Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

logs Hijack "WinAntiSpyware 2006" removal


  • Please log in to reply

#1
PIB

PIB

    Member

  • Member
  • PipPip
  • 20 posts
Dear Kat,
:whistling:
I have absolutly NO knowledge about computer.
3 days ago a window pop ups to my screan with an icone Saying "Instal WinAntiSpyware 2006" since I am encoutering some difficulties. Each time I go on the internet I get slower and slower.Itry to remove it and it keeps coming back. It drive me crazy...and of course even more when I never request or look for that kind of thing.
What should I do?
Should I reconfigure my computer..or is there an other way to do?
I need to remind you that I am completly "Blond" in regards to computer...it seem to me another language.I have been looking on your site but even simple explanation does not talk to me. A three year old Kid may be easier to teach the way to do it.
Thank you in advance for all the help you will be able to give,
Sincerely and desesperatly yours, :blink:
PIB
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
PIB

PIB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hy,
Here is my logfile, thank you for your help. It was long and scary for somebody who does not know computer...but I followed all the instruction...I forgot to save on of the result of ewido...The icone WinAntiSpyware 2006 is still showing on my desck top...and to be honest the speed on the internet is a little bit better...but I am be wrong.
I hope I did the right thing. Ihave one more question :should I reconfigure my computer and start everything from the beginning and install all the program you recomend in the article?
Again thank you SO MUCH for your help.
PIB

Logfile of HijackThis v1.99.1
Scan saved at 1:30:52 AM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chevennement\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.citieballet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PL2210Z] C:\WINDOWS\P221ZI98.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c973ba6b574b41f4a7793b6892765c47
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c973ba6b574b41f4a7793b6892765c47
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

The HJT log posted is unremarkable. Does this PC have more than 1 logon? Let's look a little deeper; let's try ActiveScan:

Please download: Panda ActiveScan to your desktop, using Internet Explorer.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province where applicable
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Please post that log in your reply.
  • 0

#5
PIB

PIB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I did not desinfected, I just save the log ...and her it is
PIB
Incident Status Location

Spyware:spyware/web3000 Not disinfected C:\WINDOWS\hh.ico
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Chevennement\Application Data\Mozilla\Firefox\Profiles\d2o605rs.default\cookies.txt[.linksynergy.com/]
  • 0

#6
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Are you Francois the director of the ballet?

Please reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these files (if present) using Windows Explorer:

C:\WINDOWS\hh.ico

Close Windows Explorer and Reboot normally

Download:WinPFind

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Reboot into Safe Mode: please see here if you are not sure how to do this.

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder.

Restart normally and post the contents of WinPFind.txt
  • 0

#7
PIB

PIB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hy,

Well done! I am Francois
I try what you ask me to do .I did not find any C:\WINDOWS\hh.ico
I followed the instruction after but It took me some time to find back the WinPFind Folder.
I did not find any WinPFind.exe
I found a Zip folder and did the scan with Ewido and Trojan. you will found the logs
Now when the computer is going to clean Would that be a good idea to reconfigure the computer and restart tp insert all the program I need with all the security possible( I now how to reconfigure it).
I cannot afford to have my computer crash again, I am doing almost all my work letter and research on it and my Work tittle is way biger than my wages( artiste guess rime with love of Art) :-)
And I am sorry it look like I need some serious understanding in computer...I discovery the use of it 3 years ago and had to find my way on my own and on the top of that in another Language..you may figure that out (French is my first language and I leave in an English country)
Thank you again for all your help and patience.
Cheers
PIB
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:10:36 PM 9/16/2006

+ Scan result:



:mozilla.18:C:\Documents and Settings\Chevennement\Application Data\Mozilla\Firefox\Profiles\d2o605rs.default\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.19:C:\Documents and Settings\Chevennement\Application Data\Mozilla\Firefox\Profiles\d2o605rs.default\cookies.txt -> TrackingCookie.Linksynergy : No action taken.


::Report end

Trojan Scan report

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Error: Directory not found: E:\
Error: Directory not found: F:\
No trojan files found
  • 0

#8
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Un petit instant SVP, je demanderai un amis qui parle francais courrant, pour l'assistance.
  • 0

#9
PIB

PIB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you very much....I seem pretty studipe, but I have just started the season and I am already burn out ... and the fact my computer does not perform that well does not help. Thank you again
PIB
  • 0

#10
Mark

Mark

    Sari'z the bestest admin in da worldz!

  • Expert
  • 2,360 posts
Merci Phil, et bonjour François :blink:

Je suis désolé pour le délai. Lorsque Phil m'a contacté, il ne savait pas que j'étais absent pour quelques jours.

J'espère que tu es toujours parmi nous ? Alors voici ce dont j'ai besoin, afin de poursuivre notre petite enquête :

Télécharge SmitfraudFix.zip (par S!Ri) sur http://siri.urz.free...mitfraudFix.zip
Choisis le Bureau (Desktop) comme destination. Double clique sur smitfraudfix.zip, et extrait le contenu (un dossier nommé SmitfraudFix) sur ton Bureau également.

Ouvre le dossier SmitfraudFix, puis double clique sur smitfraudfix.cmd
Sélectionne la langue Française, si désirée, en tapant la lettre L suivi de la touche [Enter]. Tape ensuite le chiffre 1, suivi de [Enter] pour créer un rapport des fichiers responsables de l'infection.
Poste (copie/colle) le rapport sur le forum. Le rapport est également sauvegardé à C:\Rapport.txt

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlog...processutil.htm


Bon succès ! Nous verrons pour l'outil WinPFind suite à cette manip :whistling:

Edited by ~Mark, 20 September 2006 - 11:17 AM.

  • 0

Advertisements


#11
PIB

PIB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Salut Mark Je pense que j'ai compris pourquoi je n'ai pas reussit a obtenir le rapprot du WinPFind folders, je vais essayer et te l'envoyer en cas de reussite
Voici le rapport de smitfraudfix
SmitFraudFix v2.97

Scan done at 10:23:44.56, Thu 09/21/2006
Run from C:\Documents and Settings\Chevennement\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chevennement\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHEVEN~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#12
PIB

PIB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
...Non ma conaissance s'arrete la.... je ne sais pas comment faire....
J'ai demande a Phil si il ne seariat pas plus justicieux de reconfigurer totalement mon ordinateur et de tous recommencer avec toutes les mesure de securite possible.Qu'en pensez vous?
Francois
  • 0

#13
Mark

Mark

    Sari'z the bestest admin in da worldz!

  • Expert
  • 2,360 posts
Bonjour François :blink:

Je suis heureux de constater que l'infection initiale semble bien avoir été éradiquée. As-tu eu des popups récemment ?

Pour ce qui est du formatage, je ne crois pas que ce soit nécessaire, à moins que l'ordi ait subi d'autres infections dans le passé et qu'il soit instable depuis un bon moment déjà. XP est plutôt robuste, mais il a tout de même ses limites. Voyons voir pour WinPFind ;

Lorsque tu télécharges l'outils (lien de Phil), tu obtiens un fichier nommé WinPFind.zip
Je te conseille de le sauvegarder sur le Bureau (Desktop)
Fais un clic droit sur le fichier, puis choisis "Extraire tout.." ("Extract all..")
L'utilitaire de décompression devrait se lancer. Clique "Suivant" ("Next")
La décompression devrait maintenant te suggérer le Desktop comme emplacement. Ne change rien, et clique "Suivant"
À présent, tu devrais avoir un nouveau dossier, sur ton Bureau, qui se nomme WinPFind
Redémarre en mode Sans Échec, et choisis ton compte utilisateur usuel.
Du mode Sans Échec, double clique sur le dossier WinPFind qui se trouve sur le Bureau, puis double clique à nouveau sur le dossier WinPFind qui se présente à toi
Maintenant, double clique sur le fichier winpfind.exe afin de lancer l'outil. Clique sur "Start Scan"
Le scan va prendre un certain temps.
Tu verras "Scan Complete", et un rapport aura été généré et enregistré dans le dossier WinPFind, et se nomme WinPFind.txt
Redémarre le PC en mode Normal.
Ouvre le fichier WinPFind.txt, puis copie/colle son contenu ici, dans ta prochaine réponse.

Dis-nous comment tourne l'ordi également.

@+ :whistling:

Edited by ~Mark, 22 September 2006 - 12:11 PM.

  • 0

#14
PIB

PIB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Salut MarK,
J'ai essayer a multiple reprise et sans resultat, en mode sans echec et en mode normal...Rien Rien rien , le scan ne s'acheve pas ...et un message d'erreur apparait lors de la fermeture....
cette apres midi, je l'ai meme laisser pendant 5 heures et resultat identique ...
Que faire ? Reformatage ?
  • 0

#15
Mark

Mark

    Sari'z the bestest admin in da worldz!

  • Expert
  • 2,360 posts
Salut François ;

T'inquiètes pas si je mets quelques jours à répondre... mon emploi du temps oblige.

Bon, impossible pour WinPFind, alors il me reste quelques petits trucs à vérifier. Ça devrait bien aller cette fois-ci :whistling:
=======================

Lance HijackThis, mais cette fois-ci clique sur le bouton "Open the Misc Tools section", puis sur "Open Uninstall Manager...", puis sur "Save list...". Sauvegarde le fichier sur le Bureau.

Ensuite,

Télécharge Blacklight (de F-Secure). Clique "I accept" au bas de la page, et sauvegarde-le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

Colle également le contenu du uninstall_list.txt généré par HijackThis!

Merci, et bon succès :blink:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP