Problème icone registry cleaner
Résolu/Fermé
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
-
17 mars 2007 à 12:44
predateur87 - 14 févr. 2008 à 21:25
predateur87 - 14 févr. 2008 à 21:25
A voir également:
- Problème icone registry cleaner
- Wise registry cleaner - Télécharger - Nettoyage
- Windows memory cleaner - Télécharger - Optimisation
- Cleaner gratuit - Télécharger - Nettoyage
- Duplicate cleaner free - Télécharger - Divers Utilitaires
- Wise disk cleaner - Télécharger - Nettoyage
45 réponses
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 17:50
17 mars 2007 à 17:50
Bonjour,
* Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* Installe le à la racine de C
* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
----
* Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* Installe le à la racine de C
* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
----
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 18:30
17 mars 2007 à 18:30
Ton lien ne marche pas ^^
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 18:36
17 mars 2007 à 18:36
désolée, je viens encore de vérifier, mon lien fonctionne très bien pourtant
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 18:37
17 mars 2007 à 18:37
Bon j'ai télécharger smitfraud fix. Je l'ai installé mais quand je clic sur smitfraudfix.cmd il y a une fenêtre qui s'ouvre pendant 1/4 de seconde et puis plus rien.
Que faire ?
Que faire ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 19:15
17 mars 2007 à 19:15
tu n'as pas eu de soucis avec ton antivirus, en général il n'aime pas smitfraud.
La fenêtre cmd doit rester ouverte en principe
Essaye de désactiver ton antivirus (déconnecte toi pendant ce temps là) et relance smitfraud
La fenêtre cmd doit rester ouverte en principe
Essaye de désactiver ton antivirus (déconnecte toi pendant ce temps là) et relance smitfraud
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 20:13
17 mars 2007 à 20:13
Non même en désactivant mon ativirus cela ne marche pas. Peut etre que je n'ai pas le bon fichier car je n'ai pa reussi a le télécharger a pertir de ton lien.
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 20:17
17 mars 2007 à 20:17
mon lien fonctionne, si tu as été chercher ailleurs, c'est probable, d'où l'as tu pris ?
recommence avec mon lien, pourquoi ne fonctionnerait il pas chez toi, j'ai testé, je l'ai repris sans problème smitfraud
recommence avec mon lien, pourquoi ne fonctionnerait il pas chez toi, j'ai testé, je l'ai repris sans problème smitfraud
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 20:20
17 mars 2007 à 20:20
Je sais pas c'est biazarre j'ai essayé de le telecharger a partir du site telecharger.com et dès que j'essaye de lançe le telechargement rebelotte page introuvable. La plupart des liens pour télécharger smitfraud ne marche pas.
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 20:23
17 mars 2007 à 20:23
bon, on va faire autrement pour le moment
* Télécharge HijackThis et poste le rapport stp
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
* Télécharge HijackThis et poste le rapport stp
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 20:36
17 mars 2007 à 20:36
enfin un truc qui marche ça fair plaisir ^^
alors voila le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 20:35:22, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\2376288\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\backweb\2376288\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Anti-Virus\backweb\2376288\Program\BackWeb-2376288.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\WcgopSvc.exe
C:\WINDOWS\gc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5BAF9DD0-8D43-4EA9-B85D-8B3EC3E1BDA1} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\nnnljij.dll
O2 - BHO: CATLEvents Object - {CA5DDFAC-93D0-46B0-973E-D25832A0D119} - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\kjjxappu.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\bdblpwyn.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ulqiqwfb.dll",setvm
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [*gc] C:\WINDOWS\gc.exe rerun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll
O20 - Winlogon Notify: gc - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O20 - Winlogon Notify: nnnljij - C:\WINDOWS\SYSTEM32\nnnljij.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus (BackWeb Client - 2376288) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\2376288\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\F-Secure Anti-Virus\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\2376288\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Fswsclds - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe
alors voila le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 20:35:22, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\2376288\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\backweb\2376288\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Anti-Virus\backweb\2376288\Program\BackWeb-2376288.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\WcgopSvc.exe
C:\WINDOWS\gc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5BAF9DD0-8D43-4EA9-B85D-8B3EC3E1BDA1} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\nnnljij.dll
O2 - BHO: CATLEvents Object - {CA5DDFAC-93D0-46B0-973E-D25832A0D119} - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\kjjxappu.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\bdblpwyn.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ulqiqwfb.dll",setvm
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [*gc] C:\WINDOWS\gc.exe rerun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll
O20 - Winlogon Notify: gc - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O20 - Winlogon Notify: nnnljij - C:\WINDOWS\SYSTEM32\nnnljij.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus (BackWeb Client - 2376288) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\2376288\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\F-Secure Anti-Virus\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\2376288\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Fswsclds - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 20:37
17 mars 2007 à 20:37
enfin un truc qui marche ça fair plaisir ^^
normal avec l'infection, ca coince....
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 20:50
17 mars 2007 à 20:50
Ok je fais ça et je post les rapports merci
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 21:19
17 mars 2007 à 21:19
Alors voila le rapport vundo fix:
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 20:52:10 17/03/2007
Listing files found while scanning....
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\WINDOWS\system32\bdblpwyn.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\dhossqwm.dll
C:\WINDOWS\system32\gllwmxgq.exe
C:\WINDOWS\system32\khfffda.dll
C:\WINDOWS\system32\kjjxappu.dll
C:\WINDOWS\system32\ktjpowpv.dll
C:\WINDOWS\system32\lcqdmnsv.dll
C:\WINDOWS\system32\mwqssohd.ini
C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nopvpnsg.dll
C:\WINDOWS\system32\pntbotpe.dll
C:\WINDOWS\system32\tqxdongy.dll
C:\WINDOWS\system32\urmkpsaa.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\xyqshlqy.exe
C:\WINDOWS\system32\ydvihsbc.dll
Beginning removal...
Attempting to delete C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\bdblpwyn.dll
C:\WINDOWS\system32\bdblpwyn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dhossqwm.dll
C:\WINDOWS\system32\dhossqwm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gllwmxgq.exe
C:\WINDOWS\system32\gllwmxgq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfffda.dll
C:\WINDOWS\system32\khfffda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjxappu.dll
C:\WINDOWS\system32\kjjxappu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ktjpowpv.dll
C:\WINDOWS\system32\ktjpowpv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lcqdmnsv.dll
C:\WINDOWS\system32\lcqdmnsv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwqssohd.ini
C:\WINDOWS\system32\mwqssohd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nnnljij.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nopvpnsg.dll
C:\WINDOWS\system32\nopvpnsg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pntbotpe.dll
C:\WINDOWS\system32\pntbotpe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tqxdongy.dll
C:\WINDOWS\system32\tqxdongy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urmkpsaa.dll
C:\WINDOWS\system32\urmkpsaa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyqshlqy.exe
C:\WINDOWS\system32\xyqshlqy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ydvihsbc.dll
C:\WINDOWS\system32\ydvihsbc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nnnljij.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 20:52:10 17/03/2007
Listing files found while scanning....
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\WINDOWS\system32\bdblpwyn.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\dhossqwm.dll
C:\WINDOWS\system32\gllwmxgq.exe
C:\WINDOWS\system32\khfffda.dll
C:\WINDOWS\system32\kjjxappu.dll
C:\WINDOWS\system32\ktjpowpv.dll
C:\WINDOWS\system32\lcqdmnsv.dll
C:\WINDOWS\system32\mwqssohd.ini
C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nopvpnsg.dll
C:\WINDOWS\system32\pntbotpe.dll
C:\WINDOWS\system32\tqxdongy.dll
C:\WINDOWS\system32\urmkpsaa.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\xyqshlqy.exe
C:\WINDOWS\system32\ydvihsbc.dll
Beginning removal...
Attempting to delete C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\bdblpwyn.dll
C:\WINDOWS\system32\bdblpwyn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dhossqwm.dll
C:\WINDOWS\system32\dhossqwm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gllwmxgq.exe
C:\WINDOWS\system32\gllwmxgq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfffda.dll
C:\WINDOWS\system32\khfffda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjxappu.dll
C:\WINDOWS\system32\kjjxappu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ktjpowpv.dll
C:\WINDOWS\system32\ktjpowpv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lcqdmnsv.dll
C:\WINDOWS\system32\lcqdmnsv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwqssohd.ini
C:\WINDOWS\system32\mwqssohd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nnnljij.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nopvpnsg.dll
C:\WINDOWS\system32\nopvpnsg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pntbotpe.dll
C:\WINDOWS\system32\pntbotpe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tqxdongy.dll
C:\WINDOWS\system32\tqxdongy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urmkpsaa.dll
C:\WINDOWS\system32\urmkpsaa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyqshlqy.exe
C:\WINDOWS\system32\xyqshlqy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ydvihsbc.dll
C:\WINDOWS\system32\ydvihsbc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nnnljij.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 21:20
17 mars 2007 à 21:20
voila de nouvo l'autre rapport:
Logfile of HijackThis v1.99.1
Scan saved at 21:20:22, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\F-SECU~1\backweb\2376288\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\backweb\2376288\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\WcgopSvc.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\gc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Anti-Virus\backweb\2376288\Program\BackWeb-2376288.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {04128985-B203-47B3-B51E-6B183275D518} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\nnnljij.dll (file missing)
O2 - BHO: CATLEvents Object - {CA5DDFAC-93D0-46B0-973E-D25832A0D119} - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ulqiqwfb.dll",setvm
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [*gc] C:\WINDOWS\gc.exe rerun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gc - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus (BackWeb Client - 2376288) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\2376288\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\F-Secure Anti-Virus\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\2376288\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Fswsclds - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:20:22, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\F-SECU~1\backweb\2376288\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\backweb\2376288\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\WcgopSvc.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\gc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Anti-Virus\backweb\2376288\Program\BackWeb-2376288.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {04128985-B203-47B3-B51E-6B183275D518} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\nnnljij.dll (file missing)
O2 - BHO: CATLEvents Object - {CA5DDFAC-93D0-46B0-973E-D25832A0D119} - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ulqiqwfb.dll",setvm
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [*gc] C:\WINDOWS\gc.exe rerun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gc - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus (BackWeb Client - 2376288) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\2376288\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\F-Secure Anti-Virus\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\2376288\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Fswsclds - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 21:45
17 mars 2007 à 21:45
ok merci,
je regarde à nouveau tes rapports, il en reste je te préviens
je regarde à nouveau tes rapports, il en reste je te préviens
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 21:47
17 mars 2007 à 21:47
Je m'en doute qu'en il y a des pages web qui s'ouvrent totes seules c'est pas normal ^^.
En tout cas merci pour ton aide
En tout cas merci pour ton aide
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 21:58
17 mars 2007 à 21:58
re
* Télécharge Pocket KillBox sur ton bureau.
http://www.downloads.subratam.org/KillBox.exe
et
* Télécharge CCleaner.
https://www.pcastuces.com/logitheque/ccleaner.htm
Installe le dans un répertoire dédié.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
puis
* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle le fichier ci-dessous :
C:\WINDOWS\system32\ulqiqwfb.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix
puis
relance hijackthis et coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {04128985-B203-47B3-B51E-6B183275D518} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\nnnljij.dll (file missing)
O2 - BHO: CATLEvents Object - {CA5DDFAC-93D0-46B0-973E-D25832A0D119} - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ulqiqwfb.dll",setvm
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [*gc] C:\WINDOWS\gc.exe rerun
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.secuser.com
O20 - Winlogon Notify: gc - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Fswsclds - Unknown owner - (no file)
* ferme toutes les fenetres ouvertes y compris internet explorer et clique sur "fixer objet"
puis
* Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
* copie d'un trait les lignes de la citation suivante :
Sur PocketKillBox --> menu "File" --> "Paste from Clipboard" (tu ne verras rien se passer).
Tu peux vérifier dans le menu déroulant que tous les fichiers sont bien présents.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge
Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.
puis
* lance Ccleaner pour un nettoyage complet
puis
Démarrer "Exécuter…" puis Tape "services.msc" et valide par OK
la fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le.
Microsoft authenticate service (MsaSvc)
Et le chemin
C:\WINDOWS\system32\msasvc.exe
- Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés".
- Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné.
- Puis clique sur Arrêter
- Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
- valide la modification par OK
- Ferme la fenêtre des Services.
Puis
Ouvrir la section outils
Outils
Enlever un service NT
Entre :
Microsoft authenticate service
Valide
* reviens avec les rapports de vundo, et un nouveau hijackthis
* Télécharge Pocket KillBox sur ton bureau.
http://www.downloads.subratam.org/KillBox.exe
et
* Télécharge CCleaner.
https://www.pcastuces.com/logitheque/ccleaner.htm
Installe le dans un répertoire dédié.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
puis
* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle le fichier ci-dessous :
C:\WINDOWS\system32\ulqiqwfb.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix
puis
relance hijackthis et coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {04128985-B203-47B3-B51E-6B183275D518} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\nnnljij.dll (file missing)
O2 - BHO: CATLEvents Object - {CA5DDFAC-93D0-46B0-973E-D25832A0D119} - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ulqiqwfb.dll",setvm
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [*gc] C:\WINDOWS\gc.exe rerun
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.secuser.com
O20 - Winlogon Notify: gc - C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Fswsclds - Unknown owner - (no file)
* ferme toutes les fenetres ouvertes y compris internet explorer et clique sur "fixer objet"
puis
* Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
* copie d'un trait les lignes de la citation suivante :
C:\WINDOWS\system32\ulqiqwfb.dll C:\WINDOWS\system32\rpcc.dll C:\WINDOWS\system32\tcpipmon.exe C:\DOCUMENTS & SETTINGS\Romain\LOCALS SETTINGS\Temp\cg.dat C:\WINDOWS\gc.exe C:\WINDOWS\system32\msasvc.exe
Sur PocketKillBox --> menu "File" --> "Paste from Clipboard" (tu ne verras rien se passer).
Tu peux vérifier dans le menu déroulant que tous les fichiers sont bien présents.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge
Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.
puis
* lance Ccleaner pour un nettoyage complet
puis
Démarrer "Exécuter…" puis Tape "services.msc" et valide par OK
la fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le.
Microsoft authenticate service (MsaSvc)
Et le chemin
C:\WINDOWS\system32\msasvc.exe
- Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés".
- Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné.
- Puis clique sur Arrêter
- Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
- valide la modification par OK
- Ferme la fenêtre des Services.
Puis
Ouvrir la section outils
Outils
Enlever un service NT
Entre :
Microsoft authenticate service
Valide
* reviens avec les rapports de vundo, et un nouveau hijackthis
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
17 mars 2007 à 22:11
17 mars 2007 à 22:11
Houla sa fait beaucoup de chose j'aurais pas le temps de fair tout ça se soir mais je te remercie et je refais un post dem1.
philae83
Messages postés
12837
Date d'inscription
mercredi 3 janvier 2007
Statut
Contributeur sécurité
Dernière intervention
8 décembre 2009
206
17 mars 2007 à 22:34
17 mars 2007 à 22:34
ok, mais un conseil, tu commences, tu vas jusqu'au bout des manips, et tu ne fais que ça pendant ce temps là. Ne traine pas trop non +
rorodu22
Messages postés
35
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
10 juin 2007
18 mars 2007 à 09:33
18 mars 2007 à 09:33
voila 3 nouveaux rapports!!
Le premier rapport vundofix:
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 20:52:10 17/03/2007
Listing files found while scanning....
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\WINDOWS\system32\bdblpwyn.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\dhossqwm.dll
C:\WINDOWS\system32\gllwmxgq.exe
C:\WINDOWS\system32\khfffda.dll
C:\WINDOWS\system32\kjjxappu.dll
C:\WINDOWS\system32\ktjpowpv.dll
C:\WINDOWS\system32\lcqdmnsv.dll
C:\WINDOWS\system32\mwqssohd.ini
C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nopvpnsg.dll
C:\WINDOWS\system32\pntbotpe.dll
C:\WINDOWS\system32\tqxdongy.dll
C:\WINDOWS\system32\urmkpsaa.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\xyqshlqy.exe
C:\WINDOWS\system32\ydvihsbc.dll
Beginning removal...
Attempting to delete C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\bdblpwyn.dll
C:\WINDOWS\system32\bdblpwyn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dhossqwm.dll
C:\WINDOWS\system32\dhossqwm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gllwmxgq.exe
C:\WINDOWS\system32\gllwmxgq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfffda.dll
C:\WINDOWS\system32\khfffda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjxappu.dll
C:\WINDOWS\system32\kjjxappu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ktjpowpv.dll
C:\WINDOWS\system32\ktjpowpv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lcqdmnsv.dll
C:\WINDOWS\system32\lcqdmnsv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwqssohd.ini
C:\WINDOWS\system32\mwqssohd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nnnljij.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nopvpnsg.dll
C:\WINDOWS\system32\nopvpnsg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pntbotpe.dll
C:\WINDOWS\system32\pntbotpe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tqxdongy.dll
C:\WINDOWS\system32\tqxdongy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urmkpsaa.dll
C:\WINDOWS\system32\urmkpsaa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyqshlqy.exe
C:\WINDOWS\system32\xyqshlqy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ydvihsbc.dll
C:\WINDOWS\system32\ydvihsbc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nnnljij.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ulqiqwfb.dll
C:\WINDOWS\system32\ulqiqwfb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Le deuxième rapport vundo fix:
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 205210 17032007
Listing files found while scanning....
CDOCUME~1RomainLOCALS~1Tempcg.dat
CWINDOWSsystem32bdblpwyn.dll
CWINDOWSsystem32ddcyv.dll
CWINDOWSsystem32dhossqwm.dll
CWINDOWSsystem32gllwmxgq.exe
CWINDOWSsystem32khfffda.dll
CWINDOWSsystem32kjjxappu.dll
CWINDOWSsystem32ktjpowpv.dll
CWINDOWSsystem32lcqdmnsv.dll
CWINDOWSsystem32mwqssohd.ini
CWINDOWSsystem32nnnljij.dll
CWINDOWSsystem32nopvpnsg.dll
CWINDOWSsystem32pntbotpe.dll
CWINDOWSsystem32tqxdongy.dll
CWINDOWSsystem32urmkpsaa.dll
CWINDOWSsystem32vycdd.bak1
CWINDOWSsystem32vycdd.bak2
CWINDOWSsystem32vycdd.ini
CWINDOWSsystem32xyqshlqy.exe
CWINDOWSsystem32ydvihsbc.dll
Beginning removal...
Attempting to delete CDOCUME~1RomainLOCALS~1Tempcg.dat
CDOCUME~1RomainLOCALS~1Tempcg.dat Could not be deleted.
Attempting to delete CWINDOWSsystem32bdblpwyn.dll
CWINDOWSsystem32bdblpwyn.dll Has been deleted!
Attempting to delete CWINDOWSsystem32ddcyv.dll
CWINDOWSsystem32ddcyv.dll Has been deleted!
Attempting to delete CWINDOWSsystem32dhossqwm.dll
CWINDOWSsystem32dhossqwm.dll Has been deleted!
Attempting to delete CWINDOWSsystem32gllwmxgq.exe
CWINDOWSsystem32gllwmxgq.exe Has been deleted!
Attempting to delete CWINDOWSsystem32khfffda.dll
CWINDOWSsystem32khfffda.dll Has been deleted!
Attempting to delete CWINDOWSsystem32kjjxappu.dll
CWINDOWSsystem32kjjxappu.dll Has been deleted!
Attempting to delete CWINDOWSsystem32ktjpowpv.dll
CWINDOWSsystem32ktjpowpv.dll Has been deleted!
Attempting to delete CWINDOWSsystem32lcqdmnsv.dll
CWINDOWSsystem32lcqdmnsv.dll Has been deleted!
Attempting to delete CWINDOWSsystem32mwqssohd.ini
CWINDOWSsystem32mwqssohd.ini Has been deleted!
Attempting to delete CWINDOWSsystem32nnnljij.dll
CWINDOWSsystem32nnnljij.dll Could not be deleted.
Attempting to delete CWINDOWSsystem32nopvpnsg.dll
CWINDOWSsystem32nopvpnsg.dll Has been deleted!
Attempting to delete CWINDOWSsystem32pntbotpe.dll
CWINDOWSsystem32pntbotpe.dll Has been deleted!
Attempting to delete CWINDOWSsystem32tqxdongy.dll
CWINDOWSsystem32tqxdongy.dll Has been deleted!
Attempting to delete CWINDOWSsystem32urmkpsaa.dll
CWINDOWSsystem32urmkpsaa.dll Has been deleted!
Attempting to delete CWINDOWSsystem32vycdd.bak1
CWINDOWSsystem32vycdd.bak1 Has been deleted!
Attempting to delete CWINDOWSsystem32vycdd.bak2
CWINDOWSsystem32vycdd.bak2 Has been deleted!
Attempting to delete CWINDOWSsystem32vycdd.ini
CWINDOWSsystem32vycdd.ini Has been deleted!
Attempting to delete CWINDOWSsystem32xyqshlqy.exe
CWINDOWSsystem32xyqshlqy.exe Has been deleted!
Attempting to delete CWINDOWSsystem32ydvihsbc.dll
CWINDOWSsystem32ydvihsbc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete CDOCUME~1RomainLOCALS~1Tempcg.dat
CDOCUME~1RomainLOCALS~1Tempcg.dat Could not be deleted.
Attempting to delete CWINDOWSsystem32nnnljij.dll
CWINDOWSsystem32nnnljij.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Beginning removal...
Attempting to delete CWINDOWSsystem32ulqiqwfb.dll
CWINDOWSsystem32ulqiqwfb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 002301 18032007
Listing files found while scanning....
CDOCUME~1RomainLOCALS~1Tempcg.dat
Beginning removal...
Attempting to delete CDOCUME~1RomainLOCALS~1Tempcg.dat
CDOCUME~1RomainLOCALS~1Tempcg.dat Has been deleted!
Performing Repairs to the registry.
Done!
Le premier rapport vundofix:
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 20:52:10 17/03/2007
Listing files found while scanning....
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\WINDOWS\system32\bdblpwyn.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\dhossqwm.dll
C:\WINDOWS\system32\gllwmxgq.exe
C:\WINDOWS\system32\khfffda.dll
C:\WINDOWS\system32\kjjxappu.dll
C:\WINDOWS\system32\ktjpowpv.dll
C:\WINDOWS\system32\lcqdmnsv.dll
C:\WINDOWS\system32\mwqssohd.ini
C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nopvpnsg.dll
C:\WINDOWS\system32\pntbotpe.dll
C:\WINDOWS\system32\tqxdongy.dll
C:\WINDOWS\system32\urmkpsaa.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\xyqshlqy.exe
C:\WINDOWS\system32\ydvihsbc.dll
Beginning removal...
Attempting to delete C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\bdblpwyn.dll
C:\WINDOWS\system32\bdblpwyn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dhossqwm.dll
C:\WINDOWS\system32\dhossqwm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gllwmxgq.exe
C:\WINDOWS\system32\gllwmxgq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfffda.dll
C:\WINDOWS\system32\khfffda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjxappu.dll
C:\WINDOWS\system32\kjjxappu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ktjpowpv.dll
C:\WINDOWS\system32\ktjpowpv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lcqdmnsv.dll
C:\WINDOWS\system32\lcqdmnsv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwqssohd.ini
C:\WINDOWS\system32\mwqssohd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nnnljij.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nopvpnsg.dll
C:\WINDOWS\system32\nopvpnsg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pntbotpe.dll
C:\WINDOWS\system32\pntbotpe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tqxdongy.dll
C:\WINDOWS\system32\tqxdongy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urmkpsaa.dll
C:\WINDOWS\system32\urmkpsaa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyqshlqy.exe
C:\WINDOWS\system32\xyqshlqy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ydvihsbc.dll
C:\WINDOWS\system32\ydvihsbc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat
C:\DOCUME~1\Romain\LOCALS~1\Temp\cg.dat Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnljij.dll
C:\WINDOWS\system32\nnnljij.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ulqiqwfb.dll
C:\WINDOWS\system32\ulqiqwfb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Le deuxième rapport vundo fix:
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 205210 17032007
Listing files found while scanning....
CDOCUME~1RomainLOCALS~1Tempcg.dat
CWINDOWSsystem32bdblpwyn.dll
CWINDOWSsystem32ddcyv.dll
CWINDOWSsystem32dhossqwm.dll
CWINDOWSsystem32gllwmxgq.exe
CWINDOWSsystem32khfffda.dll
CWINDOWSsystem32kjjxappu.dll
CWINDOWSsystem32ktjpowpv.dll
CWINDOWSsystem32lcqdmnsv.dll
CWINDOWSsystem32mwqssohd.ini
CWINDOWSsystem32nnnljij.dll
CWINDOWSsystem32nopvpnsg.dll
CWINDOWSsystem32pntbotpe.dll
CWINDOWSsystem32tqxdongy.dll
CWINDOWSsystem32urmkpsaa.dll
CWINDOWSsystem32vycdd.bak1
CWINDOWSsystem32vycdd.bak2
CWINDOWSsystem32vycdd.ini
CWINDOWSsystem32xyqshlqy.exe
CWINDOWSsystem32ydvihsbc.dll
Beginning removal...
Attempting to delete CDOCUME~1RomainLOCALS~1Tempcg.dat
CDOCUME~1RomainLOCALS~1Tempcg.dat Could not be deleted.
Attempting to delete CWINDOWSsystem32bdblpwyn.dll
CWINDOWSsystem32bdblpwyn.dll Has been deleted!
Attempting to delete CWINDOWSsystem32ddcyv.dll
CWINDOWSsystem32ddcyv.dll Has been deleted!
Attempting to delete CWINDOWSsystem32dhossqwm.dll
CWINDOWSsystem32dhossqwm.dll Has been deleted!
Attempting to delete CWINDOWSsystem32gllwmxgq.exe
CWINDOWSsystem32gllwmxgq.exe Has been deleted!
Attempting to delete CWINDOWSsystem32khfffda.dll
CWINDOWSsystem32khfffda.dll Has been deleted!
Attempting to delete CWINDOWSsystem32kjjxappu.dll
CWINDOWSsystem32kjjxappu.dll Has been deleted!
Attempting to delete CWINDOWSsystem32ktjpowpv.dll
CWINDOWSsystem32ktjpowpv.dll Has been deleted!
Attempting to delete CWINDOWSsystem32lcqdmnsv.dll
CWINDOWSsystem32lcqdmnsv.dll Has been deleted!
Attempting to delete CWINDOWSsystem32mwqssohd.ini
CWINDOWSsystem32mwqssohd.ini Has been deleted!
Attempting to delete CWINDOWSsystem32nnnljij.dll
CWINDOWSsystem32nnnljij.dll Could not be deleted.
Attempting to delete CWINDOWSsystem32nopvpnsg.dll
CWINDOWSsystem32nopvpnsg.dll Has been deleted!
Attempting to delete CWINDOWSsystem32pntbotpe.dll
CWINDOWSsystem32pntbotpe.dll Has been deleted!
Attempting to delete CWINDOWSsystem32tqxdongy.dll
CWINDOWSsystem32tqxdongy.dll Has been deleted!
Attempting to delete CWINDOWSsystem32urmkpsaa.dll
CWINDOWSsystem32urmkpsaa.dll Has been deleted!
Attempting to delete CWINDOWSsystem32vycdd.bak1
CWINDOWSsystem32vycdd.bak1 Has been deleted!
Attempting to delete CWINDOWSsystem32vycdd.bak2
CWINDOWSsystem32vycdd.bak2 Has been deleted!
Attempting to delete CWINDOWSsystem32vycdd.ini
CWINDOWSsystem32vycdd.ini Has been deleted!
Attempting to delete CWINDOWSsystem32xyqshlqy.exe
CWINDOWSsystem32xyqshlqy.exe Has been deleted!
Attempting to delete CWINDOWSsystem32ydvihsbc.dll
CWINDOWSsystem32ydvihsbc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete CDOCUME~1RomainLOCALS~1Tempcg.dat
CDOCUME~1RomainLOCALS~1Tempcg.dat Could not be deleted.
Attempting to delete CWINDOWSsystem32nnnljij.dll
CWINDOWSsystem32nnnljij.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Beginning removal...
Attempting to delete CWINDOWSsystem32ulqiqwfb.dll
CWINDOWSsystem32ulqiqwfb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 002301 18032007
Listing files found while scanning....
CDOCUME~1RomainLOCALS~1Tempcg.dat
Beginning removal...
Attempting to delete CDOCUME~1RomainLOCALS~1Tempcg.dat
CDOCUME~1RomainLOCALS~1Tempcg.dat Has been deleted!
Performing Repairs to the registry.
Done!