Winantiviruspro, winfixer, errorsafe, trojan adclicker et j'en passe..
Dernière réponse : dans Sécurité
Bonjour,
Je suis envahie de toutes ces horreurs dont je n'arrive pas a me debarrasser!!! Qqun saurait il ce que je dois faire svp? Merci
Je suis envahie de toutes ces horreurs dont je n'arrive pas a me debarrasser!!! Qqun saurait il ce que je dois faire svp? Merci
Autres pages sur : winantiviruspro winfixer errorsafe trojan adclicker passe
Lassé par la pub ? Créez un compte
J'ai avg a jour, je le trouvais tres bien mais symantec me detecte plusieurs infections, et je ne sais vraiment pas comment m'en debarasser, ils reviennent toujours, me coupent la connexion internet, etc. Apparemment, meme norton ne fais rien pour ca. Que pourrais-tu me conseiller d'autres? J'ai hijacking qui genere des rapports mais je suis incapable de les dechiffrer....
Salut manutoto,
Poste un rapport HijackThis
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Renomme-le en Scanner.exe (clic droit sur le fichier HijackThis et choisis renommer).
Ensuite, lance le (double clic sur Scanner.exe ensuite tu l’exécutes) appuie sur Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.
Poste un rapport HijackThis
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Renomme-le en Scanner.exe (clic droit sur le fichier HijackThis et choisis renommer).
Ensuite, lance le (double clic sur Scanner.exe ensuite tu l’exécutes) appuie sur Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.
Bonjour bob,
Voila le rapport. Merci pour le tps consacré !
Logfile of HijackThis v1.99.1
Scan saved at 14:41:32, on 27/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\atapi32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\wfirewall.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Manuella\Bureau\Hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\tglpntqt.dll (file missing)
O2 - BHO: (no name) - {6F85B6D6-3333-40BC-A103-619491303538} - C:\WINDOWS\System32\ddcax.dll
O2 - BHO: (no name) - {76421ACF-E4A9-403E-B181-73B15D7C37A7} - C:\WINDOWS\System32\nnnkj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Manuella\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d55c1b3d6c75da0d16/netzip...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{9496D28F-B9A3-40B5-BE24-5605353C11C8}: NameServer = 212.27.53.252 212.27.54.252
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcax - C:\WINDOWS\System32\ddcax.dll
O20 - Winlogon Notify: nnnkj - C:\WINDOWS\System32\nnnkj.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\WINDOWS\system32\snddrv.exe (file missing)
O23 - Service: Windows Atapi Driver - Unknown owner - C:\WINDOWS\atapi32.exe
Voila le rapport. Merci pour le tps consacré !
Logfile of HijackThis v1.99.1
Scan saved at 14:41:32, on 27/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\atapi32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\wfirewall.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Manuella\Bureau\Hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\tglpntqt.dll (file missing)
O2 - BHO: (no name) - {6F85B6D6-3333-40BC-A103-619491303538} - C:\WINDOWS\System32\ddcax.dll
O2 - BHO: (no name) - {76421ACF-E4A9-403E-B181-73B15D7C37A7} - C:\WINDOWS\System32\nnnkj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Manuella\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d55c1b3d6c75da0d16/netzip...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{9496D28F-B9A3-40B5-BE24-5605353C11C8}: NameServer = 212.27.53.252 212.27.54.252
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcax - C:\WINDOWS\System32\ddcax.dll
O20 - Winlogon Notify: nnnkj - C:\WINDOWS\System32\nnnkj.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\WINDOWS\system32\snddrv.exe (file missing)
O23 - Service: Windows Atapi Driver - Unknown owner - C:\WINDOWS\atapi32.exe
Bonjour,
Infection Vundo entre autres.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Infection Vundo entre autres.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Voila mon rapport vudo :
VundoFix V6.2.6
Checking Java version...
Sun Java not detected
Scan started at 14:52:23 27/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\byxxwxu.dll
C:\WINDOWS\system32\ssqrppq.dll
C:\WINDOWS\system32\yvuhwxrx.exe
C:\WINDOWS\system32\pbstohxn.exe
C:\WINDOWS\System32\ddcax.dll
C:\WINDOWS\System32\nnnkj.dll
C:\WINDOWS\System32\xacdd.ini
C:\WINDOWS\System32\xacdd.bak1
C:\WINDOWS\System32\xacdd.ini2
C:\WINDOWS\System32\xacdd.tmp
C:\WINDOWS\System32\jknnn.ini
C:\WINDOWS\System32\jknnn.bak1
C:\WINDOWS\System32\jknnn.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\byxxwxu.dll
C:\WINDOWS\system32\byxxwxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqrppq.dll
C:\WINDOWS\system32\ssqrppq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yvuhwxrx.exe
C:\WINDOWS\system32\yvuhwxrx.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\pbstohxn.exe
C:\WINDOWS\system32\pbstohxn.exe Has been deleted!
Attempting to delete C:\WINDOWS\System32\ddcax.dll
C:\WINDOWS\System32\ddcax.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\xacdd.ini
C:\WINDOWS\System32\xacdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\xacdd.bak1
C:\WINDOWS\System32\xacdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\xacdd.ini2
C:\WINDOWS\System32\xacdd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\xacdd.tmp
C:\WINDOWS\System32\xacdd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\System32\jknnn.ini
C:\WINDOWS\System32\jknnn.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\jknnn.bak1
C:\WINDOWS\System32\jknnn.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\jknnn.bak2
C:\WINDOWS\System32\jknnn.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
et mon rapprot hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 15:12:27, on 27/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\atapi32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\wfirewall.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Manuella\Bureau\Hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\tglpntqt.dll (file missing)
O2 - BHO: (no name) - {6F85B6D6-3333-40BC-A103-619491303538} - C:\WINDOWS\System32\ddcax.dll (file missing)
O2 - BHO: (no name) - {76421ACF-E4A9-403E-B181-73B15D7C37A7} - C:\WINDOWS\System32\nnnkj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Manuella\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d55c1b3d6c75da0d16/netzip...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{9496D28F-B9A3-40B5-BE24-5605353C11C8}: NameServer = 212.27.54.252 212.27.53.252
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: nnnkj - C:\WINDOWS\System32\nnnkj.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\WINDOWS\system32\snddrv.exe (file missing)
O23 - Service: Windows Atapi Driver - Unknown owner - C:\WINDOWS\atapi32.exe
Qu'est ce que t'en penses? Merci Angeldark
VundoFix V6.2.6
Checking Java version...
Sun Java not detected
Scan started at 14:52:23 27/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\byxxwxu.dll
C:\WINDOWS\system32\ssqrppq.dll
C:\WINDOWS\system32\yvuhwxrx.exe
C:\WINDOWS\system32\pbstohxn.exe
C:\WINDOWS\System32\ddcax.dll
C:\WINDOWS\System32\nnnkj.dll
C:\WINDOWS\System32\xacdd.ini
C:\WINDOWS\System32\xacdd.bak1
C:\WINDOWS\System32\xacdd.ini2
C:\WINDOWS\System32\xacdd.tmp
C:\WINDOWS\System32\jknnn.ini
C:\WINDOWS\System32\jknnn.bak1
C:\WINDOWS\System32\jknnn.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\byxxwxu.dll
C:\WINDOWS\system32\byxxwxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqrppq.dll
C:\WINDOWS\system32\ssqrppq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yvuhwxrx.exe
C:\WINDOWS\system32\yvuhwxrx.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\pbstohxn.exe
C:\WINDOWS\system32\pbstohxn.exe Has been deleted!
Attempting to delete C:\WINDOWS\System32\ddcax.dll
C:\WINDOWS\System32\ddcax.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\xacdd.ini
C:\WINDOWS\System32\xacdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\xacdd.bak1
C:\WINDOWS\System32\xacdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\xacdd.ini2
C:\WINDOWS\System32\xacdd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\xacdd.tmp
C:\WINDOWS\System32\xacdd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\System32\jknnn.ini
C:\WINDOWS\System32\jknnn.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\jknnn.bak1
C:\WINDOWS\System32\jknnn.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\jknnn.bak2
C:\WINDOWS\System32\jknnn.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
et mon rapprot hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 15:12:27, on 27/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\atapi32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\wfirewall.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Manuella\Bureau\Hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\tglpntqt.dll (file missing)
O2 - BHO: (no name) - {6F85B6D6-3333-40BC-A103-619491303538} - C:\WINDOWS\System32\ddcax.dll (file missing)
O2 - BHO: (no name) - {76421ACF-E4A9-403E-B181-73B15D7C37A7} - C:\WINDOWS\System32\nnnkj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Manuella\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d55c1b3d6c75da0d16/netzip...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{9496D28F-B9A3-40B5-BE24-5605353C11C8}: NameServer = 212.27.54.252 212.27.53.252
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: nnnkj - C:\WINDOWS\System32\nnnkj.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\WINDOWS\system32\snddrv.exe (file missing)
O23 - Service: Windows Atapi Driver - Unknown owner - C:\WINDOWS\atapi32.exe
Qu'est ce que t'en penses? Merci Angeldark
C'est mieux déjà ![;)]( ";)")
Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ET voici le rapport combofix :
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Manuella\Bureau"
((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))
2006-10-26 16:54 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-25 19:55 67,604 --a------ C:\WINDOWS\system32\vacygjxc.exe
2006-10-19 17:51 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-19 12:20 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-10-19 12:20 6,144 --a------ C:\WINDOWS\system32\stera.exe
2006-09-29 09:40 59,392 --a------ C:\WINDOWS\system32\wfirewall.exe
2006-09-29 08:47 80,384 -r-hs---- C:\WINDOWS\atapi32.exe
2006-09-28 08:28 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 08:28 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-28 08:28 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-27 10:20 212849 --a------ C:\Program Files\hijackthis.zip
2006-10-26 17:16 -------- d-------- C:\Documents and Settings\Manuella\Application Data\Lavasoft
2006-10-13 10:49 38312 --a------ C:\Documents and Settings\Manuella\Application Data\GDIPFONTCACHEV1.DAT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AGRSMMSG"="AGRSMMSG.exe"
"zzzHPSETUP"="D:\\Setup.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb06.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
"WinAntiVirusPro2006"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"uwa6pcw"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"ImInstaller_IncrediMail"="C:\\DOCUME~1\\Manuella\\LOCALS~1\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe -startup -product IncrediMail"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkj
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-10-27 15:21:09.24
C:\ComboFix.txt ... 06-10-27 15:21
MErci pour l'aide !
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Manuella\Bureau"
((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))
2006-10-26 16:54 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-25 19:55 67,604 --a------ C:\WINDOWS\system32\vacygjxc.exe
2006-10-19 17:51 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-19 12:20 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-10-19 12:20 6,144 --a------ C:\WINDOWS\system32\stera.exe
2006-09-29 09:40 59,392 --a------ C:\WINDOWS\system32\wfirewall.exe
2006-09-29 08:47 80,384 -r-hs---- C:\WINDOWS\atapi32.exe
2006-09-28 08:28 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 08:28 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-28 08:28 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-27 10:20 212849 --a------ C:\Program Files\hijackthis.zip
2006-10-26 17:16 -------- d-------- C:\Documents and Settings\Manuella\Application Data\Lavasoft
2006-10-13 10:49 38312 --a------ C:\Documents and Settings\Manuella\Application Data\GDIPFONTCACHEV1.DAT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AGRSMMSG"="AGRSMMSG.exe"
"zzzHPSETUP"="D:\\Setup.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb06.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
"WinAntiVirusPro2006"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"uwa6pcw"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"ImInstaller_IncrediMail"="C:\\DOCUME~1\\Manuella\\LOCALS~1\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe -startup -product IncrediMail"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Windows Firewall"="C:\\WINDOWS\\wfirewall.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkj
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-10-27 15:21:09.24
C:\ComboFix.txt ... 06-10-27 15:21
MErci pour l'aide !
Re,
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:
C:\WINDOWS\system32\vacygjxc.exe
C:\WINDOWS\system32\SpOrder.dll
Clique ensuite sur Send
Poste le rapport en fin d'analyse.
Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.
Télécharge : KillBox
Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)
Selectionne le texte dans le cadre:
C:\WINDOWS\system32\mucltui.dll
C:\WINDOWS\system32\stera.exe
Clique droit puis Copier.
----------
. Ouvre Killbox.exe
. Choisis "Delete on reboot"
. Clique sur :
- " File " -> " Paste from Clipboard "
- " All Files "
- " Unregister .dll Before Deleting "
Pour terminer clique sur le rond rouge avec une croix blanche.
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
. Repond par "oui", un compte à rebour s'enclenche, ton PC va redémarrer.
Supprime ce dossier : C:\!KillBox
Aide sur KillBox
Désinstalle WinAntiVirusPro2006 si possible puis reposte un rapport Hijackthis.
Citation :
- Assure toi d'avoir accès aux dossiers/fichiers cachés-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:
C:\WINDOWS\system32\vacygjxc.exe
C:\WINDOWS\system32\SpOrder.dll
Clique ensuite sur Send
Poste le rapport en fin d'analyse.
Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.
Télécharge : KillBox
Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)
Selectionne le texte dans le cadre:
Citation :
C:\WINDOWS\wfirewall.exeC:\WINDOWS\system32\mucltui.dll
C:\WINDOWS\system32\stera.exe
Clique droit puis Copier.
----------
. Ouvre Killbox.exe
. Choisis "Delete on reboot"
. Clique sur :
- " File " -> " Paste from Clipboard "
- " All Files "
- " Unregister .dll Before Deleting "
Pour terminer clique sur le rond rouge avec une croix blanche.
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
. Repond par "oui", un compte à rebour s'enclenche, ton PC va redémarrer.
Supprime ce dossier : C:\!KillBox
Aide sur KillBox
Désinstalle WinAntiVirusPro2006 si possible puis reposte un rapport Hijackthis.
STATUS: FINISHEDComplete scanning result of "vacygjxc.exe", received in VirusTotal at 10.27.2006, 15:35:15 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 no virus found
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1841 10.27.2006 unpack error
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 Application/VSToolbar
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found
Aditional Information
File size: 67604 bytes
MD5: 31e51eda4e9c3306f220618f0d8a32d4
SHA1: 8208bcd566d70d9d331d67d5ee4f9d12193a4234
packers: UPX
STATUS: FINISHEDComplete scanning result of "SpOrder.dll", received in VirusTotal at 10.27.2006, 15:40:48 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 Adware.WinAntiVirus
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1841 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found
Aditional Information
File size: 8704 bytes
MD5: b4efc7e8edc0d1e2e81d81fa092ac8c4
SHA1: e794de4e8c32c5f230e6978403da46c8ab8ce438
Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 no virus found
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1841 10.27.2006 unpack error
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 Application/VSToolbar
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found
Aditional Information
File size: 67604 bytes
MD5: 31e51eda4e9c3306f220618f0d8a32d4
SHA1: 8208bcd566d70d9d331d67d5ee4f9d12193a4234
packers: UPX
STATUS: FINISHEDComplete scanning result of "SpOrder.dll", received in VirusTotal at 10.27.2006, 15:40:48 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 Adware.WinAntiVirus
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1841 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found
Aditional Information
File size: 8704 bytes
MD5: b4efc7e8edc0d1e2e81d81fa092ac8c4
SHA1: e794de4e8c32c5f230e6978403da46c8ab8ce438
STATUS: FINISHEDComplete scanning result of "vacygjxc.exe", received in VirusTotal at 10.27.2006, 15:35:15 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 no virus found
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1841 10.27.2006 unpack error
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 Application/VSToolbar
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found
Aditional Information
File size: 67604 bytes
MD5: 31e51eda4e9c3306f220618f0d8a32d4
SHA1: 8208bcd566d70d9d331d67d5ee4f9d12193a4234
packers: UPX
STATUS: FINISHEDComplete scanning result of "SpOrder.dll", received in VirusTotal at 10.27.2006, 15:40:48 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 Adware.WinAntiVirus
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1841 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found
Aditional Information
File size: 8704 bytes
MD5: b4efc7e8edc0d1e2e81d81fa092ac8c4
SHA1: e794de4e8c32c5f230e6978403da46c8ab8ce438
Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 no virus found
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1841 10.27.2006 unpack error
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 Application/VSToolbar
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found
Aditional Information
File size: 67604 bytes
MD5: 31e51eda4e9c3306f220618f0d8a32d4
SHA1: 8208bcd566d70d9d331d67d5ee4f9d12193a4234
packers: UPX
STATUS: FINISHEDComplete scanning result of "SpOrder.dll", received in VirusTotal at 10.27.2006, 15:40:48 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 Adware.WinAntiVirus
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1841 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found
Aditional Information
File size: 8704 bytes
MD5: b4efc7e8edc0d1e2e81d81fa092ac8c4
SHA1: e794de4e8c32c5f230e6978403da46c8ab8ce438
J'ai eu qqs petits problemes, mais ca yest, je suis de retour ... Alors voila, j'ai resuivi les instructions de ton dernier message (correctement cette fois!) et voila le rapport hijackthis. J'ai desinstallé winantiviruspro depuis 3 jours et desormais il apparait ds mes panneaux de configuration. Je ne peux rien faire. T'as une idée ?
Logfile of HijackThis v1.99.1
Scan saved at 18:15:37, on 27/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\atapi32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Manuella\Bureau\Hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\tglpntqt.dll (file missing)
O2 - BHO: (no name) - {6F85B6D6-3333-40BC-A103-619491303538} - C:\WINDOWS\System32\ddcax.dll (file missing)
O2 - BHO: (no name) - {76421ACF-E4A9-403E-B181-73B15D7C37A7} - C:\WINDOWS\System32\nnnkj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Manuella\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d55c1b3d6c75da0d16/netzip...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{9496D28F-B9A3-40B5-BE24-5605353C11C8}: NameServer = 212.27.54.252 212.27.53.252
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: nnnkj - C:\WINDOWS\System32\nnnkj.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\WINDOWS\system32\snddrv.exe (file missing)
O23 - Service: Windows Atapi Driver - Unknown owner - C:\WINDOWS\atapi32.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:15:37, on 27/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\atapi32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Manuella\Bureau\Hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\tglpntqt.dll (file missing)
O2 - BHO: (no name) - {6F85B6D6-3333-40BC-A103-619491303538} - C:\WINDOWS\System32\ddcax.dll (file missing)
O2 - BHO: (no name) - {76421ACF-E4A9-403E-B181-73B15D7C37A7} - C:\WINDOWS\System32\nnnkj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Manuella\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20d55c1b3d6c75da0d16/netzip...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblo...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{9496D28F-B9A3-40B5-BE24-5605353C11C8}: NameServer = 212.27.54.252 212.27.53.252
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: nnnkj - C:\WINDOWS\System32\nnnkj.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\WINDOWS\system32\snddrv.exe (file missing)
O23 - Service: Windows Atapi Driver - Unknown owner - C:\WINDOWS\atapi32.exe
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\tglpntqt.dll (file missing)
O2 - BHO: (no name) - {6F85B6D6-3333-40BC-A103-619491303538} - C:\WINDOWS\System32\ddcax.dll (file missing)
O2 - BHO: (no name) - {76421ACF-E4A9-403E-B181-73B15D7C37A7} - C:\WINDOWS\System32\nnnkj.dll (file missing)
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Manuella\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility [...] tility.cab
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
Clique sur Fix checked (en bas à gauche)
----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur " Firewall service "
Type de démarrage : " Désactiver "
Clique en bas sur " Arrêter "
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape " FWSvc " puis valide.
----------
- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
- Suppime ces fichiers et/ou dossiers s'ils existent encore :
C:\Program Files\WinAntiVirus Pro 2006\
C:\WINDOWS\system32\vacygjxc.exe
C:\WINDOWS\system32\SpOrder.dll
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\tglpntqt.dll (file missing)
O2 - BHO: (no name) - {6F85B6D6-3333-40BC-A103-619491303538} - C:\WINDOWS\System32\ddcax.dll (file missing)
O2 - BHO: (no name) - {76421ACF-E4A9-403E-B181-73B15D7C37A7} - C:\WINDOWS\System32\nnnkj.dll (file missing)
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Manuella\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\RunServices: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\wfirewall.exe
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility [...] tility.cab
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
Clique sur Fix checked (en bas à gauche)
----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur " Firewall service "
Type de démarrage : " Désactiver "
Clique en bas sur " Arrêter "
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape " FWSvc " puis valide.
----------
- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
- Suppime ces fichiers et/ou dossiers s'ils existent encore :
C:\Program Files\WinAntiVirus Pro 2006\
C:\WINDOWS\system32\vacygjxc.exe
C:\WINDOWS\system32\SpOrder.dll
Merci beaucoup AngelDArk. J'ai tout fait,
C:\Program Files\WinAntiVirus Pro 2006\
n'etait plus la par contre les 2 autres si. Bref, ils sont virés. Cependant dans mes panneaux de configuration j'ai toujours l'icone winantiviruspro avec comme message infobulle "la protection antivirus est activée sur votre systeme". Que puis je y faire?
C:\Program Files\WinAntiVirus Pro 2006\
n'etait plus la par contre les 2 autres si. Bref, ils sont virés. Cependant dans mes panneaux de configuration j'ai toujours l'icone winantiviruspro avec comme message infobulle "la protection antivirus est activée sur votre systeme". Que puis je y faire?
Lassé par la pub ? Créez un compte
- Contenus similaires :
