par regis56
Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Partager

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...