Trojan

SARA -  
 Miss-Net -
Bonjour tout le monde,

J'ai également attrapé cet horrible trojan qui m'empêche de bosser correctement sur ce pc!

Quelqu'un pourrait-il m'expliquer les étapes à suivre pour débarasser au plus vite car le pc n'avance plus et bloque, bref pas terrible pour travailler dessus!

Je ne suis pas hyper doué en virus il serait donc sympa de me parler comme une "imbécile" histoire que je puisse tout comprendre d'un coup pour réutiliser mon pc au plus vite...

Merci à tous, j'espère que quelqu'un pourra me venir en aide!

Bonne journée à tous
Configuration: Windows XP
Internet Explorer 6.0

46 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

L'infection par un cheval de Troie sur Windows XP est au cœur des échanges, et la problématique porte sur le débarassage rapide et fiable du système.
Plusieurs intervenants proposent des outils et étapes, notamment HijackThis, OTMoveIt ou VundoFix, avec des procédures pour déplacer, supprimer des fichiers et réparer le registre.
En pratique, les conseils insistent sur le démarrage en mode sans échec, la génération de rapports et le redémarrage pour vérifier la suppression des composants malveillants.
D'autres propositions évoquent des outils comme VirtumondoBegone et préconisent la sauvegarde des résultats pour éventuellement envisager un formatage, lorsque les infections persistent.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Salut,

    Commence par faire un log HjT :

    Colle un Log hijackthis :

    télécharge HijackThis ici :
    http://telechargement.zebulon.fr/138-hijackthis-1991.html

    Dézippe le dans un dossier
    Par exemple C:\hijackthis < Enregistre le bien dans c:\

    Lance le puis:
    clique sur "do a system scan and save logfile"
    faire un copier coller du log et le poster sur le forum

    Tuto ici: http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

    _____________________________________________________

    Bye
    0
  2. SARA
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:49:25, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\MMKeybd.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Documents and Settings\Petit Loulou\Desktop\HijackThis.exe

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Post-me] C:\Program Files\Post-me\post-me.exe
    O4 - HKLM\..\Run: [4c8fe065] rundll32.exe "C:\WINDOWS\system32\nnwlnhqs.dll",b
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://centraus2.englishtown.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {10A27AB5-0AFE-4769-9B86-3FC44CD47B54} - http://lms.mediapluspro.net/mediaplus6/Download/ENILSTools.CAB
    O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://lms.mediapluspro.net/mediaplus6/Download/HtmlHelpViewer.CAB
    O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://lms.mediapluspro.net/mediaplus6/Download/tsccinst.cab
    O16 - DPF: {BE937B67-5A69-11D5-956E-0040339BF4B0} - http://lms.mediapluspro.net/mediaplus6/Download/ENILS1.CAB
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  3. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Re,

    Ta version d'Internet Explorer n'est plus à jour :

    met à jour Internet Explorer 7.0:
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    _____________________________________________________

    Ensuite replace HijackThis.exe à la racine de C:\
    exemple ---> C:\HijackThis\HijackThis.exe

    _____________________________________________________

    Puis :

    Clean.zip

    Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip

    Une fois sur le bureau, tu fais un clic droit sur ton fichier clean.zip et dans le menu déroulant, tu clics sur extrait tout ou extraire ici.
    Cela va créer un dossier clean.
    Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
    Double-clic sur clean. Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
    Clean va travailler. (ça peut etre un peu long)
    Un rapport va etre généré, colle le contenu entier ici.
    « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

    _____________________________________________________

    SDFix :

    Télécharger sur le bureau :
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    = Double-clic SDFix.
    = Clic Install

    = Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes).
    Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

    Pour démarrer en mode sans échec :

    1/ -Démarrez Windows, ou s’il s’exécute, fermez Windows puis éteignez l'ordinateur.
    2/ -Redémarrez l’ordinateur.
    3/ -Au début du chargement du BIOS (mais pas trop tôt), commencez à appuyer sur la touche F8 de votre clavier plusieurs fois de suite. Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaissent.
    4/ -En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.

    Une fois sous windows :

    ------
    = Double-clic SDFix.
    = Clic Install
    = Double-clic sur le nouveau dossier SDFix qui est dans C:\
    = Double-clic RunThis
    = Presser Y
    = A l’invitation ==> appuyer sur une touche pour redémarrer
    = Redémarrage ( qui sera plus long ,car nettoyage en cours )
    Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
    = apparition de Finished
    = Appuyer sur une touche
    = Dans SDFix , un rapport est généré, Report.txt
    = Copier/Coller sur le forum.

    _____________________________________________________

    Post Bien TOUS les rapports.

    ++
    0
  4. SARA
     
    ven. 15/02/2008 a 20:02:05,63

    *** Recherche C:

    *** Recherche C:\WINDOWS\

    *** Recherche C:\WINDOWS\system32
    "C:\WINDOWS\Downloaded Program Files\*_*_*NetInstaller.exe" FOUND
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

    *** Recherche C:\Program Files


    rapport clean, l autre arrive
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Ok trés bien, j'attend :)
    0
  7. SARA
     
    SDFix: Version 1.142

    Run by Petit Loulou on ven. 15/02/2008 at 20:28

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\Downloaded Program Files\UGA6PV_0001_N122M2910NetInstaller.exe - Deleted
    C:\WINDOWS\system32\pac.txt - Deleted

    Removing Temp Files...

    ADS Check:

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-15 20:52:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:0000004b
    "TracesSuccessful"=dword:0000000b

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\UpgradeWizard\\upgradeST.exe"="D:\\UpgradeWizard\\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard"
    "D:\\SetupWizard\\stInstall.exe"="D:\\SetupWizard\\stInstall.exe:*:Enabled:Assistant d'installation domotique de SpeedTouch"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\eMule\\MUMULE RECHERCHE\\emule.exe"="C:\\Program Files\\eMule\\MUMULE RECHERCHE\\emule.exe:*:Disabled:eMule"
    "C:\\Program Files\\eMule\\emulerecherche\\emule.exe"="C:\\Program Files\\eMule\\emulerecherche\\emule.exe:*:Disabled:eMule"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
    "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Thu 12 Jul 2007 56 ..SHR --- "C:\WINDOWS\system32\CF5A25C2AE.sys"
    Thu 12 Jul 2007 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Mon 23 Jun 1997 123,664 A.SH. --- "C:\WINDOWS\system32\Msjint35.dll"
    Mon 23 Jun 1997 24,848 A.SH. --- "C:\WINDOWS\system32\Msjter35.dll"
    Mon 23 Jun 1997 252,176 A.SH. --- "C:\WINDOWS\system32\Msrd2x35.dll"
    Mon 23 Jun 1997 287,504 A.SH. --- "C:\WINDOWS\system32\Msxbse35.dll"
    Thu 1 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
    Wed 29 Sep 2004 15,360 A..HR --- "C:\WINDOWS\system32\drivers\NetMotCM.sys"
    Sun 18 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Fri 21 Dec 2007 31,744 ...H. --- "C:\Documents and Settings\Petit Loulou\Application Data\Microsoft\Word\~WRL0002.tmp"
    Thu 1 Feb 2007 4,348 A..H. --- "C:\Documents and Settings\Petit Loulou\My Documents\My Music\Sauvegarde de la licence\drmv1key.bak"
    Fri 17 Aug 2007 20 A..H. --- "C:\Documents and Settings\Petit Loulou\My Documents\My Music\Sauvegarde de la licence\drmv1lic.bak"
    Thu 1 Feb 2007 312 A..H. --- "C:\Documents and Settings\Petit Loulou\My Documents\My Music\Sauvegarde de la licence\drmv2key.bak"
    Fri 17 Aug 2007 1,536 A..H. --- "C:\Documents and Settings\Petit Loulou\My Documents\My Music\Sauvegarde de la licence\drmv2lic.bak"
    Sat 9 Feb 2008 31,232 ...H. --- "C:\Documents and Settings\Petit Loulou\My Documents\Agr‚gation\STAGE AVEC M. CARLONI\NUTRITION 6-4\~WRL0005.tmp"

    Finished!

    Voilà le deuxième!!!
    0
  8. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Salut,

    Fait ça :

    Clean.zip

    Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip

    Une fois sur le bureau, tu fais un clic droit sur ton fichier clean.zip et dans le menu déroulant, tu clics sur extrait tout ou extraire ici.
    Cela va créer un dossier clean.
    Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
    Double-clic sur clean. Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
    Clean va travailler. (ça peut etre un peu long)
    Un rapport va etre généré, colle le contenu entier ici.
    « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

    _____________________________________________________

    Puis :

    bitdefender en ligne :

    Utilise Internet Explorer
    accepte l'active X
    la barre anti pop-up du SP2 (en haut) se met à clignoter, clic dessus et choisis "accepter l'active X"

    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    - Cliquer sur J'accepte
    - Start Scan
    - Une fois terminé, Dans l'onglet "Problèmes détectés"
    - "Cliquer ici pour exporter le rapport"
    - Enregistrer sur le bureau (choisir un nom)
    - Fermer le scan
    - Ouvrir le fichier enregistré le copier/coller sur le forum.

    _____________________________________________________

    ++
    0
  9. SARA
     
    CLEAN

    sam. 16/02/2008 a 15:50:03,89

    *** Recherche C:

    *** Recherche C:\WINDOWS\

    *** Recherche C:\WINDOWS\system32
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

    *** Recherche C:\Program Files

    BITDEFENDER

    BitDefender Online Scanner

    Scan report generated at: Sat, Feb 16, 2008 - 17:32:48

    Scan path: C:\;E:\;

    Statistics

    Time

    01:32:56

    Files

    126515

    Folders

    5090

    Boot Sectors

    2

    Archives

    1417

    Packed Files

    11232

    Results

    Identified Viruses

    6

    Infected Files

    11

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    9

    Engines Info

    Virus Definitions

    981482

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    16

    Archive plugins

    41

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    5

    Scan Settings

    First Action

    Désinfecté

    Second Action

    Supprimé

    Heuristics

    Oui

    Enable Warnings

    Oui

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Oui

    Scan Archives

    Oui

    Scan Packed

    Oui

    Scan Files

    Oui

    Scan Boot

    Oui

    Scanned File

    Status

    C:\Documents and Settings\Petit Loulou\Local Settings\Temporary Internet Files\Content.IE5\B3C0OGRV\tr[1]

    Infecté par: Trojan.Vundo.DWB

    C:\Documents and Settings\Petit Loulou\Local Settings\Temporary Internet Files\Content.IE5\B3C0OGRV\tr[1]

    Supprimé

    C:\SDFix\backups\backups.zip=>backups/UGA6PV_0001_N122M2910NetInstaller.exe

    Infecté par: Trojan.Generic.73705

    C:\SDFix\backups\backups.zip=>backups/UGA6PV_0001_N122M2910NetInstaller.exe

    Supprimé

    C:\SDFix\backups\backups.zip

    Mis à jour

    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP184\A0188482.exe

    Infecté par: MemScan:Trojan.Downloader.Small.BUY

    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP184\A0188482.exe

    Supprimé

    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0194731.exe

    Infecté par: Trojan.Generic.73705

    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0194731.exe

    Supprimé

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar=>WINDOWS/System32/urstt.dll

    Infecté par: Trojan.Vundo.Gen.2

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar=>WINDOWS/System32/urstt.dll

    Echec de la désinfection

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar=>WINDOWS/System32/urstt.dll

    Supprimé

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar

    Mis à jour

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar=>WINDOWS/System32/yaywvut.dll

    Infecté par: Trojan.Vundo.DYA

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar=>WINDOWS/System32/yaywvut.dll

    Supprimé

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar

    Mis à jour

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar=>WINDOWS/System32/yaywutu.dll

    Infecté par: Trojan.Vundo.DYA

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar=>WINDOWS/System32/yaywutu.dll

    Supprimé

    C:\upload_moi_ORDINOUNOU.tar.gz=>upload_moi.tar

    Mis à jour

    C:\upload_moi_ORDINOUNOU.tar.gz

    Mis à jour

    C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00091

    Infecté par: Win32.MyPics.A@mm

    C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00091

    Echec de la désinfection

    C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00091

    Supprimé

    C:\WINDOWS\system32\urstt.dll

    Infecté par: Trojan.Vundo.Gen.2

    C:\WINDOWS\system32\urstt.dll

    Echec de la désinfection

    C:\WINDOWS\system32\urstt.dll

    Echec de la suppression

    C:\WINDOWS\system32\yaywutu.dll

    Infecté par: Trojan.Vundo.DYA

    C:\WINDOWS\system32\yaywutu.dll

    Echec de la désinfection

    C:\WINDOWS\system32\yaywutu.dll

    Echec de la suppression

    C:\WINDOWS\system32\yaywvut.dll

    Infecté par: Trojan.Vundo.DYA

    C:\WINDOWS\system32\yaywvut.dll

    Supprimé


    Voila voila, alors quand s'en va t-il car il m'énerve! J'avais déjà fait un clean avant ça à changé qualque chose?
    0
  10. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Salut,

    Pour la suite :

    Démarre en mode sans échec :

    Pour démarrer en mode sans échec :

    1/ -Démarrez Windows, ou s’il s’exécute, fermez Windows puis éteignez l'ordinateur.
    2/ -Redémarrez l’ordinateur.
    3/ -Au début du chargement du BIOS (mais pas trop tôt), commencez à appuyer sur la touche F8 de votre clavier plusieurs fois de suite. Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaissent.
    4/ -En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.

    Une fois dans windows :

    - Double-clic sur clean.cmd
    - Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean

    _____________________________________________________

    VundoFix :

    Télécharge VundoFix.exe sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe afin de le lancer.
    Coche Run VundoFix as a task.
    Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    -----------------------------------------------------------

    Télécharge VirtumondoBegone :
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Lance le, et poste le rapport dans le forum.

    _____________________________________________________

    Poste les 2 rapports.
    0
  11. SARA
     
    RAPPORT CLEAN

    Script executed in Safe Mode
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script executed in Safe Mode sam. 16/02/2008 a 18:16:46,72

    Microsoft Windows XP [Version 5.1.2600]

    *** Suppression C:

    *** Suppression C:\WINDOWS\

    *** Suppression C:\WINDOWS\system32
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

    *** Suppression C:\Program Files

    *** Deletion of the registry keys successful..

    RAPPORT VUNDOFIX


    VundoFix V6.7.8

    Checking Java version...

    Sun Java not detected
    Scan started at 18:36:50 16/02/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\hwvqyaqf.dll
    C:\WINDOWS\system32\igoamlxq.ini
    C:\WINDOWS\system32\lawveaqn.dll
    C:\WINDOWS\system32\olqdekch.dll
    C:\WINDOWS\system32\qxlmaogi.dll
    C:\WINDOWS\system32\urstt.dll
    C:\WINDOWS\system32\vcasieqf.dll
    C:\WINDOWS\system32\vfoequpq.dll
    C:\WINDOWS\system32\wfcwtxnl.dll
    C:\WINDOWS\system32\yaywutu.dll
    C:\WINDOWS\system32\yshfdqji.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hwvqyaqf.dll
    C:\WINDOWS\system32\hwvqyaqf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\igoamlxq.ini
    C:\WINDOWS\system32\igoamlxq.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lawveaqn.dll
    C:\WINDOWS\system32\lawveaqn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\olqdekch.dll
    C:\WINDOWS\system32\olqdekch.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qxlmaogi.dll
    C:\WINDOWS\system32\qxlmaogi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urstt.dll
    C:\WINDOWS\system32\urstt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vcasieqf.dll
    C:\WINDOWS\system32\vcasieqf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vfoequpq.dll
    C:\WINDOWS\system32\vfoequpq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wfcwtxnl.dll
    C:\WINDOWS\system32\wfcwtxnl.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\yaywutu.dll
    C:\WINDOWS\system32\yaywutu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\yshfdqji.dll
    C:\WINDOWS\system32\yshfdqji.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\wfcwtxnl.dll
    C:\WINDOWS\system32\wfcwtxnl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yaywutu.dll
    C:\WINDOWS\system32\yaywutu.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    RAPPORT HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:04:12, on 16/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\MMKeybd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\HijackThis\HijackThis.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1BBE79C2-2D61-4591-ADF0-4CED13513C33} - C:\WINDOWS\system32\tusst.dll
    O2 - BHO: (no name) - {3CE96330-67D6-4319-8804-08C26E3CD926} - C:\Program Files\Windows Media Player\nari89104.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {B8D0D0BD-633D-4925-BCFB-44E4A544DA8F} - C:\WINDOWS\system32\urstt.dll (file missing)
    O2 - BHO: {63456ec1-a943-e38b-3cd4-3e96669cf96d} - {d69fc966-69e3-4dc3-b83e-349a1ce65436} - C:\WINDOWS\system32\gwvnqgdx.dll
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\yaywutu.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Post-me] C:\Program Files\Post-me\post-me.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [4c8fe065] rundll32.exe "C:\WINDOWS\system32\tinsxesm.dll",b
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://centraus2.englishtown.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {10A27AB5-0AFE-4769-9B86-3FC44CD47B54} - http://lms.mediapluspro.net/mediaplus6/Download/ENILSTools.CAB
    O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://lms.mediapluspro.net/mediaplus6/Download/HtmlHelpViewer.CAB
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://lms.mediapluspro.net/mediaplus6/Download/tsccinst.cab
    O16 - DPF: {BE937B67-5A69-11D5-956E-0040339BF4B0} - http://lms.mediapluspro.net/mediaplus6/Download/ENILS1.CAB
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  12. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Re,

    Tu vas désinstaller Avast pour installer Antivir.
    Comparatif des 2 ---> http://forum.malekal.com/ftopic3528.php (par Malekal)

    Pour Désinstaller Avast :

    il faut le désinstaller à partir d'un prog :

    https://www.avast.com/fr-fr/uninstall-utility

    _____________________________________________________

    Pour installer Antivir :

    Telecharge Antivir: http://www.commentcamarche.net/telecharger/telecharger 55 antivir

    Installe le.
    Pendant l'installation, cocher la case "generate random serial..."
    Lance Antivir,
    fais les mises à jours, puis lance un scan (si des virus sont découverts, mets les en quarantaine. Si tu ne peux pas alors supprime les).
    A la fin du scan clique sur 'report', enregistre ce rapport sur le bureau (fichier => enregistrer sous), puis fait un copier/coller de ce rapport dans ton prochain message.

    ----> Relance ton PC

    Tutos : https://www.malekal.com/avira-free-security-antivirus-gratuit/

    Si problème - mise à jour :
    Telecharge la licence sur le site officiel :
    http://dl1.avgate.net/down/windows/hbedv.key
    Une fois telechargé, déplace le fichier téléchargé (hbedv.key) dans le dossier Antivir.
    Par defaut : C:\Program Files\AntiVir PersonalEdition Classic

    Refait la mise à jour, puis il ne sera plus périmé.
    Et fait le scan comme indiqué plus haut.

    _____________________________________________________

    ++
    0
  13. SARA
     
    J'ai installé antivir hier et puis j'ai été dormi. Maintenant il arrête pas de sonner dans tout les sens en disant virus virus virus, mais impossible de le mettre en quarantaine ou de le supprimer. Je ne sais plus accéder à mes fichiers, comment faire car j'en ai vraiment besoin aujourd'hui???

    et je n'ai pas encore su lancer un scan antivir...

    a+
    0
  14. SARA
     
    VOILA LE SCAN D ANTIR, MAIS MON PC N ARRETE PLUS DE SONNER MNTNT...ET JE NE SAIS QUASI PLUS RIEN FAIRE DESSUS CE COUP CI??? SALUT

    AntiVir PersonalEdition Classic
    Report file date: dimanche 17 février 2008 09:50

    Scanning for 1110678 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: ORDINOUNOU

    Version information:
    BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 23:30:06
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2/8/2008 23:30:06
    ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 2/15/2008 23:30:06
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2/16/2008 23:30:07
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/16/2008 23:30:07
    AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 17 février 2008 09:50

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'pctspk.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'Nhksrv.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '35' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\upload_moi_ORDINOUNOU.tar.gz
    [0] Archive type: GZ
    --> upload_moi.tar
    [1] Archive type: TAR (tape archiver)
    --> WINDOWS/System32/lawveaqn.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> WINDOWS/System32/olqdekch.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> WINDOWS/System32/yshfdqji.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> WINDOWS/System32/vcasieqf.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4823f5f7.qua'!
    C:\Documents and Settings\Petit Loulou\Local Settings\Temp\cuixnifr.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4820f68d.qua'!
    C:\Documents and Settings\Petit Loulou\Local Settings\Temporary Internet Files\Content.IE5\5N3K6RAP\hctp[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482bf682.qua'!
    C:\Documents and Settings\Petit Loulou\Local Settings\Temporary Internet Files\Content.IE5\5N3K6RAP\tk58[1].exe
    [DETECTION] Is the Trojan horse TR/BHO.AB.4
    [INFO] The file was moved to '47ecf68f.qua'!
    C:\Documents and Settings\Petit Loulou\Local Settings\Temporary Internet Files\Content.IE5\741DEQMT\tr[1]
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    [INFO] The file was moved to '4812f69f.qua'!
    C:\Documents and Settings\Petit Loulou\Local Settings\Temporary Internet Files\Content.IE5\K1Q11NCA\hctp[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482bf69d.qua'!
    C:\Documents and Settings\Petit Loulou\Local Settings\Temporary Internet Files\Content.IE5\OQR03NF0\css4[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482af6b5.qua'!
    C:\Documents and Settings\Petit Loulou\Local Settings\Temporary Internet Files\Content.IE5\OQR03NF0\ptch[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481af6b7.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0194651.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47e8fccb.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0194652.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47e8fccc.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0196737.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47e8fcd1.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0196766.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '471e12f2.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0196768.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47e8fcd2.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0196769.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '471e12f3.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0196771.dll
    [DETECTION] Is the Trojan horse TR/Vundo.gc
    [INFO] The file was moved to '47e8fcd3.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0196772.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '471e12f4.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0196774.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47e8fcd4.qua'!
    C:\System Volume Information\_restore{EDFFBB76-C4B7-4F37-8514-C4027A40470A}\RP192\A0196783.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '471e12f5.qua'!
    C:\VundoFix Backups\hwvqyaqf.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482dfd54.qua'!
    C:\VundoFix Backups\lawveaqn.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482efd3e.qua'!
    C:\VundoFix Backups\olqdekch.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4828fd4a.qua'!
    C:\VundoFix Backups\urstt.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.gc
    [INFO] The file was moved to '482afd50.qua'!
    C:\VundoFix Backups\vcasieqf.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4818fd41.qua'!
    C:\VundoFix Backups\wfcwtxnl.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481afd45.qua'!
    C:\VundoFix Backups\yaywutu.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4830fd40.qua'!
    C:\VundoFix Backups\yshfdqji.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481ffd53.qua'!
    C:\WINDOWS\system32\gwvnqgdx.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482dff38.qua'!
    C:\WINDOWS\system32\tusst.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\yaywutu.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
    [DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
    [INFO] The file was moved to '4828000a.qua'!
    C:\WINDOWS\system32\q9\liopud89104.exe
    [DETECTION] Contains detection pattern of the dropper DR/TTC.D
    [INFO] The file was moved to '48270030.qua'!

    End of the scan: dimanche 17 février 2008 10:35
    Used time: 44:37 min

    The scan has been done completely.

    5105 Scanning directories
    186050 Files were scanned
    34 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    29 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    186016 Files not concerned
    886 Archives were scanned
    3 Warnings
    0 Notes
    0
  15. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Salut,

    On dirai que l'infection Vundo est toujours présente,

    Télécharge : VundoFix
    Une fois télécharger, ne le lance pas, avant tu va redémarrer en mode sans echec.

    Pour démarrer en mode sans échec :

    1/ -Démarrez Windows, ou s’il s’exécute, fermez Windows puis éteignez l'ordinateur.
    2/ -Redémarrez l’ordinateur.
    3/ -Au début du chargement du BIOS (mais pas trop tôt), commencez à appuyer sur la touche F8 de votre clavier plusieurs fois de suite. Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaissent.
    4/ -En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.

    _____________________________________________________

    Une fois en mode sans echec :

    ---> Execute VundoFix
    ---> Clique sur Start
    ---> Attendre la fin du scan
    ---> Post le rapport

    _____________________________________________________

    ++
    0
  16. SARA
     
    Symantec Trojan.Vundo Removal Tool 1.5.0

    C:\Documents and Settings\Petit Loulou\Local Settings\Application Data\Microsoft\Messenger\nicolay_sara@hotmail.com\SharingMetadata\xgaetx@hotmail.com\DFSR\Staging\CS{CFD5D0C9-B9E8-54EF-F2E5-A69B77DB9592}\01\11-{CFD5D0C9-B9E8-54EF-F2E5-A69B77DB9592}-v1-{36A0D7C4-33BC-4F7A-8798-CD1E03B933A9}-v11-Downloaded.frx (WARNING: not scanned, path to long)
    C:\System Volume Information: (not scanned)
    Trojan.Vundo has not been found on your computer.

    Ca n'a toujours pas du fonctionner car antivir est complètement cinglé, et j'ai de plus en plus de mal a utiliser le pc...
    0
  17. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Re,

    OTMoveIt :

    Télécharger sur le bureau :
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    = Copier le texte en gras:

    C:\WINDOWS\system32\yaywutu.dll
    C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe


    = Double-clic sur OTMoveIt.exe
    = Dans le cadre de Gauche ==> clic-droit ==> coller
    = Clic MoveIt!
    = si redémarrage demandé==> Clic : YES
    = Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller sur le forum.
    -------

    redemarre le PC

    _____________________________________________________

    Le dernier Fix que je t'ai passé post <14> c'était FixVundo,

    Maintenant, tu va essayé de faire un VundoFix c'est à dire celui
    Post 9

    Tous ça en En mode sans echec, je te conseil de faire un copier/coller de ce poste dans un nouveau document "bloc note" sur le bureau par exemple, car en mode sans echec tu n'auras pas accés a Internet.

    _____________________________________________________

    A toute
    0
  18. SARA
     
    RAPPORT OTMOVEIT2

    File/Folder C:\WINDOWS\system32\yaywutu.dll not found.
    File/Folder C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe not found.

    OTMoveIt2 v1.0.20 log created on 02172008_234026

    RAPPORT VUNDOFIX

    VundoFix V6.7.8

    Checking Java version...

    Sun Java not detected
    Scan started at 18:36:50 16/02/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\hwvqyaqf.dll
    C:\WINDOWS\system32\igoamlxq.ini
    C:\WINDOWS\system32\lawveaqn.dll
    C:\WINDOWS\system32\olqdekch.dll
    C:\WINDOWS\system32\qxlmaogi.dll
    C:\WINDOWS\system32\urstt.dll
    C:\WINDOWS\system32\vcasieqf.dll
    C:\WINDOWS\system32\vfoequpq.dll
    C:\WINDOWS\system32\wfcwtxnl.dll
    C:\WINDOWS\system32\yaywutu.dll
    C:\WINDOWS\system32\yshfdqji.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hwvqyaqf.dll
    C:\WINDOWS\system32\hwvqyaqf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\igoamlxq.ini
    C:\WINDOWS\system32\igoamlxq.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lawveaqn.dll
    C:\WINDOWS\system32\lawveaqn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\olqdekch.dll
    C:\WINDOWS\system32\olqdekch.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qxlmaogi.dll
    C:\WINDOWS\system32\qxlmaogi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urstt.dll
    C:\WINDOWS\system32\urstt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vcasieqf.dll
    C:\WINDOWS\system32\vcasieqf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vfoequpq.dll
    C:\WINDOWS\system32\vfoequpq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wfcwtxnl.dll
    C:\WINDOWS\system32\wfcwtxnl.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\yaywutu.dll
    C:\WINDOWS\system32\yaywutu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\yshfdqji.dll
    C:\WINDOWS\system32\yshfdqji.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\wfcwtxnl.dll
    C:\WINDOWS\system32\wfcwtxnl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yaywutu.dll
    C:\WINDOWS\system32\yaywutu.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.8

    Checking Java version...

    Sun Java not detected
    Scan started at 23:40:50 17/02/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\djlcqdxi.dll
    C:\WINDOWS\system32\dztuuuwa.dll
    C:\windows\system32\dztuuuwa.dllbox
    C:\WINDOWS\system32\ixdqcljd.ini
    C:\WINDOWS\system32\ortfcsmf.dll
    C:\WINDOWS\system32\tssut.ini
    C:\WINDOWS\system32\tssut.ini2
    C:\WINDOWS\system32\tusst.dll
    C:\WINDOWS\system32\uvfkiwyi.dll
    C:\WINDOWS\system32\yocwswud.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\djlcqdxi.dll
    C:\WINDOWS\system32\djlcqdxi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dztuuuwa.dll
    C:\WINDOWS\system32\dztuuuwa.dll Could not be deleted.

    Attempting to delete C:\windows\system32\dztuuuwa.dllbox
    C:\windows\system32\dztuuuwa.dllbox Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ixdqcljd.ini
    C:\WINDOWS\system32\ixdqcljd.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ortfcsmf.dll
    C:\WINDOWS\system32\ortfcsmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tssut.ini
    C:\WINDOWS\system32\tssut.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tssut.ini2
    C:\WINDOWS\system32\tssut.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tusst.dll
    C:\WINDOWS\system32\tusst.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvfkiwyi.dll
    C:\WINDOWS\system32\uvfkiwyi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yocwswud.dll
    C:\WINDOWS\system32\yocwswud.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dztuuuwa.dll
    C:\WINDOWS\system32\dztuuuwa.dll Could not be deleted.

    Attempting to delete C:\windows\system32\dztuuuwa.dllbox
    C:\windows\system32\dztuuuwa.dllbox Has been deleted!

    Performing Repairs to the registry.
    Done!

    il me semble que j avais également fait un vundi fix avant...mais malheureusement antivir reste toujours aussi cinglé! Est-ce que y a moyen de le retirer? Car la je commence a avoir peur! j'ai besoin de cet idiot de pc pour faire mes cours...et c'est le seul que j'ai!
    Bonne fin de soirée
    0
  19. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Salut,

    Renomme HijackThis.exe en ---> HjT.exe

    Refait un OTMoveIt :

    OTMoveIt2 :

    = Copier le texte en gras:

    C:\WINDOWS\system32\hwvqyaqf.dll
    C:\WINDOWS\system32\igoamlxq.ini
    C:\WINDOWS\system32\lawveaqn.dll
    C:\WINDOWS\system32\olqdekch.dll
    C:\WINDOWS\system32\qxlmaogi.dll
    C:\WINDOWS\system32\urstt.dll
    C:\WINDOWS\system32\vcasieqf.dll
    C:\WINDOWS\system32\vfoequpq.dll
    C:\WINDOWS\system32\wfcwtxnl.dll
    C:\WINDOWS\system32\yaywutu.dll
    C:\WINDOWS\system32\yshfdqji.dll


    = Double-clic sur OTMoveIt.exe
    = Dans le cadre de Gauche ==> clic-droit ==> coller
    = Clic MoveIt!
    = si redémarrage demandé==> Clic : YES
    = Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller sur le forum.
    -------

    redemarre le PC

    _____________________________________________________

    Refait un Rapport HijackThis

    ++
    0
  20. SARA
     
    RAPPORT MOVEIT

    File/Folder C:\WINDOWS\system32\hwvqyaqf.dll not found.
    File/Folder C:\WINDOWS\system32\igoamlxq.ini not found.
    File/Folder C:\WINDOWS\system32\lawveaqn.dll not found.
    File/Folder C:\WINDOWS\system32\olqdekch.dll not found.
    File/Folder C:\WINDOWS\system32\qxlmaogi.dll not found.
    File/Folder C:\WINDOWS\system32\urstt.dll not found.
    File/Folder C:\WINDOWS\system32\vcasieqf.dll not found.
    File/Folder C:\WINDOWS\system32\vfoequpq.dll not found.
    File/Folder C:\WINDOWS\system32\wfcwtxnl.dll not found.
    File/Folder C:\WINDOWS\system32\yaywutu.dll not found.
    File/Folder C:\WINDOWS\system32\yshfdqji.dll not found.

    OTMoveIt2 v1.0.20 log created on 02182008_094713

    RAPPORT HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:51:05, on 18/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\MMKeybd.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HjT\HjT.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3CE96330-67D6-4319-8804-08C26E3CD926} - C:\Program Files\Windows Media Player\nari89104.dll
    O2 - BHO: (no name) - {5E544AFD-A624-4454-A066-23F9AE8AE465} - C:\WINDOWS\system32\tusst.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dztuuuwa.dll
    O2 - BHO: (no name) - {B8D0D0BD-633D-4925-BCFB-44E4A544DA8F} - C:\WINDOWS\system32\urstt.dll (file missing)
    O2 - BHO: {176f42c1-7765-6938-64e4-ce20b4b0a88c} - {c88a0b4b-02ec-4e46-8396-56771c24f671} - C:\WINDOWS\system32\yocwswud.dll (file missing)
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\yaywutu.dll (file missing)
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Post-me] C:\Program Files\Post-me\post-me.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [4c8fe065] rundll32.exe "C:\WINDOWS\system32\djlcqdxi.dll",b
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
    O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://centraus2.englishtown.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {10A27AB5-0AFE-4769-9B86-3FC44CD47B54} - http://lms.mediapluspro.net/mediaplus6/Download/ENILSTools.CAB
    O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://lms.mediapluspro.net/mediaplus6/Download/HtmlHelpViewer.CAB
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://lms.mediapluspro.net/mediaplus6/Download/tsccinst.cab
    O16 - DPF: {BE937B67-5A69-11D5-956E-0040339BF4B0} - http://lms.mediapluspro.net/mediaplus6/Download/ENILS1.CAB
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: dztuuuwa - C:\WINDOWS\SYSTEM32\dztuuuwa.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  21. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Fixe les lignes dans Hijackthis :

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {3CE96330-67D6-4319-8804-08C26E3CD926} - C:\Program Files\Windows Media Player\nari89104.dll
    O2 - BHO: (no name) - {5E544AFD-A624-4454-A066-23F9AE8AE465} - C:\WINDOWS\system32\tusst.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dztuuuwa.dll
    O2 - BHO: (no name) - {B8D0D0BD-633D-4925-BCFB-44E4A544DA8F} - C:\WINDOWS\system32\urstt.dll (file missing)
    O2 - BHO: {176f42c1-7765-6938-64e4-ce20b4b0a88c} - {c88a0b4b-02ec-4e46-8396-56771c24f671} - C:\WINDOWS\system32\yocwswud.dll (file missing)
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\yaywutu.dll (file missing)

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [4c8fe065] rundll32.exe "C:\WINDOWS\system32\djlcqdxi.dll",b

    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://centraus2.englishtown.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {10A27AB5-0AFE-4769-9B86-3FC44CD47B54} - http://lms.mediapluspro.net/mediaplus6/Download/ENILSTools.CAB
    O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - http://lms.mediapluspro.net/mediaplus6/Download/HtmlHelpViewer.CAB
    O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://lms.mediapluspro.net/mediaplus6/Download/tsccinst.cab
    O16 - DPF: {BE937B67-5A69-11D5-956E-0040339BF4B0} - http://lms.mediapluspro.net/mediaplus6/Download/ENILS1.CAB

    O20 - Winlogon Notify: dztuuuwa - C:\WINDOWS\SYSTEM32\dztuuuwa.dll

    S'il te demande un redémarrage, relance ton PC.
    _____________________________________________________

    On arrête le service puis on le désactive :
    _____________________________________________________

    Arrête ce service

    service(s) à arrêter : Microsoft cache control (MSControlService) - Netropa NHK Server (Nhksrv)

    pour ça fais cette manip :

    Démarrer -> executer tape services.msc clic droit sur le service cité - > propriétés et dans "type de démarrage" et mets le sur « arrêté » et « désactivé ».

    _____________________________________________________

    Fait bien tous dans l'ordre.
    0
  • 1
  • 2
  • 3