Smitfraudfix svp svp svp
alex67170
Messages postés
73
Statut
Membre
-
alex67170 Messages postés 73 Statut Membre -
alex67170 Messages postés 73 Statut Membre -
j arrive pas a m en defaire ca fait des jours que je cherche des info j ai essaye smitfraudfix et d autre truc et y a rien a faire!
meme smitfraud ne marche pas correctement!
y a t il une ame sensible capables de relever ce defi ????
meme smitfraud ne marche pas correctement!
y a t il une ame sensible capables de relever ce defi ????
23 réponses
en fait quand j suis sur internet j ai des pages de pub qui s ouvre pour des anti virus!
j ai envoyé spybot et il me trouve slmitfraud.c-toolbar888
et d autres j efface et smitfraud est toujours present!
j ai reussi a faire unrapport txt de smitfraudfix
j suis pas costaud en info et la j avous j suis totalement depassé!
merci de m aidre!
j ai envoyé spybot et il me trouve slmitfraud.c-toolbar888
et d autres j efface et smitfraud est toujours present!
j ai reussi a faire unrapport txt de smitfraudfix
j suis pas costaud en info et la j avous j suis totalement depassé!
merci de m aidre!
Re,
Tu vas télécharger SmitFraudFix :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Suis ces procédures:
Double-clique sur smitfraudfix.exe
Sélectionne 1 (MAIS SURTOUT PAS LE 2 JE TE DIRAIS QUAND TU POURRA LE FAIRE ) puis appuie "entrer" ensuite un rapport sera généré dans ce chemin :
C:\rapport.txt
Puis tu le colle dans ton prochain post
Remarque:
Process.exe est detecté par certains antivirus.
Ce n'est pas un virus, mais il peut arreter des logiciel de securité avec certaine manipulation.
C'est pour cela qu'il est detecté par les antivirus.
Tu vas télécharger SmitFraudFix :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Suis ces procédures:
Double-clique sur smitfraudfix.exe
Sélectionne 1 (MAIS SURTOUT PAS LE 2 JE TE DIRAIS QUAND TU POURRA LE FAIRE ) puis appuie "entrer" ensuite un rapport sera généré dans ce chemin :
C:\rapport.txt
Puis tu le colle dans ton prochain post
Remarque:
Process.exe est detecté par certains antivirus.
Ce n'est pas un virus, mais il peut arreter des logiciel de securité avec certaine manipulation.
C'est pour cela qu'il est detecté par les antivirus.
j ai deja fait sur ce que j ai lu d une discussion voici le rapport
SmitFraudFix v2.179
Rapport fait à 18:11:15,32, 10/05/2007
Executé à partir de C:\Documents and Settings\Administrateur.D1532\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\clcl7.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.D1532
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.D1532\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.D15\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetXtreme Gigabit Ethernet for hp - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.4.31.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{447C2EB0-A073-4705-851A-36225470D637}: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{447C2EB0-A073-4705-851A-36225470D637}: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{447C2EB0-A073-4705-851A-36225470D637}: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.4.31.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.179
Rapport fait à 18:11:15,32, 10/05/2007
Executé à partir de C:\Documents and Settings\Administrateur.D1532\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\clcl7.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.D1532
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.D1532\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.D15\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetXtreme Gigabit Ethernet for hp - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.4.31.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{447C2EB0-A073-4705-851A-36225470D637}: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{447C2EB0-A073-4705-851A-36225470D637}: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{447C2EB0-A073-4705-851A-36225470D637}: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.4.31.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.4.31.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
Redémarre en mode sans échec tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
Puis execute SmitFraudFix.exe et chosis l'option 2.
Redémarre normalement et poste le log.
----------------------------------------------------------------------------
Télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Renomme-le en Scanner.exe
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Redémarre en mode sans échec tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
Puis execute SmitFraudFix.exe et chosis l'option 2.
Redémarre normalement et poste le log.
----------------------------------------------------------------------------
Télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Renomme-le en Scanner.exe
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
en fait mon poste est en reseau et quand je redemarre es mode sans echec il ne reconnait pas mon mot de passe!
dois je redamarrer sans echec avec detection parametre reseau?
dois je redamarrer sans echec avec detection parametre reseau?
comment on redemare en Redémarre en mode sans échec tuto : http://forum.telecharger.01net.com/forum/ ????
j suis vraiment desolé j suis pas une star en info!!!
j sias pas coment j pourrai te remercier de t occuper de mi!
j suis vraiment desolé j suis pas une star en info!!!
j sias pas coment j pourrai te remercier de t occuper de mi!
Re,
Tu redémarre normalement ensuite quand le PC a affiché la marque à l'ecran par exemple "ACER" tu presse 1 fois par seconde la touche F8 puis tu choisi mode sans échec avec prise en charge résaux.
Tu redémarre normalement ensuite quand le PC a affiché la marque à l'ecran par exemple "ACER" tu presse 1 fois par seconde la touche F8 puis tu choisi mode sans échec avec prise en charge résaux.
j ai fait ce que tu m as dis mais quand je prend l option 2 l ordi m affiche une page windows " nettoyage du disque dur" la barre de progression reste bloque ! j ai ferme cette page et mis l option o pour nettoyer et immediatement apres l ordi s est areté!
c est grave docteur?
j te dis j comprend rien!
c est grave docteur?
j te dis j comprend rien!
Logfile of HijackThis v1.99.1
Scan saved at 18:56:26, on 10/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\clcl7.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Administrateur.D1532\Bureau\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {70267148-73F5-4B73-BE69-51C93D0F9C0A} - C:\WINDOWS\System32\mljgf.dll (file missing)
O2 - BHO: (no name) - {EE58C9CB-5791-4128-9EF7-29B31E113680} - C:\WINDOWS\System32\iaenodhm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [clcl7] C:\WINDOWS\System32\clcl7.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\ahocwgye.dll",realset
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\kefswswt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [A00F9F7A2.exe] C:\DOCUME~1\ADMINI~1.D15\LOCALS~1\Temp\_A00F9F7A2.exe
O4 - HKCU\..\Run: [A00F9FB7B.exe] C:\DOCUME~1\ADMINI~1.D15\LOCALS~1\Temp\_A00F9FB7B.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
O20 - Winlogon Notify: __c0059BDE - C:\WINDOWS\System32\__c0059BDE.dat
O20 - Winlogon Notify: __c00C238C - C:\WINDOWS\System32\__c00C238C.dat
O20 - Winlogon Notify: __c00D60B0 - C:\WINDOWS\System32\__c00D60B0.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Scan saved at 18:56:26, on 10/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\clcl7.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Administrateur.D1532\Bureau\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {70267148-73F5-4B73-BE69-51C93D0F9C0A} - C:\WINDOWS\System32\mljgf.dll (file missing)
O2 - BHO: (no name) - {EE58C9CB-5791-4128-9EF7-29B31E113680} - C:\WINDOWS\System32\iaenodhm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [clcl7] C:\WINDOWS\System32\clcl7.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\ahocwgye.dll",realset
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\kefswswt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [A00F9F7A2.exe] C:\DOCUME~1\ADMINI~1.D15\LOCALS~1\Temp\_A00F9F7A2.exe
O4 - HKCU\..\Run: [A00F9FB7B.exe] C:\DOCUME~1\ADMINI~1.D15\LOCALS~1\Temp\_A00F9FB7B.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
O20 - Winlogon Notify: __c0059BDE - C:\WINDOWS\System32\__c0059BDE.dat
O20 - Winlogon Notify: __c00C238C - C:\WINDOWS\System32\__c00C238C.dat
O20 - Winlogon Notify: __c00D60B0 - C:\WINDOWS\System32\__c00D60B0.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
j dois quitter ! excuse moi j espere qu on pourra continuer cette desinfection demain!
j serai connecté a partir de 11 heures!
encore merci pour ta patience!
j serai connecté a partir de 11 heures!
encore merci pour ta patience!
Re,
Tu es Multi-Infecté.
Ouvre Hijackthis et clique sur "Do a system scan only" et coche ces lignes :
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: (no name) - {70267148-73F5-4B73-BE69-51C93D0F9C0A} - C:\WINDOWS\System32\mljgf.dll (file missing)
O2 - BHO: (no name) - {EE58C9CB-5791-4128-9EF7-29B31E113680} - C:\WINDOWS\System32\iaenodhm.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll (file missing)
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\ahocwgye.dll",realset
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\kefswswt.dll",setvm
O4 - HKCU\..\Run: [A00F9F7A2.exe] C:\DOCUME~1\ADMINI~1.D15\LOCALS~1\Temp\_A00F9F7A2.exe
O4 - HKCU\..\Run: [A00F9FB7B.exe] C:\DOCUME~1\ADMINI~1.D15\LOCALS~1\Temp\_A00F9FB7B.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
O20 - Winlogon Notify: __c0059BDE - C:\WINDOWS\System32\__c0059BDE.dat
O20 - Winlogon Notify: __c00C238C - C:\WINDOWS\System32\__c00C238C.dat
O20 - Winlogon Notify: __c00D60B0 - C:\WINDOWS\System32\__c00D60B0.dat
Puis quand tu as coché toutes ces lignes, clique sur "Fix Checked"
----------------------------------------------------------------------------
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
----------------------------------------------------------------------------
Rends toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur parcourir et cherche ce fichier :
C:\WINDOWS\System32\clcl7.exe
Clique sur send.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
PUIS REPOST EGALEMENT UN LOG HIJACKTHIS.
Tu es Multi-Infecté.
Ouvre Hijackthis et clique sur "Do a system scan only" et coche ces lignes :
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: (no name) - {70267148-73F5-4B73-BE69-51C93D0F9C0A} - C:\WINDOWS\System32\mljgf.dll (file missing)
O2 - BHO: (no name) - {EE58C9CB-5791-4128-9EF7-29B31E113680} - C:\WINDOWS\System32\iaenodhm.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll (file missing)
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\ahocwgye.dll",realset
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\kefswswt.dll",setvm
O4 - HKCU\..\Run: [A00F9F7A2.exe] C:\DOCUME~1\ADMINI~1.D15\LOCALS~1\Temp\_A00F9F7A2.exe
O4 - HKCU\..\Run: [A00F9FB7B.exe] C:\DOCUME~1\ADMINI~1.D15\LOCALS~1\Temp\_A00F9FB7B.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
O20 - Winlogon Notify: __c0059BDE - C:\WINDOWS\System32\__c0059BDE.dat
O20 - Winlogon Notify: __c00C238C - C:\WINDOWS\System32\__c00C238C.dat
O20 - Winlogon Notify: __c00D60B0 - C:\WINDOWS\System32\__c00D60B0.dat
Puis quand tu as coché toutes ces lignes, clique sur "Fix Checked"
----------------------------------------------------------------------------
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
----------------------------------------------------------------------------
Rends toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur parcourir et cherche ce fichier :
C:\WINDOWS\System32\clcl7.exe
Clique sur send.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
PUIS REPOST EGALEMENT UN LOG HIJACKTHIS.
rapport virustotal:
VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.
Select file : DistributeSSL
Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.
STATUS: FINISHEDComplete scanning result of "clcl7.exe", received in VirusTotal at 05.11.2007, 17:11:06 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.11.2007 no virus found
AntiVir 7.4.0.15 05.11.2007 TR/Dldr.Agent.ES.7
Authentium 4.93.8 05.10.2007 no virus found
Avast 4.7.997.0 05.11.2007 Win32:Agent-GMZ
AVG 7.5.0.467 05.10.2007 no virus found
BitDefender 7.2 05.11.2007 Trojan.Clicker.CW
CAT-QuickHeal 9.00 05.11.2007 TrojanDownloader.Agent.es
ClamAV devel-20070416 05.11.2007 no virus found
DrWeb 4.33 05.11.2007 no virus found
eSafe 7.0.15.0 05.10.2007 Win32.Agent.es
eTrust-Vet 30.7.3627 05.11.2007 no virus found
Ewido 4.0 05.11.2007 Downloader.Agent.es
FileAdvisor 1 05.11.2007 No threat detected
Fortinet 2.85.0.0 05.11.2007 W32/Agent.ES!tr.dldr
F-Prot 4.3.2.48 05.11.2007 W32/Downloader2.DMS
F-Secure 6.70.13030.0 05.11.2007 Trojan-Downloader.Win32.Agent.es
Ikarus T3.1.1.7 05.11.2007 Backdoor.Win32.Prorat.10.a
Kaspersky 4.0.2.24 05.11.2007 Trojan-Downloader.Win32.Agent.es
McAfee 5028 05.10.2007 no virus found
Microsoft 1.2503 05.11.2007 no virus found
NOD32v2 2259 05.11.2007 no virus found
Norman 5.80.02 05.11.2007 no virus found
Panda 9.0.0.4 05.10.2007 no virus found
Prevx1 V2 05.11.2007 Covert.Sys.Exec
Sophos 4.17.0 05.11.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.11.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.10.2007 no virus found
VirusBuster 4.3.7:9 05.11.2007 no virus found
Webwasher-Gateway 6.0.1 05.11.2007 Trojan.Dldr.Agent.ES.7
Aditional Information
File size: 203264 bytes
MD5: e69d4f0d3ad3a02749ac6712b97021f3
SHA1: 54ac9c422bedb6ef0e19673b04c052808d94d5e7
packers: ASPACK
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e69d4f0d3ad3a02749ac6712b97021f3
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=928791777069
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Ir a: Inicio Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com
VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.
Select file : DistributeSSL
Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.
STATUS: FINISHEDComplete scanning result of "clcl7.exe", received in VirusTotal at 05.11.2007, 17:11:06 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.11.2007 no virus found
AntiVir 7.4.0.15 05.11.2007 TR/Dldr.Agent.ES.7
Authentium 4.93.8 05.10.2007 no virus found
Avast 4.7.997.0 05.11.2007 Win32:Agent-GMZ
AVG 7.5.0.467 05.10.2007 no virus found
BitDefender 7.2 05.11.2007 Trojan.Clicker.CW
CAT-QuickHeal 9.00 05.11.2007 TrojanDownloader.Agent.es
ClamAV devel-20070416 05.11.2007 no virus found
DrWeb 4.33 05.11.2007 no virus found
eSafe 7.0.15.0 05.10.2007 Win32.Agent.es
eTrust-Vet 30.7.3627 05.11.2007 no virus found
Ewido 4.0 05.11.2007 Downloader.Agent.es
FileAdvisor 1 05.11.2007 No threat detected
Fortinet 2.85.0.0 05.11.2007 W32/Agent.ES!tr.dldr
F-Prot 4.3.2.48 05.11.2007 W32/Downloader2.DMS
F-Secure 6.70.13030.0 05.11.2007 Trojan-Downloader.Win32.Agent.es
Ikarus T3.1.1.7 05.11.2007 Backdoor.Win32.Prorat.10.a
Kaspersky 4.0.2.24 05.11.2007 Trojan-Downloader.Win32.Agent.es
McAfee 5028 05.10.2007 no virus found
Microsoft 1.2503 05.11.2007 no virus found
NOD32v2 2259 05.11.2007 no virus found
Norman 5.80.02 05.11.2007 no virus found
Panda 9.0.0.4 05.10.2007 no virus found
Prevx1 V2 05.11.2007 Covert.Sys.Exec
Sophos 4.17.0 05.11.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.11.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.10.2007 no virus found
VirusBuster 4.3.7:9 05.11.2007 no virus found
Webwasher-Gateway 6.0.1 05.11.2007 Trojan.Dldr.Agent.ES.7
Aditional Information
File size: 203264 bytes
MD5: e69d4f0d3ad3a02749ac6712b97021f3
SHA1: 54ac9c422bedb6ef0e19673b04c052808d94d5e7
packers: ASPACK
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e69d4f0d3ad3a02749ac6712b97021f3
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=928791777069
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Ir a: Inicio Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com
rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:21:59, on 11/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\clcl7.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Administrateur.D1532\Bureau\scanner.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [clcl7] C:\WINDOWS\System32\clcl7.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:21:59, on 11/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\clcl7.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Administrateur.D1532\Bureau\scanner.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [clcl7] C:\WINDOWS\System32\clcl7.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
j sais pas comment te remercier pour ce que tu fais!
vraiment merci de m aider!
si tu viens un jour en alsace tu sera mon hote!
vraiment merci de m aider!
si tu viens un jour en alsace tu sera mon hote!
Re,
Télécharge Killbox : http://www.downloads.subratam.org/KillBox.zip
Décompresse-le dans un dossier dédie !
Un dossier KillBox.exe va appraitre, double-clique dessus un encadré blanc va appraitre entre ce fichier :
C:\WINDOWS\System32\clcl7.exe
Puis ensuite clique sur la petite croix blanche dans un rond rouge.
Il vont te poser une question disant : Files will be Removed on Reboot, Do you want to reboot now ?"
(Les fichiers seront supprimés au redémarrage. Souhaitez redémarrer maintenant ?)
Dans ce cas clique sur "oui"
Puis repost un log Hijackthis.
Télécharge Killbox : http://www.downloads.subratam.org/KillBox.zip
Décompresse-le dans un dossier dédie !
Un dossier KillBox.exe va appraitre, double-clique dessus un encadré blanc va appraitre entre ce fichier :
C:\WINDOWS\System32\clcl7.exe
Puis ensuite clique sur la petite croix blanche dans un rond rouge.
Il vont te poser une question disant : Files will be Removed on Reboot, Do you want to reboot now ?"
(Les fichiers seront supprimés au redémarrage. Souhaitez redémarrer maintenant ?)
Dans ce cas clique sur "oui"
Puis repost un log Hijackthis.
voici le rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at 10:15:41, on 12/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur.D1532\Bureau\scanner.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [clcl7] C:\WINDOWS\System32\clcl7.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:15:41, on 12/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur.D1532\Bureau\scanner.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [clcl7] C:\WINDOWS\System32\clcl7.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ed78a2126f334d3488466e281e53ec9a
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\trqgwjrfb.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Re,
Ouvre Killbox et entre ce fichier :
c:\windows\system32\trqgwjrfb.dll
Puis assure toi bien d'avoir coché la case "UNREGISTRER .DLL BEFORE DELETING"
Puis clique sur la croix rouge.
----------------------------------------------------------------------------
Ensuite ouvre Hijackthis et clique sur "Do a system scan only" et coche ces lignes :
O4 - HKLM\..\Run: [clcl7] C:\WINDOWS\System32\clcl7.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
PUIS QUAND TU AS COCHE CES LIGNES, CLIQUE SUR "FIX CHECKED"
----------------------------------------------------------------------------
Ensuite repost un log Hijackthis.
Ouvre Killbox et entre ce fichier :
c:\windows\system32\trqgwjrfb.dll
Puis assure toi bien d'avoir coché la case "UNREGISTRER .DLL BEFORE DELETING"
Puis clique sur la croix rouge.
----------------------------------------------------------------------------
Ensuite ouvre Hijackthis et clique sur "Do a system scan only" et coche ces lignes :
O4 - HKLM\..\Run: [clcl7] C:\WINDOWS\System32\clcl7.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\Software\..\Telephony: DomainName = d1532.mag
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = d1532.mag
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = d1532.mag
O20 - Winlogon Notify: __c0042FF4 - C:\WINDOWS\System32\__c0042FF4.dat
PUIS QUAND TU AS COCHE CES LIGNES, CLIQUE SUR "FIX CHECKED"
----------------------------------------------------------------------------
Ensuite repost un log Hijackthis.
