bonjour a toutes et a tous
mon probleme est survenu il y a trois jour apres un telechargement mon anti virus AVG 8.0 me dit que je suis infecter et me propose de detruire le trojan ce que,je me suis empresse de faire mais le lendemain mon ordi ne demarrait pas comme d'habitude et quand j'ai ouvert la fenetre de mon anti virus il n'y avait plus rien dedans je l'ai donc desinstaller puis j'ai instaler avast pro qui m'a au cours du demarrage suivant afficher un ecran bleu avec plain de ligne d'ecriture informatique et il a scanner entierement mon ordi il a trouve quelques cochonerie et m'a demander quoi en faire je les ais bien sur detruites mais quand j'ai voulu redemarrer mon ordi il m'a affiche deux messages d'erreur le premier
"erreur de chargement C:\WINDOWS\systeme32\iqqttdyq.dll -module specifie introuvable"
et le second
"erreur de chargement C:\program~1\newdotnet\nexdotnet6_38.dll-module specifie introuvable"
voila donc mon souci
je joint le rapport hijacktis que je viens de faire a l'instant
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04:08, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\BOUYER~1\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O2 - BHO: (no name) - {e1d8d132-c06a-46e0-a155-ffde31380121} - C:\WINDOWS\system32\jkkjj.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [PerfectDiskRx] C:\Program Files\Raxco\PerfectDiskRx\PerfectDiskRx.exe /tray /startrun
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] --C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Fix-It AV] --C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [OOCCCTRL.EXE] --"C:\Program Files\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] --"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [{A9-92-21-14-DW}] c:\windows\system32\rwwdw64d.exe DWoli5
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NewDotNet\newdotnet6_38.dll,NewDotNetStartup -s
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\BOUYER~1\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntlkdm.exe DWoli5
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [ec5a92bb] rundll32.exe "C:\WINDOWS\system32\iqqttdyq.dll",b
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] --"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ISUSPM] --"C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\BOUYER~1\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\BOUYER~1\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntlkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwdw64d.exe
O4 - Startup: StartupFaster
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: compare prices with &dealio - C:\Documents and Settings\BOUYER Eric\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2b1d1494a6174382a9c87051f064f070
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2b1d1494a6174382a9c87051f064f070
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Dealio - {e908b145-c847-4e85-b315-07e2e70decf8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {e908b145-c847-4e85-b315-07e2e70decf8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://webscanner.kaspersky.fr/kavw[...]can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/active[...]s/as2stubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) -
http://support.fujitsu-siemens.de/D[...]api/activex.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
http://game07.zylom.com/activex/zyl[...]gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binar[...]nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712[...]l/installer.exe
O20 - Winlogon Notify: hggefca - hggefca.dll (file missing)
O21 - SSODL: RunOnceChk - {811b8c01-0ad5-49ab-ba8a-fe993984d182} - (no file)
O21 - SSODL: zip - {9728d2c5-9e39-4cdc-8fc3-94f2e9196663} - (no file)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - --C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - --"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe" (file missing)
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - --"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe" (file missing)
O23 - Service: CyberLink Media Library Service - Unknown owner - --"C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe" (file missing)
O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - --"C:\Program Files\eBoostr\EBstrSvc.exe" (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - --C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - --C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: Fix-It Task Manager - Unknown owner - --C:\PROGRA~1\VCOM\Fix-It\mxtask.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - --"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - --"C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - --"C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing)
O23 - Service: NNServ (nnserv) - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - --"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing)
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - Unknown owner - --"C:\Program Files\OO Software\CleverCache\ooccag.exe" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: PD9Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDiskRx\PD9Engine.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - --"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 11654 bytes
je suis en mode sans echec
j'ai egalement essayer une restauration de systeme mais je n'ai pas pu puisque je n'avait pas de date antereieur
voila merci de votre aide
a bientot
Information