Virus : des fenêtres qui s'ouvrent
Giulietta
-
did71 Messages postés 2187 Statut Contributeur sécurité -
did71 Messages postés 2187 Statut Contributeur sécurité -
Bonjour,
J'ai moi aussi des fenêtres qui s'ouvrent sans cesse pour télécharger des faux antivirus.
Je n'ai pas envie pour le moment de tout formater. Je souhaiterais donc faire intervenir les anti-spyware, etc.
Voici le rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 21:50:16, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Giulietta\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] H:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Que dois-je faire ensuite ?
Je vous remercie pour votre aide précieuse,
J'ai moi aussi des fenêtres qui s'ouvrent sans cesse pour télécharger des faux antivirus.
Je n'ai pas envie pour le moment de tout formater. Je souhaiterais donc faire intervenir les anti-spyware, etc.
Voici le rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 21:50:16, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Giulietta\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] H:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Que dois-je faire ensuite ?
Je vous remercie pour votre aide précieuse,
A voir également:
- Virus : des fenêtres qui s'ouvrent
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
20 réponses
bonsoir Giulietta,
Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau :
europe.f-secure.com/exclude/blacklight/index.shtml
Double-clique blbeta.exe et accepte la licence, clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse!
a+
Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau :
europe.f-secure.com/exclude/blacklight/index.shtml
Double-clique blbeta.exe et accepte la licence, clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse!
a+
Voici :
10/13/06 23:39:41 [Info]: BlackLight Engine 1.0.47 initialized
10/13/06 23:39:41 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/13/06 23:39:41 [Note]: 7019 4
10/13/06 23:39:41 [Note]: 7005 0
10/13/06 23:39:43 [Note]: 7006 0
10/13/06 23:39:44 [Note]: 7011 1104
10/13/06 23:39:44 [Note]: 7026 0
10/13/06 23:39:44 [Note]: 7026 0
10/13/06 23:39:51 [Note]: FSRAW library version 1.7.1020
10/13/06 23:39:51 [Note]: 2000 1012
10/13/06 23:39:51 [Note]: 2000 1012
10/13/06 23:42:45 [Note]: 7007 0
10/13/06 23:39:41 [Info]: BlackLight Engine 1.0.47 initialized
10/13/06 23:39:41 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/13/06 23:39:41 [Note]: 7019 4
10/13/06 23:39:41 [Note]: 7005 0
10/13/06 23:39:43 [Note]: 7006 0
10/13/06 23:39:44 [Note]: 7011 1104
10/13/06 23:39:44 [Note]: 7026 0
10/13/06 23:39:44 [Note]: 7026 0
10/13/06 23:39:51 [Note]: FSRAW library version 1.7.1020
10/13/06 23:39:51 [Note]: 2000 1012
10/13/06 23:39:51 [Note]: 2000 1012
10/13/06 23:42:45 [Note]: 7007 0
re,
j'aurai du te demander quelles fenêtres de pubs!
Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.
* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.
a+
j'aurai du te demander quelles fenêtres de pubs!
Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.
* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.
a+
Dans le dossier "Temp" de Windows, j'ai des fichiers du style :
"idd6.tmp.exe". Avec Firefox, j'ai des onglets "fr.antivirus" ou "antivirus Pro 2006" qui s'ouvrent...
J'ai passé pas mal de logiciels dessus (mais pas en mode sans échec) mais sans succès définitif...
----
SmitFraudFix v2.109
Rapport fait à 23:56:06,68, 13/10/2006
Executé à partir de H:\Documents and Settings\Giulietta\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» H:\
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS
H:\WINDOWS\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32
H:\WINDOWS\system32\ismini.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\Giulietta
»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\Giulietta\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» H:\DOCUME~1\Jed\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» H:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
"idd6.tmp.exe". Avec Firefox, j'ai des onglets "fr.antivirus" ou "antivirus Pro 2006" qui s'ouvrent...
J'ai passé pas mal de logiciels dessus (mais pas en mode sans échec) mais sans succès définitif...
----
SmitFraudFix v2.109
Rapport fait à 23:56:06,68, 13/10/2006
Executé à partir de H:\Documents and Settings\Giulietta\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» H:\
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS
H:\WINDOWS\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32
H:\WINDOWS\system32\ismini.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\Giulietta
»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\Giulietta\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» H:\DOCUME~1\Jed\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» H:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
* Redémarre en mode sans échec.
* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.
* Redémarres normalement
Communiques le deuxième rapport de SmitfraudFix avec un nouveau rapport hijackthis!
a+
* Redémarre en mode sans échec.
* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.
* Redémarres normalement
Communiques le deuxième rapport de SmitfraudFix avec un nouveau rapport hijackthis!
a+
Voilà les 2 rapports :
I
SmitFraudFix v2.109
Rapport fait à 0:16:28,82, 14/10/2006
Executé à partir de H:\Documents and Settings\Jed\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
H:\WINDOWS\.protected supprimé
H:\WINDOWS\system32\ismini.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
---------------------------------------------------------------------------
II
Logfile of HijackThis v1.99.1
Scan saved at 00:22:13, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\savedump.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\Giulietta\Bureau\HijackThis.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wscntfy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I
SmitFraudFix v2.109
Rapport fait à 0:16:28,82, 14/10/2006
Executé à partir de H:\Documents and Settings\Jed\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
H:\WINDOWS\.protected supprimé
H:\WINDOWS\system32\ismini.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
---------------------------------------------------------------------------
II
Logfile of HijackThis v1.99.1
Scan saved at 00:22:13, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\savedump.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\Giulietta\Bureau\HijackThis.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wscntfy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Avec Firefox :
Des onglets s'ouvrent avec ces urls :
"http://www.winantiviruspro.com/pages/..."
Avec Internet Explorer :
Des fenêtres s'ouvrent :
"Systeme Integrity Wizzard"
"iddD.tmp" "Non ho trovato nessum modem..."
Argh !
Des onglets s'ouvrent avec ces urls :
"http://www.winantiviruspro.com/pages/..."
Avec Internet Explorer :
Des fenêtres s'ouvrent :
"Systeme Integrity Wizzard"
"iddD.tmp" "Non ho trovato nessum modem..."
Argh !
Merci bcp.
Voici le rapport "scanner.exe"
Logfile of HijackThis v1.99.1
Scan saved at 00:51:26, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Giulietta\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - H:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - H:\WINDOWS\system32\mljkhfd.dll
O2 - BHO: (no name) - {1B70DCB4-48BA-050C-8E5C-051014CF43F1} - H:\WINDOWS\system32\tflrzkm.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - H:\WINDOWS\system32\rfqlwlaf.dll
O2 - BHO: (no name) - {361B855D-762B-7484-15DB-08C9E5BED08A} - H:\WINDOWS\system32\exnuixc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8D16C16F-F763-4A9A-BFD8-55E8E7AB0C97} - H:\WINDOWS\system32\ssqrs.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mljkhfd - H:\WINDOWS\SYSTEM32\mljkhfd.dll
O20 - Winlogon Notify: ssqrs - H:\WINDOWS\system32\ssqrs.dll
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - H:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: WRNotifier - H:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Voici le rapport "scanner.exe"
Logfile of HijackThis v1.99.1
Scan saved at 00:51:26, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Giulietta\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - H:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - H:\WINDOWS\system32\mljkhfd.dll
O2 - BHO: (no name) - {1B70DCB4-48BA-050C-8E5C-051014CF43F1} - H:\WINDOWS\system32\tflrzkm.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - H:\WINDOWS\system32\rfqlwlaf.dll
O2 - BHO: (no name) - {361B855D-762B-7484-15DB-08C9E5BED08A} - H:\WINDOWS\system32\exnuixc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8D16C16F-F763-4A9A-BFD8-55E8E7AB0C97} - H:\WINDOWS\system32\ssqrs.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mljkhfd - H:\WINDOWS\SYSTEM32\mljkhfd.dll
O20 - Winlogon Notify: ssqrs - H:\WINDOWS\system32\ssqrs.dll
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - H:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: WRNotifier - H:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
re,
le scanner nous a montré d'autres infections que j'attendais!
Télécharge VundoFix.exe (par Atribune) sur ton Bureau:
http://www.atribune.org/public-beta/VundoFix.exe
Double-clique VundoFix.exe afin de le lancer
Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
a+
le scanner nous a montré d'autres infections que j'attendais!
Télécharge VundoFix.exe (par Atribune) sur ton Bureau:
http://www.atribune.org/public-beta/VundoFix.exe
Double-clique VundoFix.exe afin de le lancer
Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
a+
Merci,
J'ai une fenêtre qui vient de s'ouvrir pendant que j'écrivais ce message : "idd14.tmp" "Non ho trovato nessum modem..."
Voici les 2 rapports :
-----------------------------------------------------
I
VundoFix V6.2.2
Checking Java version...
Java version is 1.5.0.5
Java version is 1.5.0.6
Scan started at 01:05:35 14/10/2006
Listing files found while scanning....
H:\WINDOWS\system32\exnuixc.dll
H:\WINDOWS\system32\jnvuifin.dll
H:\WINDOWS\system32\lwnopgem.dll
H:\WINDOWS\system32\mljkhfd.dll
H:\WINDOWS\system32\qbwvgpmb.dll
H:\WINDOWS\system32\rfqlwlaf.dll
H:\WINDOWS\system32\tflrzkm.dll
H:\WINDOWS\system32\gtmkpesl.exe
H:\WINDOWS\system32\lcuytabe.exe
H:\WINDOWS\system32\ssqrs.dll
H:\WINDOWS\system32\srqss.ini
H:\WINDOWS\system32\srqss.bak2
H:\WINDOWS\system32\srqss.ini2
H:\WINDOWS\system32\srqss.tmp
Beginning removal...
Attempting to delete H:\WINDOWS\system32\exnuixc.dll
H:\WINDOWS\system32\exnuixc.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\jnvuifin.dll
H:\WINDOWS\system32\jnvuifin.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\lwnopgem.dll
H:\WINDOWS\system32\lwnopgem.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\mljkhfd.dll
H:\WINDOWS\system32\mljkhfd.dll Could not be deleted.
Attempting to delete H:\WINDOWS\system32\qbwvgpmb.dll
H:\WINDOWS\system32\qbwvgpmb.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\rfqlwlaf.dll
H:\WINDOWS\system32\rfqlwlaf.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\tflrzkm.dll
H:\WINDOWS\system32\tflrzkm.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\gtmkpesl.exe
H:\WINDOWS\system32\gtmkpesl.exe Has been deleted!
Attempting to delete H:\WINDOWS\system32\lcuytabe.exe
H:\WINDOWS\system32\lcuytabe.exe Has been deleted!
Attempting to delete H:\WINDOWS\system32\ssqrs.dll
H:\WINDOWS\system32\ssqrs.dll Could not be deleted.
Attempting to delete H:\WINDOWS\system32\srqss.ini
H:\WINDOWS\system32\srqss.ini Has been deleted!
Attempting to delete H:\WINDOWS\system32\srqss.bak2
H:\WINDOWS\system32\srqss.bak2 Has been deleted!
Attempting to delete H:\WINDOWS\system32\srqss.ini2
H:\WINDOWS\system32\srqss.ini2 Has been deleted!
Attempting to delete H:\WINDOWS\system32\srqss.tmp
H:\WINDOWS\system32\srqss.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete H:\WINDOWS\system32\mljkhfd.dll
H:\WINDOWS\system32\mljkhfd.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\ssqrs.dll
H:\WINDOWS\system32\ssqrs.dll Has been deleted!
Performing Repairs to the registry.
Done!
------------
"scanner.exe"
II
Logfile of HijackThis v1.99.1
Scan saved at 01:17:15, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\WINDOWS\TEMP\win13.tmp.exe
H:\WINDOWS\TEMP\idd14.tmp.exe
H:\Documents and Settings\Giulietta\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - H:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - H:\WINDOWS\system32\mljkhfd.dll (file missing)
O2 - BHO: (no name) - {1B70DCB4-48BA-050C-8E5C-051014CF43F1} - H:\WINDOWS\system32\tflrzkm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - H:\WINDOWS\system32\rfqlwlaf.dll (file missing)
O2 - BHO: (no name) - {361B855D-762B-7484-15DB-08C9E5BED08A} - H:\WINDOWS\system32\exnuixc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8D16C16F-F763-4A9A-BFD8-55E8E7AB0C97} - H:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - H:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: WRNotifier - H:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
J'ai une fenêtre qui vient de s'ouvrir pendant que j'écrivais ce message : "idd14.tmp" "Non ho trovato nessum modem..."
Voici les 2 rapports :
-----------------------------------------------------
I
VundoFix V6.2.2
Checking Java version...
Java version is 1.5.0.5
Java version is 1.5.0.6
Scan started at 01:05:35 14/10/2006
Listing files found while scanning....
H:\WINDOWS\system32\exnuixc.dll
H:\WINDOWS\system32\jnvuifin.dll
H:\WINDOWS\system32\lwnopgem.dll
H:\WINDOWS\system32\mljkhfd.dll
H:\WINDOWS\system32\qbwvgpmb.dll
H:\WINDOWS\system32\rfqlwlaf.dll
H:\WINDOWS\system32\tflrzkm.dll
H:\WINDOWS\system32\gtmkpesl.exe
H:\WINDOWS\system32\lcuytabe.exe
H:\WINDOWS\system32\ssqrs.dll
H:\WINDOWS\system32\srqss.ini
H:\WINDOWS\system32\srqss.bak2
H:\WINDOWS\system32\srqss.ini2
H:\WINDOWS\system32\srqss.tmp
Beginning removal...
Attempting to delete H:\WINDOWS\system32\exnuixc.dll
H:\WINDOWS\system32\exnuixc.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\jnvuifin.dll
H:\WINDOWS\system32\jnvuifin.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\lwnopgem.dll
H:\WINDOWS\system32\lwnopgem.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\mljkhfd.dll
H:\WINDOWS\system32\mljkhfd.dll Could not be deleted.
Attempting to delete H:\WINDOWS\system32\qbwvgpmb.dll
H:\WINDOWS\system32\qbwvgpmb.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\rfqlwlaf.dll
H:\WINDOWS\system32\rfqlwlaf.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\tflrzkm.dll
H:\WINDOWS\system32\tflrzkm.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\gtmkpesl.exe
H:\WINDOWS\system32\gtmkpesl.exe Has been deleted!
Attempting to delete H:\WINDOWS\system32\lcuytabe.exe
H:\WINDOWS\system32\lcuytabe.exe Has been deleted!
Attempting to delete H:\WINDOWS\system32\ssqrs.dll
H:\WINDOWS\system32\ssqrs.dll Could not be deleted.
Attempting to delete H:\WINDOWS\system32\srqss.ini
H:\WINDOWS\system32\srqss.ini Has been deleted!
Attempting to delete H:\WINDOWS\system32\srqss.bak2
H:\WINDOWS\system32\srqss.bak2 Has been deleted!
Attempting to delete H:\WINDOWS\system32\srqss.ini2
H:\WINDOWS\system32\srqss.ini2 Has been deleted!
Attempting to delete H:\WINDOWS\system32\srqss.tmp
H:\WINDOWS\system32\srqss.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete H:\WINDOWS\system32\mljkhfd.dll
H:\WINDOWS\system32\mljkhfd.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\ssqrs.dll
H:\WINDOWS\system32\ssqrs.dll Has been deleted!
Performing Repairs to the registry.
Done!
------------
"scanner.exe"
II
Logfile of HijackThis v1.99.1
Scan saved at 01:17:15, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\WINDOWS\TEMP\win13.tmp.exe
H:\WINDOWS\TEMP\idd14.tmp.exe
H:\Documents and Settings\Giulietta\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - H:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - H:\WINDOWS\system32\mljkhfd.dll (file missing)
O2 - BHO: (no name) - {1B70DCB4-48BA-050C-8E5C-051014CF43F1} - H:\WINDOWS\system32\tflrzkm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - H:\WINDOWS\system32\rfqlwlaf.dll (file missing)
O2 - BHO: (no name) - {361B855D-762B-7484-15DB-08C9E5BED08A} - H:\WINDOWS\system32\exnuixc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8D16C16F-F763-4A9A-BFD8-55E8E7AB0C97} - H:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - H:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: WRNotifier - H:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
re,
vundo a bien bossé!
on continue!
1. Télécharge The Avenger par Swandog46 sur ton Bureau:
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
Click sur Avenger.zip pour ouvrir le fichier
Extraire avenger.exe sur votre bureau
2. Copie tout le texte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):
Files to delete:
H:\WINDOWS\SYSTEM32\winpsa32.dll
3. Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Sous "[b]Script file to execute[/b]" choisir "[b]Input Script Manually[/b]".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "[b]View/edit script[/b]"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau par les touches ([b]Ctrl+V[/b]).
Cliquer [b]Done[/b]
ensuite clique sur l'icône en forme de [b]Feu Vert [/b]pour démarrer l'exécution du script
Réponds "[b]Yes[/b]" deux fois quand demandé.
4. The Avenger va automatiquement faire ce qui suit:
Il va Re-démarrer le système.
Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau, ceci est NORMAL.
Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : [b]C:\avenger.txt[/b]
5. Pour finir copie/colle le contenu du ficher c:\avenger.txt dans ta réponse avec un nouveau rapport hijackthis.
a+
vundo a bien bossé!
on continue!
1. Télécharge The Avenger par Swandog46 sur ton Bureau:
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
Click sur Avenger.zip pour ouvrir le fichier
Extraire avenger.exe sur votre bureau
2. Copie tout le texte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):
Files to delete:
H:\WINDOWS\SYSTEM32\winpsa32.dll
3. Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Sous "[b]Script file to execute[/b]" choisir "[b]Input Script Manually[/b]".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "[b]View/edit script[/b]"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau par les touches ([b]Ctrl+V[/b]).
Cliquer [b]Done[/b]
ensuite clique sur l'icône en forme de [b]Feu Vert [/b]pour démarrer l'exécution du script
Réponds "[b]Yes[/b]" deux fois quand demandé.
4. The Avenger va automatiquement faire ce qui suit:
Il va Re-démarrer le système.
Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau, ceci est NORMAL.
Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : [b]C:\avenger.txt[/b]
5. Pour finir copie/colle le contenu du ficher c:\avenger.txt dans ta réponse avec un nouveau rapport hijackthis.
a+
Merci,
Je confirme que ça a l'air d'aller mieux
Voici les 2 rapports :
I
Files to delete:
H:\WINDOWS\SYSTEM32\winpsa32.dll
II
scanner.exe
Logfile of HijackThis v1.99.1
Scan saved at 01:36:07, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Giulietta\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - H:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - H:\WINDOWS\system32\mljkhfd.dll (file missing)
O2 - BHO: (no name) - {1B70DCB4-48BA-050C-8E5C-051014CF43F1} - H:\WINDOWS\system32\tflrzkm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - H:\WINDOWS\system32\rfqlwlaf.dll (file missing)
O2 - BHO: (no name) - {361B855D-762B-7484-15DB-08C9E5BED08A} - H:\WINDOWS\system32\exnuixc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8D16C16F-F763-4A9A-BFD8-55E8E7AB0C97} - H:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - H:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: WRNotifier - H:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Je confirme que ça a l'air d'aller mieux
Voici les 2 rapports :
I
Files to delete:
H:\WINDOWS\SYSTEM32\winpsa32.dll
II
scanner.exe
Logfile of HijackThis v1.99.1
Scan saved at 01:36:07, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\SystemControl\SystemControl\SystemControl.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Giulietta\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - H:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - H:\WINDOWS\system32\mljkhfd.dll (file missing)
O2 - BHO: (no name) - {1B70DCB4-48BA-050C-8E5C-051014CF43F1} - H:\WINDOWS\system32\tflrzkm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - H:\WINDOWS\system32\rfqlwlaf.dll (file missing)
O2 - BHO: (no name) - {361B855D-762B-7484-15DB-08C9E5BED08A} - H:\WINDOWS\system32\exnuixc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8D16C16F-F763-4A9A-BFD8-55E8E7AB0C97} - H:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - H:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SystemControl.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - H:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.14.5/ttinst-french.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - H:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: WRNotifier - H:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
re,
relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - H:\WINDOWS\system32\mljkhfd.dll (file missing)
O2 - BHO: (no name) - {1B70DCB4-48BA-050C-8E5C-051014CF43F1} - H:\WINDOWS\system32\tflrzkm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - H:\WINDOWS\system32\rfqlwlaf.dll (file missing)
O2 - BHO: (no name) - {361B855D-762B-7484-15DB-08C9E5BED08A} - H:\WINDOWS\system32\exnuixc.dll (file missing)
O2 - BHO: (no name) - {8D16C16F-F763-4A9A-BFD8-55E8E7AB0C97} - H:\WINDOWS\system32\ssqrs.dll (file missing)
O20 - Winlogon Notify: winpsa32 - H:\WINDOWS\SYSTEM32\winpsa32.dll
passe un scan en ligne ici:
http://www.bitdefender.fr/scan8/ie.html
poste le rapport bitdefender ainsi qu'un nouvel hijackthis!
a+
relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - H:\WINDOWS\system32\mljkhfd.dll (file missing)
O2 - BHO: (no name) - {1B70DCB4-48BA-050C-8E5C-051014CF43F1} - H:\WINDOWS\system32\tflrzkm.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - H:\WINDOWS\system32\rfqlwlaf.dll (file missing)
O2 - BHO: (no name) - {361B855D-762B-7484-15DB-08C9E5BED08A} - H:\WINDOWS\system32\exnuixc.dll (file missing)
O2 - BHO: (no name) - {8D16C16F-F763-4A9A-BFD8-55E8E7AB0C97} - H:\WINDOWS\system32\ssqrs.dll (file missing)
O20 - Winlogon Notify: winpsa32 - H:\WINDOWS\SYSTEM32\winpsa32.dll
passe un scan en ligne ici:
http://www.bitdefender.fr/scan8/ie.html
poste le rapport bitdefender ainsi qu'un nouvel hijackthis!
a+
