A voir également:
- Drive Cleaner
- Hd cleaner - Télécharger - Optimisation
- Windows memory cleaner - Télécharger - Optimisation
- Adw cleaner - Télécharger - Antivirus & Antimalwares
- Google drive - Accueil - Arnaque
- Flash drive tester - Télécharger - Divers Utilitaires
4 réponses
bonjour,
* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)
Enregistre le sur ton Bureau.
Double-clique blbeta.exe
Clique sur "I ACCEPT" .
clique Scan puis Next<*gras>
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé <gras>fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)
Enregistre le sur ton Bureau.
Double-clique blbeta.exe
Clique sur "I ACCEPT" .
clique Scan puis Next<*gras>
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé <gras>fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
re
ras
* Télécharge HijackThis et poste le rapport stp
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
ras
* Télécharge HijackThis et poste le rapport stp
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
Merci voilà le rapport de HitjackThis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:51:17, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BI£€£\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {43726694-647C-4083-8985-08DE180C9F2e} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\uctcnjmk.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D3281F0-4D9F-494F-92D7-CCE481695916} - C:\WINDOWS\system32\awtqq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SvcManager] algs6.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lywxocja.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: hgggfde - C:\WINDOWS\SYSTEM32\hgggfde.dll
O20 - Winlogon Notify: ljjjhih - C:\WINDOWS\SYSTEM32\ljjjhih.dll
O20 - Winlogon Notify: ljjkljg - C:\WINDOWS\SYSTEM32\ljjkljg.dll
O20 - Winlogon Notify: mljgdab - C:\WINDOWS\SYSTEM32\mljgdab.dll
O20 - Winlogon Notify: nnnmjjk - C:\WINDOWS\SYSTEM32\nnnmjjk.dll
O20 - Winlogon Notify: nnnmkjg - C:\WINDOWS\SYSTEM32\nnnmkjg.dll
O20 - Winlogon Notify: nnnnkli - C:\WINDOWS\SYSTEM32\nnnnkli.dll
O20 - Winlogon Notify: nnnnlmm - C:\WINDOWS\SYSTEM32\nnnnlmm.dll
O20 - Winlogon Notify: opnnmmm - C:\WINDOWS\SYSTEM32\opnnmmm.dll
O20 - Winlogon Notify: opnoomj - C:\WINDOWS\SYSTEM32\opnoomj.dll
O20 - Winlogon Notify: pmnkhgg - C:\WINDOWS\SYSTEM32\pmnkhgg.dll
O20 - Winlogon Notify: rqronoo - C:\WINDOWS\SYSTEM32\rqronoo.dll
O20 - Winlogon Notify: ssqnllj - C:\WINDOWS\SYSTEM32\ssqnllj.dll
O20 - Winlogon Notify: ssqqrpp - C:\WINDOWS\SYSTEM32\ssqqrpp.dll
O20 - Winlogon Notify: tuvvusp - C:\WINDOWS\SYSTEM32\tuvvusp.dll
O20 - Winlogon Notify: urqpmmm - C:\WINDOWS\SYSTEM32\urqpmmm.dll
O20 - Winlogon Notify: yayaxxu - C:\WINDOWS\SYSTEM32\yayaxxu.dll
O20 - Winlogon Notify: yaywttu - C:\WINDOWS\SYSTEM32\yaywttu.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:51:17, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BI£€£\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {43726694-647C-4083-8985-08DE180C9F2e} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\uctcnjmk.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D3281F0-4D9F-494F-92D7-CCE481695916} - C:\WINDOWS\system32\awtqq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SvcManager] algs6.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lywxocja.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: hgggfde - C:\WINDOWS\SYSTEM32\hgggfde.dll
O20 - Winlogon Notify: ljjjhih - C:\WINDOWS\SYSTEM32\ljjjhih.dll
O20 - Winlogon Notify: ljjkljg - C:\WINDOWS\SYSTEM32\ljjkljg.dll
O20 - Winlogon Notify: mljgdab - C:\WINDOWS\SYSTEM32\mljgdab.dll
O20 - Winlogon Notify: nnnmjjk - C:\WINDOWS\SYSTEM32\nnnmjjk.dll
O20 - Winlogon Notify: nnnmkjg - C:\WINDOWS\SYSTEM32\nnnmkjg.dll
O20 - Winlogon Notify: nnnnkli - C:\WINDOWS\SYSTEM32\nnnnkli.dll
O20 - Winlogon Notify: nnnnlmm - C:\WINDOWS\SYSTEM32\nnnnlmm.dll
O20 - Winlogon Notify: opnnmmm - C:\WINDOWS\SYSTEM32\opnnmmm.dll
O20 - Winlogon Notify: opnoomj - C:\WINDOWS\SYSTEM32\opnoomj.dll
O20 - Winlogon Notify: pmnkhgg - C:\WINDOWS\SYSTEM32\pmnkhgg.dll
O20 - Winlogon Notify: rqronoo - C:\WINDOWS\SYSTEM32\rqronoo.dll
O20 - Winlogon Notify: ssqnllj - C:\WINDOWS\SYSTEM32\ssqnllj.dll
O20 - Winlogon Notify: ssqqrpp - C:\WINDOWS\SYSTEM32\ssqqrpp.dll
O20 - Winlogon Notify: tuvvusp - C:\WINDOWS\SYSTEM32\tuvvusp.dll
O20 - Winlogon Notify: urqpmmm - C:\WINDOWS\SYSTEM32\urqpmmm.dll
O20 - Winlogon Notify: yayaxxu - C:\WINDOWS\SYSTEM32\yayaxxu.dll
O20 - Winlogon Notify: yaywttu - C:\WINDOWS\SYSTEM32\yaywttu.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
jolie infection !
tu n'as pas pris le lien que je t'ai donné pour HJT, télécharge stp la version 1.99.1, celle ci est une bêta !
ensuite
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis(version 1.99.1) dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
tu n'as pas pris le lien que je t'ai donné pour HJT, télécharge stp la version 1.99.1, celle ci est une bêta !
ensuite
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis(version 1.99.1) dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Merci de m'avoir répondu
Voici le rapport de VundoFix
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 16:32:00 03/04/2007
Listing files found while scanning....
C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\ajcoxwyl.ini
C:\WINDOWS\system32\awtqppm.dll
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\cbxyaab.dll
C:\WINDOWS\system32\efcdbbc.dll
C:\WINDOWS\system32\fcccyxu.dll
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\hgggfde.dll
C:\WINDOWS\system32\iifdeee.dll
C:\WINDOWS\system32\iifebyy.dll
C:\WINDOWS\system32\iifefef.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkkhghe.dll
C:\WINDOWS\system32\jkkjggg.dll
C:\WINDOWS\system32\khfeebx.dll
C:\WINDOWS\system32\krqcpyuy.exe
C:\WINDOWS\system32\ljjjgfe.dll
C:\WINDOWS\system32\ljjjhih.dll
C:\WINDOWS\system32\ljjkigg.dll
C:\WINDOWS\system32\ljjkljg.dll
C:\WINDOWS\system32\lywxocja.dll
C:\WINDOWS\system32\mljgdab.dll
C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\nnnmjjk.dll
C:\WINDOWS\system32\nnnmkjg.dll
C:\WINDOWS\system32\nnnnkli.dll
C:\WINDOWS\system32\nnnnlmm.dll
C:\WINDOWS\system32\opnmlji.dll
C:\WINDOWS\system32\opnnmmm.dll
C:\WINDOWS\system32\opnoomj.dll
C:\WINDOWS\system32\pmnkhgg.dll
C:\WINDOWS\system32\pmnnkjk.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\rqronoo.dll
C:\WINDOWS\system32\rqrrpop.dll
C:\WINDOWS\system32\ssqnllj.dll
C:\WINDOWS\system32\ssqqrpp.dll
C:\WINDOWS\system32\tuvuvtt.dll
C:\WINDOWS\system32\tuvvusp.dll
C:\WINDOWS\system32\uctcnjmk.dll
C:\WINDOWS\system32\urqpmmm.dll
C:\WINDOWS\system32\vtuursr.dll
C:\WINDOWS\system32\xxyvtsp.dll
C:\WINDOWS\system32\yayaxxu.dll
C:\WINDOWS\system32\yaywttu.dll
Beginning removal...
Attempting to delete C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\WINDOWS\system32\ajcoxwyl.ini
C:\WINDOWS\system32\ajcoxwyl.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtqppm.dll
C:\WINDOWS\system32\awtqppm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxyaab.dll
C:\WINDOWS\system32\cbxyaab.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcdbbc.dll
C:\WINDOWS\system32\efcdbbc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fcccyxu.dll
C:\WINDOWS\system32\fcccyxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgggfde.dll
C:\WINDOWS\system32\hgggfde.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifdeee.dll
C:\WINDOWS\system32\iifdeee.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifebyy.dll
C:\WINDOWS\system32\iifebyy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifefef.dll
C:\WINDOWS\system32\iifefef.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkhghe.dll
C:\WINDOWS\system32\jkkhghe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjggg.dll
C:\WINDOWS\system32\jkkjggg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfeebx.dll
C:\WINDOWS\system32\khfeebx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\krqcpyuy.exe
C:\WINDOWS\system32\krqcpyuy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjgfe.dll
C:\WINDOWS\system32\ljjjgfe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjhih.dll
C:\WINDOWS\system32\ljjjhih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjkigg.dll
C:\WINDOWS\system32\ljjkigg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjkljg.dll
C:\WINDOWS\system32\ljjkljg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lywxocja.dll
C:\WINDOWS\system32\lywxocja.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgdab.dll
C:\WINDOWS\system32\mljgdab.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\mljjihh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmjjk.dll
C:\WINDOWS\system32\nnnmjjk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmkjg.dll
C:\WINDOWS\system32\nnnmkjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnnkli.dll
C:\WINDOWS\system32\nnnnkli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnnlmm.dll
C:\WINDOWS\system32\nnnnlmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnmlji.dll
C:\WINDOWS\system32\opnmlji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnnmmm.dll
C:\WINDOWS\system32\opnnmmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnoomj.dll
C:\WINDOWS\system32\opnoomj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnkhgg.dll
C:\WINDOWS\system32\pmnkhgg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnnkjk.dll
C:\WINDOWS\system32\pmnnkjk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqronoo.dll
C:\WINDOWS\system32\rqronoo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrrpop.dll
C:\WINDOWS\system32\rqrrpop.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqnllj.dll
C:\WINDOWS\system32\ssqnllj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqqrpp.dll
C:\WINDOWS\system32\ssqqrpp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvuvtt.dll
C:\WINDOWS\system32\tuvuvtt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvvusp.dll
C:\WINDOWS\system32\tuvvusp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uctcnjmk.dll
C:\WINDOWS\system32\uctcnjmk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqpmmm.dll
C:\WINDOWS\system32\urqpmmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuursr.dll
C:\WINDOWS\system32\vtuursr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvtsp.dll
C:\WINDOWS\system32\xxyvtsp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayaxxu.dll
C:\WINDOWS\system32\yayaxxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yaywttu.dll
C:\WINDOWS\system32\yaywttu.dll Has been deleted!
Performing Repairs to the registry.
Done!
Voici le rapport de VundoFix
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 16:32:00 03/04/2007
Listing files found while scanning....
C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\ajcoxwyl.ini
C:\WINDOWS\system32\awtqppm.dll
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\cbxyaab.dll
C:\WINDOWS\system32\efcdbbc.dll
C:\WINDOWS\system32\fcccyxu.dll
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\hgggfde.dll
C:\WINDOWS\system32\iifdeee.dll
C:\WINDOWS\system32\iifebyy.dll
C:\WINDOWS\system32\iifefef.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkkhghe.dll
C:\WINDOWS\system32\jkkjggg.dll
C:\WINDOWS\system32\khfeebx.dll
C:\WINDOWS\system32\krqcpyuy.exe
C:\WINDOWS\system32\ljjjgfe.dll
C:\WINDOWS\system32\ljjjhih.dll
C:\WINDOWS\system32\ljjkigg.dll
C:\WINDOWS\system32\ljjkljg.dll
C:\WINDOWS\system32\lywxocja.dll
C:\WINDOWS\system32\mljgdab.dll
C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\nnnmjjk.dll
C:\WINDOWS\system32\nnnmkjg.dll
C:\WINDOWS\system32\nnnnkli.dll
C:\WINDOWS\system32\nnnnlmm.dll
C:\WINDOWS\system32\opnmlji.dll
C:\WINDOWS\system32\opnnmmm.dll
C:\WINDOWS\system32\opnoomj.dll
C:\WINDOWS\system32\pmnkhgg.dll
C:\WINDOWS\system32\pmnnkjk.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\rqronoo.dll
C:\WINDOWS\system32\rqrrpop.dll
C:\WINDOWS\system32\ssqnllj.dll
C:\WINDOWS\system32\ssqqrpp.dll
C:\WINDOWS\system32\tuvuvtt.dll
C:\WINDOWS\system32\tuvvusp.dll
C:\WINDOWS\system32\uctcnjmk.dll
C:\WINDOWS\system32\urqpmmm.dll
C:\WINDOWS\system32\vtuursr.dll
C:\WINDOWS\system32\xxyvtsp.dll
C:\WINDOWS\system32\yayaxxu.dll
C:\WINDOWS\system32\yaywttu.dll
Beginning removal...
Attempting to delete C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\BI£€£\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\WINDOWS\system32\ajcoxwyl.ini
C:\WINDOWS\system32\ajcoxwyl.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtqppm.dll
C:\WINDOWS\system32\awtqppm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxyaab.dll
C:\WINDOWS\system32\cbxyaab.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcdbbc.dll
C:\WINDOWS\system32\efcdbbc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fcccyxu.dll
C:\WINDOWS\system32\fcccyxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgggfde.dll
C:\WINDOWS\system32\hgggfde.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifdeee.dll
C:\WINDOWS\system32\iifdeee.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifebyy.dll
C:\WINDOWS\system32\iifebyy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifefef.dll
C:\WINDOWS\system32\iifefef.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkhghe.dll
C:\WINDOWS\system32\jkkhghe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjggg.dll
C:\WINDOWS\system32\jkkjggg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfeebx.dll
C:\WINDOWS\system32\khfeebx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\krqcpyuy.exe
C:\WINDOWS\system32\krqcpyuy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjgfe.dll
C:\WINDOWS\system32\ljjjgfe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjhih.dll
C:\WINDOWS\system32\ljjjhih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjkigg.dll
C:\WINDOWS\system32\ljjkigg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjkljg.dll
C:\WINDOWS\system32\ljjkljg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lywxocja.dll
C:\WINDOWS\system32\lywxocja.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgdab.dll
C:\WINDOWS\system32\mljgdab.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\mljjihh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmjjk.dll
C:\WINDOWS\system32\nnnmjjk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmkjg.dll
C:\WINDOWS\system32\nnnmkjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnnkli.dll
C:\WINDOWS\system32\nnnnkli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnnlmm.dll
C:\WINDOWS\system32\nnnnlmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnmlji.dll
C:\WINDOWS\system32\opnmlji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnnmmm.dll
C:\WINDOWS\system32\opnnmmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnoomj.dll
C:\WINDOWS\system32\opnoomj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnkhgg.dll
C:\WINDOWS\system32\pmnkhgg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnnkjk.dll
C:\WINDOWS\system32\pmnnkjk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqronoo.dll
C:\WINDOWS\system32\rqronoo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrrpop.dll
C:\WINDOWS\system32\rqrrpop.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqnllj.dll
C:\WINDOWS\system32\ssqnllj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqqrpp.dll
C:\WINDOWS\system32\ssqqrpp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvuvtt.dll
C:\WINDOWS\system32\tuvuvtt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvvusp.dll
C:\WINDOWS\system32\tuvvusp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uctcnjmk.dll
C:\WINDOWS\system32\uctcnjmk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqpmmm.dll
C:\WINDOWS\system32\urqpmmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuursr.dll
C:\WINDOWS\system32\vtuursr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvtsp.dll
C:\WINDOWS\system32\xxyvtsp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayaxxu.dll
C:\WINDOWS\system32\yayaxxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yaywttu.dll
C:\WINDOWS\system32\yaywttu.dll Has been deleted!
Performing Repairs to the registry.
Done!
et voici le rapport de HitjackThis
Logfile of HijackThis v1.99.1
Scan saved at 16:31:04, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BI865D~1\LOCALS~1\Temp\Rar$EX01.453\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SvcManager] algs6.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lywxocja.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:31:04, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BI865D~1\LOCALS~1\Temp\Rar$EX01.453\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SvcManager] algs6.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lywxocja.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
re
* réinstalle hijackthis correctement il ne doit pas être situé dans les fichiers temporaires
C:\DOCUME~1\BI865D~1\LOCALS~1\Temp\Rar$EX01.453\HijackThis.exe
puis
* lance hijackthis "do a system scan only" puis coche ces lignes :
O4 - HKLM\..\Run: [SvcManager] algs6.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lywxocja.dll",setvm
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
* ferme toutes les applications ouvertes y compris Internet Explorer et clique sur "fix checked"
* fait un scan antivirus en ligne et poste le rapport ici ensuite
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ainsi qu'un nouveau rapport hijackthis
* réinstalle hijackthis correctement il ne doit pas être situé dans les fichiers temporaires
C:\DOCUME~1\BI865D~1\LOCALS~1\Temp\Rar$EX01.453\HijackThis.exe
puis
* lance hijackthis "do a system scan only" puis coche ces lignes :
O4 - HKLM\..\Run: [SvcManager] algs6.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lywxocja.dll",setvm
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
* ferme toutes les applications ouvertes y compris Internet Explorer et clique sur "fix checked"
* fait un scan antivirus en ligne et poste le rapport ici ensuite
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ainsi qu'un nouveau rapport hijackthis
Mais je croi qu'il n'a rien détécté voici le rapport
04/03/07 12:30:12 [Info]: BlackLight Engine 1.0.61 initialized
04/03/07 12:30:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/03/07 12:30:12 [Note]: 7019 4
04/03/07 12:30:12 [Note]: 7005 0
04/03/07 12:30:29 [Note]: 7006 0
04/03/07 12:30:29 [Note]: 7011 1976
04/03/07 12:30:29 [Note]: 7026 0
04/03/07 12:30:29 [Note]: 7026 0
04/03/07 12:30:43 [Note]: FSRAW library version 1.7.1021
04/03/07 12:34:56 [Note]: 7007 0