Impossible ouvrir ajout suppression program

Résolu
lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   -  
 ninaz77 -
bonjour,
je pense qu'un vilain cheval de troie vient me casser les pieds

avast a detecté une cheval de troie que j'ai mis en quarantaine puis supprimé tous les fichiers (le problème c'est que je ne me souviens pas du nom)
mais des fenêtres publicitaires intempestives surgissent sans arret
j'ai donc lancé spybot, adaware, asquared et ccleaner.
mais.... mais... mais... mon problème ne semble pas réglé pour autant.
voila maintenant que je ne peux plus ouvrir dans panneau de config "ajout/suppression de programme"

si quelqu'un dans ce fabuleux forum peut me donner a coup de main pour assainir mon ordi, il sera le bienvenue !!
merci par avance
Configuration: Windows XP
Internet Explorer 6.0

37 réponses

  • 1
  • 2
Résumé de la discussion

Problème central : un cheval de Troie suspecté génère des publicités intempestives après qu’un antivirus ait mis en quarantaine puis supprimé des fichiers, sur un PC Windows XP avec Internet Explorer 6. Des outils comme Spybot, Adaware, A-Squared et CCleaner ont été lancés sans résoudre le problème, et l’utilisateur signale aussi l’impossibilité d’ouvrir Ajout/Suppression de programmes dans le Panneau de configuration. Des analyses de HijackThis apparaissent dans les réponses, indiquant des listes étendues d’extensions et de modules, mais les conseils varient entre suspicion de rootkit et recommandation d’attendre un spécialiste.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. rudyrital Messages postés 6233 Statut Membre 131
     
    Tout d'abord Bonjour et bienvenue sur le forum d'entraide COMMENT CA MARCHE

    télécharge HijackThis ici:
    https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    renomme hijackthis en "scan" par exemple

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage
    A+
    0
  2. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    merci et bonjour rudyrital pour ton soutien
    alors voici le copier coller de mon hijackthis tel que demandé

    Logfile of HijackThis v1.99.1
    Scan saved at 03:25:36, on 09/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Documents and Settings\proprietaire\ie_updater1.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\mmcdflbx.dll",realset
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\proprietaire\ie_updater1.exe

    je vais de ce pas me coucher pour etre attentive à tes conseils demain matin ... lol
    0
  3. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    non? vraiment personne pour m'aider aujourd'hui.?
    avast s'affole a chaque ouverture de mon ordi....
    gloups
    0
  4. rudyrital Messages postés 6233 Statut Membre 131
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau:

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    Redémarre ton ordinateur
    Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    ah ! genial , voila mon sauveur,
    hello rudyrital
    voila le sdfx

    SDFix: Version 1.83

    Run by proprietaire - 09/05/2007 - 19:38:05,29

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\PROPRI~1\MESDOC~1\logiciel\sdfix\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\33_1_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\33_2_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\33_3_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\33_4_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\33_5_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\33_6_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33CA8Z~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_10_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_11_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_1_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_2_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_3_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_4_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_5_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_6_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_7_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_8_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\33_9_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\33_1_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\33_2_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\33_3_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\33_4_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\33_5_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\33_6_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\33_7_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\33_8_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_1_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_2_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_3_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_4_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_5_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_6_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_7_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_8_~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_1~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_2~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_3~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_4~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_5~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_6~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_7~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_8~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\1303_9~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_1~2 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_1~3 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_1~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_2~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_3~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_4~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_5~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_6~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_7~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_8~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_9~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\1303_1~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\1303_2~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\1303_3~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303CA~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303CA~2 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_1~2 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_1~3 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_1~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_2~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_3~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_4~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_5~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_6~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_7~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_8~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\1303_9~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\LOADER~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\LOADER~2 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\LOADER~3 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\3A1AOUIW\LOADER~4 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\LOADER~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\LOADER~2 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\LOADER~3 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\LOADER~4 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\LOADER~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\LOADER~2 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\LOADER~3 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\LOADER~4 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\LOADER~1 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\LOADER~2 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\LOADER~3 - Deleted
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\LOADER~4 - Deleted
    C:\WINDOWS\system32\RunOnce1.t__ - Deleted
    C:\WINDOWS\system32\RunOnce1.tm_ - Deleted

    Removing Temp Files

    ADS Check:

    Checking if ADS is attached to system32 Folder
    C:\WINDOWS\system32
    No streams found.

    Checking if ADS is attached to svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files:
    ---------------
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\ZKN3FE30\33_1_~1 Found
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\PF20VKV0\1303_1~1 Found
    C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WAKW70PF\LOADER~1 Found
    C:\WINDOWS\system32\RunOnce1.t__ Found
    C:\WINDOWS\system32\RunOnce1.tm_ Found

    Backups Folder: - C:\DOCUME~1\PROPRI~1\MESDOC~1\logiciel\sdfix\SDFix\backups\backups.zip

    Checking For Files with Hidden Attributes:

    C:\WINDOWS\system32\pmkhf.dll
    C:\WINDOWS\SMINST\HPCD.SYS

    Finished

    et le hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 19:51:13, on 09/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Documents and Settings\proprietaire\ie_updater1.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\winupd_KB10560986.exe
    C:\WINDOWS\system32\winupd_KB69665071.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\mmcdflbx.dll",realset
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\proprietaire\ie_updater1.exe

    merci pour ton aide précieuse
    0
  7. rudyrital Messages postés 6233 Statut Membre 131
     
    Salut lauralee,

    peut tu renomer hijackthis en "scan" par exemple puis remet un nouveau log
    merci
    0
  8. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    j'espere avoir bien compris ta demande, j'ai renommé le nouveau hijackthis en scan

    Logfile of HijackThis v1.99.1
    Scan saved at 23:42:41, on 09/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Documents and Settings\proprietaire\ie_updater1.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\mmcdflbx.dll",realset
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\proprietaire\ie_updater1.exe
    0
  9. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    mais je pense que ce n'est pas ce que tu voulais, je ne vois pas la différence avec le précédent
    gloups
    0
  10. rudyrital Messages postés 6233 Statut Membre 131
     
    C:\HijackThis\HijackThis.exe
    c'est pas bon
    moi je voudrais qu'il y est
    C:\scan\scan.exe

    0
  11. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    je pense que c 'est bon cette fois

    Logfile of HijackThis v1.99.1
    Scan saved at 23:54:32, on 09/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Documents and Settings\proprietaire\ie_updater1.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\scan\scan.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {26FAFD75-1005-41F6-978D-178C00165C0B} - C:\WINDOWS\system32\jkkheba.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll
    O2 - BHO: (no name) - {BB19F2A9-3F31-46DC-A9F7-05C3F45B8C92} - C:\WINDOWS\system32\pmkhf.dll
    O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\rmvlafrp.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\mmcdflbx.dll",realset
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: jkkheba - C:\WINDOWS\SYSTEM32\jkkheba.dll
    O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\proprietaire\ie_updater1.exe
    0
  12. rudyrital Messages postés 6233 Statut Membre 131
     
    regarde le resultat avec le "renommé"::

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: jkkheba - C:\WINDOWS\SYSTEM32\jkkheba.dll
    O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon
    0
  13. rudyrital Messages postés 6233 Statut Membre 131
     
    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci dessus, à partir de "clique sur le bouton Scan for Vundo".

    et reposte un log hijackthis ,
    @+
    0
  14. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    voilà, le vundofix

    VundoFix V6.3.21

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 00:34:52 10/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\fhkmp.bak1
    C:\WINDOWS\system32\fhkmp.bak2
    C:\WINDOWS\system32\fhkmp.ini
    C:\WINDOWS\system32\iiffgdb.dll
    C:\WINDOWS\system32\jkkheba.dll
    C:\WINDOWS\system32\pmkhf.dll
    C:\WINDOWS\system32\rmvlafrp.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\fhkmp.bak1
    C:\WINDOWS\system32\fhkmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhkmp.bak2
    C:\WINDOWS\system32\fhkmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhkmp.ini
    C:\WINDOWS\system32\fhkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iiffgdb.dll
    C:\WINDOWS\system32\iiffgdb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkheba.dll
    C:\WINDOWS\system32\jkkheba.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkhf.dll
    C:\WINDOWS\system32\pmkhf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    mais... spybot m'a indiquer que des valeurs de registres etaient modifiées, je pense avoir fait une bétise en cliquant a droite
    je vais recommencer ce truc là
    qu'en penses tu ?
    0
  15. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    bon voila j'ai recommencer mais je ne vois pas de changement

    VundoFix V6.3.21

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 00:34:52 10/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\fhkmp.bak1
    C:\WINDOWS\system32\fhkmp.bak2
    C:\WINDOWS\system32\fhkmp.ini
    C:\WINDOWS\system32\iiffgdb.dll
    C:\WINDOWS\system32\jkkheba.dll
    C:\WINDOWS\system32\pmkhf.dll
    C:\WINDOWS\system32\rmvlafrp.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\fhkmp.bak1
    C:\WINDOWS\system32\fhkmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhkmp.bak2
    C:\WINDOWS\system32\fhkmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhkmp.ini
    C:\WINDOWS\system32\fhkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iiffgdb.dll
    C:\WINDOWS\system32\iiffgdb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkheba.dll
    C:\WINDOWS\system32\jkkheba.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkhf.dll
    C:\WINDOWS\system32\pmkhf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.21

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 00:48:11 10/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\jkkheba.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jkkheba.dll
    C:\WINDOWS\system32\jkkheba.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    et the new hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 00:57:57, on 10/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Documents and Settings\proprietaire\ie_updater1.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\scan\scan.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll
    O2 - BHO: (no name) - {BB19F2A9-3F31-46DC-A9F7-05C3F45B8C92} - C:\WINDOWS\system32\pmkhf.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\mmcdflbx.dll",realset
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\proprietaire\ie_updater1.exe

    0
  16. rudyrital Messages postés 6233 Statut Membre 131
     
    un autre outil pour éradiquer vundo :
    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    Tu remets un log Hijackthis, on fera un peu de ménage après, histoire d'y voir plus clair.
    @+

    0
  17. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    ok pour le vbg.txt

    [05/10/2007, 23:51:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\proprietaire\Mes documents\logiciel\VirtumundoBeGone.exe" )
    [05/10/2007, 23:52:50] - Detected System Information:
    [05/10/2007, 23:52:50] - Windows Version: 5.1.2600, Service Pack 2
    [05/10/2007, 23:52:50] - Current Username: proprietaire (Admin)
    [05/10/2007, 23:52:50] - Windows is in NORMAL mode.
    [05/10/2007, 23:52:50] - Searching for Browser Helper Objects:
    [05/10/2007, 23:52:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/10/2007, 23:52:50] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/10/2007, 23:52:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/10/2007, 23:52:50] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/10/2007, 23:52:50] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/10/2007, 23:52:50] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/10/2007, 23:52:50] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/10/2007, 23:52:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/10/2007, 23:52:50] - No filename found. Continuing.
    [05/10/2007, 23:52:50] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [05/10/2007, 23:52:50] - BHO 6: {BB19F2A9-3F31-46DC-A9F7-05C3F45B8C92} ()
    [05/10/2007, 23:52:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/10/2007, 23:52:50] - Checking for HKLM\...\Winlogon\Notify\pmkhf
    [05/10/2007, 23:52:50] - Key not found: HKLM\...\Winlogon\Notify\pmkhf, continuing.
    [05/10/2007, 23:52:50] - Finished Searching Browser Helper Objects
    [05/10/2007, 23:52:50] - Finishing up...
    [05/10/2007, 23:52:50] - Nothing found! Exiting...

    je n'ai pas eu d'erreur fatale...

    hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 23:56:04, on 10/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\proprietaire\ie_updater1.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\scan\scan.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {BB19F2A9-3F31-46DC-A9F7-05C3F45B8C92} - C:\WINDOWS\system32\pmkhf.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\mmcdflbx.dll",realset
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\proprietaire\ie_updater1.exe

    voili voilou .... je te vois confiant

    0
  18. rudyrital Messages postés 6233 Statut Membre 131
     
    Salut,

    Prends connaissance du contenu le lien suivant:
    http://www.f-secure.com/products/license-terms/eult_fra.pdf
    Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger.
    Maintenant fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.bat
    Laisses-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2 sans notre avis/accord)
    Patientes jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuies sur une touche comme demandé, le blocnote va s'ouvrir.
    Copies-colles l'intégralité dans une réponse. Refermes le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    0
  19. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    au secours, je ne peux pas !!! c'est reservé aux clients orange
    0
  20. lauralee Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   5
     
    je crois que c'est le lien qui ne fonctionne pas
    0
  21. rudyrital Messages postés 6233 Statut Membre 131
     
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
    0
  • 1
  • 2