Attaque sévère de popup

Attaque sévère de popup - Sécurité - Windows & Software

Marsh Posté le 19-01-2005 à 09:41:01    

Help help help !!
 
J'ai des tas de popup à la con qui s'ouvrent dans tous les sens. Certains sont du au Vx2 qui semble impossible à enlever (youpi)
 
Depuis qq jours, j'en ai un qui devient insupportable. Toutes les 30 secondes, j'ai un popup "search results for..." qui s'ouvre. Je ne peux plus bosser sur mon PC !!!
 
J'ai adaware, spysubtract, spysweeper, hijackthis : ils virent des trucs, mais ça revient. A noter que j'ai l'EliteToolBar dont je n'arrive pas à me débarasser, malgré que ces logiciels supprimer qq véroles à ce propos. J'ai même passé un coup de stringer l'autre jour.
 
J'ai regcleaner aussi mais je ne l'ai pas utilisé, je ne sais pas m'en servir.
 
Je n'en peux pu de ces popup :(
 
 
Voici mon log hicackthis, on y voit bien les premières lignes avec mon truc search... (mais quand je les fix, ça revient quand même  :heink: )
 
 
 
Logfile of HijackThis v1.99.0
Scan saved at 09:37:07, on 19/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genedis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genedis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalviun32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = genedis.com
O17 - HKLM\Software\..\Telephony: DomainName = genedis.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = genedis.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = genedis.com
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
 
 

Reply

Marsh Posté le 19-01-2005 à 09:41:01   

Reply

Marsh Posté le 19-01-2005 à 09:50:57    

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalviun32.exe
 
ferme tous les programmes (Ie y compris) et fixe ces lignes sous Hijack This
 
reboot en mode sans échec et cherche C:\windows\system32\kalviun32.exe , si il existe vire-le
 
revient en mode normal et reposte un log HijackThis


---------------
"Deux choses sont infinies : l'univers et la bêtise humaine, en ce qui concerne l'univers, je n'ai pas acquis la certitude absolue." Albert Einstein
Reply

Marsh Posté le 19-01-2005 à 11:56:50    

OK, j'ai viré kalviun, j'espère qu'il ne reviendra pas.
 
Voilà 2 logs, le premier de Hijackthis avec toujours les hosts qui reviennent depuis des semaines malgré des fix and check à répétition :
 
Logfile of HijackThis v1.99.0
Scan saved at 10:57:16, on 19/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genedis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genedis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = genedis.com
O17 - HKLM\Software\..\Telephony: DomainName = genedis.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = genedis.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = genedis.com
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
 
 
 
Le second log vient de mwav.exe, qui m'a détecté des cochonneries, que voici :
 
Wed Jan 19 09:44:54 2005 => ERROR!!! Invalid Entry {52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). Removing it.
Wed Jan 19 09:45:09 2005 => File C:\windows\system32\kalviun32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:45:49 2005 => File C:\WINDOWS\System32\degeng.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:45:53 2005 => File C:\WINDOWS\System32\doolsav.dat infected by "not-a-virus:AdWare.ToolBat.EliteBar.z" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:45:57 2005 => File C:\WINDOWS\System32\e2202cfmgf2a2.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:45:58 2005 => File C:\WINDOWS\System32\en6ql1j51.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:45:58 2005 => File C:\WINDOWS\System32\enjol1131.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:45:58 2005 => File C:\WINDOWS\System32\enrol1931.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:03 2005 => File C:\WINDOWS\System32\g040lahm1d4a.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:09 2005 => File C:\WINDOWS\System32\h44m0eh1eh4.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:10 2005 => File C:\WINDOWS\System32\hfpertrm.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:13 2005 => File C:\WINDOWS\System32\hrls0537e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:13 2005 => File C:\WINDOWS\System32\hrnu0559e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:13 2005 => File C:\WINDOWS\System32\i4nm0e51eh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:17 2005 => File C:\WINDOWS\System32\intfsdffdsronsad.exe infected by "not-a-virus:AdWare.ToolBar.Perez.e" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:19 2005 => File C:\WINDOWS\System32\irj2l51o1.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:20 2005 => File C:\WINDOWS\System32\iYspolcy.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:21 2005 => File C:\WINDOWS\System32\jtnq0755e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:24 2005 => File C:\WINDOWS\System32\ktnul7591.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:25 2005 => File C:\WINDOWS\System32\l4r00e9meh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:29 2005 => File C:\WINDOWS\System32\meexch40.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:32 2005 => File C:\WINDOWS\System32\mocsubs.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:46 2005 => File C:\WINDOWS\System32\n0l80a3ued.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:47 2005 => File C:\WINDOWS\System32\n4p40e7qeh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:47 2005 => File C:\WINDOWS\System32\n64slgh7164.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:47 2005 => File C:\WINDOWS\System32\n66qlgj516o.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:48 2005 => File C:\WINDOWS\System32\n6p4lg7q16.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:53 2005 => File C:\WINDOWS\System32\o0480ahued480.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:46:53 2005 => File C:\WINDOWS\System32\obeacc.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:47:05 2005 => File C:\WINDOWS\System32\rSsrad.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:47:10 2005 => File C:\WINDOWS\System32\SnnTPAPI.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:47:18 2005 => File C:\WINDOWS\System32\usb.exe infected by "Trojan.Win32.Dialer.gd" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:47:30 2005 => File C:\WINDOWS\System32\wsdap32.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:47:37 2005 => File C:\DOCUME~1\AnthonyG\LOCALS~1\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken.
Wed Jan 19 09:47:40 2005 => Scanning File C:\DOCUME~1\AnthonyG\LOCALS~1\TEMPOR~1\Content.IE5\87K5YVEK\Probleme-de-Spyware-Sur-Internet-Explorer-6-Grrr--sujet-179640-1[2].htm
Wed Jan 19 09:47:41 2005 => Scanning File C:\DOCUME~1\AnthonyG\LOCALS~1\TEMPOR~1\Content.IE5\L1CXIX29\affich-1201360-elitebar-searchmiracle-analyse-hijackthis[1]
Wed Jan 19 10:59:22 2005 => File C:\WINDOWS\System32\degeng.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:29 2005 => File C:\WINDOWS\System32\e2202cfmgf2a2.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:30 2005 => File C:\WINDOWS\System32\en6ql1j51.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:30 2005 => File C:\WINDOWS\System32\enjol1131.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:30 2005 => File C:\WINDOWS\System32\enrol1931.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:33 2005 => File C:\WINDOWS\System32\g040lahm1d4a.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:35 2005 => File C:\WINDOWS\System32\gvedit.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:35 2005 => File C:\WINDOWS\System32\h44m0eh1eh4.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:35 2005 => File C:\WINDOWS\System32\hfpertrm.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:37 2005 => File C:\WINDOWS\System32\hrls0537e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:37 2005 => File C:\WINDOWS\System32\hrnu0559e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:37 2005 => File C:\WINDOWS\System32\i4nm0e51eh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:41 2005 => File C:\WINDOWS\System32\intfsdffdsronsad.exe infected by "not-a-virus:AdWare.ToolBar.Perez.e" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:43 2005 => File C:\WINDOWS\System32\irj2l51o1.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:44 2005 => File C:\WINDOWS\System32\iYspolcy.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:45 2005 => File C:\WINDOWS\System32\jtnq0755e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:45 2005 => File C:\WINDOWS\System32\kalvbht32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:45 2005 => File C:\WINDOWS\System32\kalvklc32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:45 2005 => File C:\WINDOWS\System32\kalvmuo32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:48 2005 => File C:\WINDOWS\System32\ktnul7591.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:49 2005 => File C:\WINDOWS\System32\l4r00e9meh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:52 2005 => File C:\WINDOWS\System32\meexch40.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 10:59:54 2005 => File C:\WINDOWS\System32\mocsubs.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:11 2005 => File C:\WINDOWS\System32\n0l80a3ued.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:11 2005 => File C:\WINDOWS\System32\n4p40e7qeh.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:12 2005 => File C:\WINDOWS\System32\n64slgh7164.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:12 2005 => File C:\WINDOWS\System32\n66qlgj516o.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:12 2005 => File C:\WINDOWS\System32\n6p4lg7q16.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:17 2005 => File C:\WINDOWS\System32\o0480ahued480.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:17 2005 => File C:\WINDOWS\System32\obeacc.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:28 2005 => File C:\WINDOWS\System32\rSsrad.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:34 2005 => File C:\WINDOWS\System32\SnnTPAPI.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:42 2005 => File C:\WINDOWS\System32\usb.exe infected by "Trojan.Win32.Dialer.gd" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:52 2005 => File C:\WINDOWS\System32\wsdap32.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
Wed Jan 19 11:00:59 2005 => File C:\DOCUME~1\AnthonyG\LOCALS~1\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken.

Reply

Marsh Posté le 19-01-2005 à 12:01:47    

moi aussi sur un pc qu'on m'a file, y'avait plein de adware et des virus
impossible de virer les merdes
obliger de formater
a chaque fois que je del un virus ou une key, ça revenait
pour lancer regedit.exe fallait le renomer, pas de ctrl alt supp ,...
 
boot avec un autre hd et scan ton hd, ou format

Reply

Marsh Posté le 19-01-2005 à 12:04:35    

Je peux pas formater c'est un PC professionnel :/

Reply

Marsh Posté le 19-01-2005 à 13:47:06    

je connais pas mwav.exe, donc peux pas t'aider sur ce coup-là (sauf te dire de dire de prendre Killbox pour virer les fichiers qu'il t'indique comme infectés.
 
essaye d'abord (si tu piges pas trop mal l'anglais) ce qui est dit sur cette page http://www.lavasoftsupport.com/ind [...] mate+files dans le premier post (et la méthode ajoutée dans l'avant-dernier post)


---------------
"Deux choses sont infinies : l'univers et la bêtise humaine, en ce qui concerne l'univers, je n'ai pas acquis la certitude absolue." Albert Einstein
Reply

Marsh Posté le 20-01-2005 à 11:33:01    

Grâce à la killbox j'ai pu dégager une grosse partie des fichiers que mwav.exe me déclarait. Ceci aussi grâce à un gros ménage dans les temporaires. (que de cochonneries qui viennent se greffer là dedans)
 
Par contre, je n'arrive pas à me débarasser du Vx2, Adaware me le déclare mais semble incapable de le dégager. Sysweeper me trouve le AAW, ainsi que des hosts dont il n'arrive pas à se débarasser non plus (surement les merdes que trimbalent le Vx2)
 
Le Vx2 peut-il être mis à la trappe grâce à la regcleaner? Comment virer ce p**** de spyware?
 
Gros souci également, ma corbeille indique toujours 49 éléments à supprimer alors que je la vide 10 fois de suite. C'est p'tetre du au Vx2, nan?

Reply

Marsh Posté le 20-01-2005 à 11:51:30    

tu as lu le lien ci-dessus? c'est pour le vx2 il me semble justement

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed