Interprétation hijackthis

liliotte78 -  
did71 Messages postés 2187 Statut Contributeur sécurité -
aidez moi à interprétez !!!
je dois avoir un cheval de Troie dans mon ordi...
merci d'avance

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:21:36, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cqhbwsjo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\liliotte\Local Settings\Temporary Internet Files\Content.IE5\ZZKYM19X\HiJackThis_v2[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\boqsuami.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\qommkjk.dll
O2 - BHO: (no name) - {F48CD8E7-89BC-4120-B031-D8BB2B0D8ED4} - C:\WINDOWS\system32\ddcyw.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ktjxyutf.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll
O20 - Winlogon Notify: qommkjk - C:\WINDOWS\SYSTEM32\qommkjk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\cqhbwsjo.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Configuration: Windows XP
Internet Explorer 6.0

22 réponses

  • 1
  • 2
  1. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    * Télécharge VundoFix.exe (par Atribune) sur ton Bureau:

    http://www.atribune.org/public-beta/VundoFix.exe

    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    a+
    0
  2. liliotte 78
     
    Merci de votre aide
    j'ai fait tout ce que vous m'avez dit de faire...

    RAPPORT VUNDOFIX

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 12:13:19 27/06/2007

    Listing files found while scanning....

    C:\windows\system32\boqsuami.dll
    C:\WINDOWS\system32\ddcyw.dll
    C:\WINDOWS\system32\ftuyxjtk.ini
    C:\WINDOWS\system32\ktjxyutf.dll
    C:\WINDOWS\system32\wycdd.bak1
    C:\WINDOWS\system32\wycdd.bak2
    C:\WINDOWS\system32\wycdd.ini

    Beginning removal...

    Attempting to delete C:\windows\system32\boqsuami.dll
    C:\windows\system32\boqsuami.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcyw.dll
    C:\WINDOWS\system32\ddcyw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ftuyxjtk.ini
    C:\WINDOWS\system32\ftuyxjtk.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ktjxyutf.dll
    C:\WINDOWS\system32\ktjxyutf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wycdd.bak1
    C:\WINDOWS\system32\wycdd.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wycdd.bak2
    C:\WINDOWS\system32\wycdd.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wycdd.ini
    C:\WINDOWS\system32\wycdd.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    RAPPORT HIJACKTHIS

    Logfile of HijackThis v1.99.1
    Scan saved at 12:39:48, on 27/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cqhbwsjo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\4HYN45U3\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A05E13AB-F0EE-4C39-9B5B-D811BB8DD1B0} - C:\WINDOWS\system32\ddcyw.dll (file missing)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\qommkjk.dll
    O2 - BHO: (no name) - {EB6D3A80-76C0-492D-A697-C29D14DE1FAD} - C:\WINDOWS\system32\ddccc.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ddccc - C:\WINDOWS\system32\ddccc.dll
    O20 - Winlogon Notify: qommkjk - C:\WINDOWS\SYSTEM32\qommkjk.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: DomainService - - C:\WINDOWS\system32\cqhbwsjo.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  3. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir,

    * Relance Vundofix
    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\system32\qommkjk.dll
    C:\WINDOWS\system32\ddccc.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

    a+
    0
  4. liliotte78
     
    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 12:13:19 27/06/2007

    Listing files found while scanning....

    C:\windows\system32\boqsuami.dll
    C:\WINDOWS\system32\ddcyw.dll
    C:\WINDOWS\system32\ftuyxjtk.ini
    C:\WINDOWS\system32\ktjxyutf.dll
    C:\WINDOWS\system32\wycdd.bak1
    C:\WINDOWS\system32\wycdd.bak2
    C:\WINDOWS\system32\wycdd.ini

    Beginning removal...

    Attempting to delete C:\windows\system32\boqsuami.dll
    C:\windows\system32\boqsuami.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcyw.dll
    C:\WINDOWS\system32\ddcyw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ftuyxjtk.ini
    C:\WINDOWS\system32\ftuyxjtk.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ktjxyutf.dll
    C:\WINDOWS\system32\ktjxyutf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wycdd.bak1
    C:\WINDOWS\system32\wycdd.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wycdd.bak2
    C:\WINDOWS\system32\wycdd.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wycdd.ini
    C:\WINDOWS\system32\wycdd.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ddccc.dll
    C:\WINDOWS\system32\ddccc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qommkjk.dll
    C:\WINDOWS\system32\qommkjk.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    ______________________________________________________

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:40:23, on 01/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cqhbwsjo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\Documents and Settings\liliotte\Local Settings\Temporary Internet Files\Content.IE5\OHQNSTQR\HiJackThis_v2[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E10C0C0-BEED-4450-8999-AA6E5E83A4A2} - C:\WINDOWS\system32\ddccc.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A05E13AB-F0EE-4C39-9B5B-D811BB8DD1B0} - C:\WINDOWS\system32\ddcyw.dll (file missing)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\cqhbwsjo.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir, rends toi ici:

    http://www.virustotal.com/flash/index_en.html

    et fais analyser:

    C:\WINDOWS\system32\cqhbwsjo.exe

    poste le rapport virus total ensuite!

    a+
    0
  7. liliotte78
     
    Voilà...

    Antivirus Version Update Result

    AhnLab-V3 2007.7.2.0 07.03.2007 Win-Trojan/Xema.variant
    AntiVir 7.4.0.37 07.03.2007 TR/Agent.aoy.1
    Authentium 4.93.8 07.03.2007 W32/Backdoor.ATQK
    Avast 4.7.997.0 07.02.2007 no virus found
    AVG 7.5.0.476 07.02.2007 Generic5.CF
    BitDefender 7.2 07.03.2007 Trojan.Fotomoto.A
    CAT-QuickHeal 9.00 07.02.2007 Trojan.Agent.aoy
    ClamAV devel-20070416 07.03.2007 Trojan.Agent-4880
    DrWeb 4.33 07.03.2007 Trojan.EzulaAd
    eSafe 7.0.15.0 07.03.2007 no virus found
    eTrust-Vet 30.8.3760 07.03.2007 Win32/Abetear.A
    Ewido 4.0 07.03.2007 Trojan.Agent.aoy
    FileAdvisor 1 07.03.2007 no virus found
    Fortinet 2.91.0.0 07.03.2007 no virus found
    F-Prot 4.3.2.48 07.02.2007 W32/Backdoor.ATQK
    F-Secure 6.70.13030.0 07.03.2007 Trojan.Win32.Agent.aoy
    Ikarus T3.1.1.8 07.03.2007 Trojan.Win32.Agent.aoy
    Kaspersky 4.0.2.24 07.03.2007 Trojan.Win32.Agent.aoy
    McAfee 5065 07.02.2007 AdClicker-FK
    Microsoft 1.2701 07.02.2007 Trojan:Win32/Fotomoto.A
    NOD32v2 2373 07.03.2007 Win32/Adware.Ezula
    Norman 5.80.02 07.03.2007 W32/Agent.BSOF
    Panda 9.0.0.4 07.02.2007 Trj/Downloader.OZB
    Sophos 4.19.0 06.28.2007 no virus found
    Sunbelt 2.2.907.0 07.02.2007 no virus found
    Symantec 10 07.03.2007 Trojan.Vundo
    TheHacker 6.1.6.141 07.02.2007 Trojan/Agent.aoy
    VBA32 3.12.0.2 07.02.2007 Trojan.Win32.Agent.aoy
    VirusBuster 4.3.23:9 07.02.2007 no virus found
    Webwasher-Gateway 6.0.1 07.03.2007 Trojan.Agent.aoy.1

    Aditional Information
    File size: 122944 bytes
    MD5: 3c4fd5f3441c5a0aca943f3802c35524
    SHA1: a0f8d56e47355dd3f4625852bba068a19d07fca7
    0
  8. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    1) vas dans menu démarrer> exécuter> tu écris services.msc> dans la fenêtre qui s'ouvre, tu recherches DomainService> tu doubles clic dessus et dans "types de démarrage", tu sélectionnes "désactivé"

    2) Télécharge OTMoveIt (de Old_Timer) sur ton Bureau:

    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en gars ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\WINDOWS\System32\cqhbwsjo.exe


    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.
    si c'est le cas accepte par Yes.

    poste un nouvel hijackhis!

    a+
    0
  9. liliotte78
     
    Voila

    C:\WINDOWS\System32\cqhbwsjo.exe moved successfully.

    Created on 07/05/2007 13:42:02

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 13:44:56, on 05/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\liliotte\Local Settings\Temporary Internet Files\Content.IE5\O6PKZD1F\HiJackThis_v2[1].exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E10C0C0-BEED-4450-8999-AA6E5E83A4A2} - C:\WINDOWS\system32\ddccc.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A05E13AB-F0EE-4C39-9B5B-D811BB8DD1B0} - C:\WINDOWS\system32\ddcyw.dll (file missing)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    0
  10. liliotte78
     
    Scan Info

    Scanned Files
    170566

    Infected Files
    16

    Virus Detected

    Adware.Virtumonde.GFH
    2

    Trojan.Downloader.JISG
    1

    DeepScan:Generic.Virtumonde1.ge.3EAA441B
    2

    Trojan.Agent.AAJJ
    1

    DeepScan:Generic.Virtumonde1.ge.A09C36F7
    1

    DeepScan:Generic.Virtumonde1.ge.F6BA1781
    2

    Trojan.Juan.H
    1

    Trojan.JuanSearch.A
    2

    Trojan.Hacktool.Ibounce.A
    1

    Trojan.Fotomoto.A
    3

    Scanned File
    Status

    C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\4HYN45U3\CAXCW7XD
    Infected with: DeepScan:Generic.Virtumonde1.ge.A09C36F7

    C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\4HYN45U3\CAXCW7XD
    Disinfection failed

    C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\4HYN45U3\CAXCW7XD
    Deleted

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP193\A0029775.exe=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Agent.AAJJ

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP193\A0029775.exe=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP193\A0029775.exe=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP193\A0029775.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP193\A0029775.exe=>(NSIS o)=>zlib_nsis0002
    Infected with: Trojan.Downloader.JISG

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP193\A0029775.exe=>(NSIS o)=>zlib_nsis0002
    Disinfection failed

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP193\A0029775.exe=>(NSIS o)=>zlib_nsis0002
    Deleted

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP193\A0029775.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP194\A0030975.dll
    Infected with: Trojan.JuanSearch.A

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP194\A0030975.dll
    Disinfection failed

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP194\A0030975.dll
    Deleted

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP194\A0030976.dll
    Infected with: DeepScan:Generic.Virtumonde1.ge.F6BA1781

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP194\A0030976.dll
    Disinfection failed

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP194\A0030976.dll
    Deleted

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP195\A0033127.dll
    Infected with: DeepScan:Generic.Virtumonde1.ge.3EAA441B

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP195\A0033127.dll
    Disinfection failed

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP195\A0033127.dll
    Deleted

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP195\A0033128.dll
    Detected with: Adware.Virtumonde.GFH

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP195\A0033128.dll
    Disinfection failed

    C:\System Volume Information\_restore{B7C32271-09D7-4089-8EB6-4D83AC2F5F60}\RP195\A0033128.dll
    Deleted

    C:\VundoFix Backups\boqsuami.dll.bad
    Infected with: Trojan.JuanSearch.A

    C:\VundoFix Backups\boqsuami.dll.bad
    Disinfection failed

    C:\VundoFix Backups\boqsuami.dll.bad
    Deleted

    C:\VundoFix Backups\ddccc.dll.bad
    Infected with: DeepScan:Generic.Virtumonde1.ge.3EAA441B

    C:\VundoFix Backups\ddccc.dll.bad
    Disinfection failed

    C:\VundoFix Backups\ddccc.dll.bad
    Deleted

    C:\VundoFix Backups\ddcyw.dll.bad
    Infected with: DeepScan:Generic.Virtumonde1.ge.F6BA1781

    C:\VundoFix Backups\ddcyw.dll.bad
    Disinfection failed

    C:\VundoFix Backups\ddcyw.dll.bad
    Deleted

    C:\VundoFix Backups\qommkjk.dll.bad
    Detected with: Adware.Virtumonde.GFH

    C:\VundoFix Backups\qommkjk.dll.bad
    Disinfection failed

    C:\VundoFix Backups\qommkjk.dll.bad
    Deleted

    C:\WINDOWS\system32\qcyphxmi.exe
    Infected with: Trojan.Fotomoto.A

    C:\WINDOWS\system32\qcyphxmi.exe
    Disinfection failed

    C:\WINDOWS\system32\qcyphxmi.exe
    Deleted

    C:\WINDOWS\system32\service.exe
    Infected with: Trojan.Hacktool.Ibounce.A

    C:\WINDOWS\system32\service.exe
    Disinfection failed

    C:\WINDOWS\system32\service.exe
    Deleted

    C:\WINDOWS\system32\tbjondac.dll
    Infected with: Trojan.Juan.H

    C:\WINDOWS\system32\tbjondac.dll
    Disinfection failed

    C:\WINDOWS\system32\tbjondac.dll
    Deleted

    C:\WINDOWS\system32\wismyhvg.exe
    Infected with: Trojan.Fotomoto.A

    C:\WINDOWS\system32\wismyhvg.exe
    Disinfection failed

    C:\WINDOWS\system32\wismyhvg.exe
    Deleted

    C:\_OTMoveIt\MovedFiles\WINDOWS\System32\cqhbwsjo.exe
    Infected with: Trojan.Fotomoto.A

    C:\_OTMoveIt\MovedFiles\WINDOWS\System32\cqhbwsjo.exe
    Disinfection failed

    C:\_OTMoveIt\MovedFiles\WINDOWS\System32\cqhbwsjo.exe
    Deleted
    0
  11. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    apparemment bitdefender a bien bossé mais on va s'en assurer!

    1) désactive la restauration système, info ici:

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

    2) Télécharge ATF-Cleaner (par Atribune) de ce lien :

    http://www.atribune.org/ccount/click.php?id=1

    sauvegarde-le sur ton Bureau.

    redémarre en mode sans échec!

    Double-clique ATF-Cleaner.exe qui est sur le Bureau, afin de lancer le programme.
    Sous l'onglet Main, choisis : Select All
    Clique sur le bouton Empty Selected. Clique Ok, puis Exit

    3) redémarre normalement!

    Télécharge OTMoveIt (de Old_Timer) sur ton Bureau (si tu l'a supprimé, sinon ne le retélécharge pas):

    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en gars ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\WINDOWS\system32\qcyphxmi.exe
    C:\WINDOWS\system32\service.exe
    C:\WINDOWS\system32\tbjondac.dll
    C:\WINDOWS\system32\wismyhvg.exe


    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.
    si c'est le cas accepte par Yes.

    4) repasse bitdefender et poste le rapport!

    a+
    0
  12. liliotte78
     
    j'ai plus qu'un problème !! quand je redémarre mon ordi en mode sans échec, ya un écran noir avec un tiret en haut a gauche qui clignote ! sa fait au moins une demin heure et je sais pas comment on fiat !! aidez moi svp

    ps:je suis actuellement sur un autre ordi
    0
  13. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    et en mode normal, ça donne quoi?

    le pc démarre normalement?

    a+
    0
  14. liliotte78
     
    non pas du tout ca donne la meme chose !
    enfait quand j'ai voulu redémarrer mon ordi en mode sans echec sa m'a laissé l'écran noir avec le tiret pendant plus d'une demi heure et donc j'ai du l'étteindre par le bouton derrière la centrale.en voulant le rallumer,windows m'a dit que je l'avais mal etteint donc j'ai essayé redémarrer normalement et sa fait 2 jours que j'essaye mais ca marche toujours pas ! je les laissé une demi journée allumé et l'écran n'a pas bougé...
    Voila
    essayez de régler mon problème parce que c'est un pc familial...
    merci de votre aide
    0
    1. mamy13
       
      bonjour je ne sais pas si tu as le meme probleme que moi mais au demarrage jai une page noire avec plein d'inscriptions blanches qui défilent et parfois j'ai un tiret blanc qui bloque alors on m'a dit d'APPUYER sur F1 et ça marche - bonne chance
      0
  15. choupinette7_8
     
    non ca marche pas ^^
    désolé
    mais oui j'ai des inscriptions blanches qui me disent si je veux redémarrer windows normalement,en mode sans échec ou autre mais avant sa me le fesait quand j'éteignait mal mon pc mais le pc se remettait en route normalement mais là il fait un blocage
    0
  16. liliotte78
     
    aidez moi !!
    je ne sais plus quoi faire...
    0
  17. liliotte78
     
    quelqu'un peut m'aider ?
    On m'a dit que sa pouvait venir de mon disque dur qui n'était plus reconnu par mon pc et dans ces cas là,que faire ?
    je ne peux pas me permettre de perdre 3ans d'archive de photos,documents importants et autres...
    merci de votre aide
    0
  18. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    as tu le cd de XP?

    a+
    0
  19. liliotte78
     
    oui mais c'est un cd gravé et il se met pas en route quand je le met dans mon lecteur
    0
  • 1
  • 2