Trojan et autres sales bêtes
Dernière réponse : dans Sécurité
Bonjour
J'aurais aimé pécher par originalité et dire que non tout va bien... mais voilà : j'ai de nouveaux copains. Vous les connaissez bien apparemment : ils s'appelent...
- maxifiles
- virtumonde
- trojan agent winlogonhook
- dollarrevenue
- toolbar888
- security2k hijacker
Bref... tout ca pour dire qu'ils sont sympa mais qu'ils tapent un peu l'incruste. Comment faire pour les virer ? Naturellement, je suis un naze en informatique et je me retrouve tout con. J'ai télécharger spysweeper qui me les repère mais qui apparemment ne les vire pas. Problême critique et liés : mon graveur DVD n'est plus reconnu, des PUP .tmp.exe apparaissent à toute berzingue.
HEEEEEEELp !
JanusB
J'aurais aimé pécher par originalité et dire que non tout va bien... mais voilà : j'ai de nouveaux copains. Vous les connaissez bien apparemment : ils s'appelent...
- maxifiles
- virtumonde
- trojan agent winlogonhook
- dollarrevenue
- toolbar888
- security2k hijacker
Bref... tout ca pour dire qu'ils sont sympa mais qu'ils tapent un peu l'incruste. Comment faire pour les virer ? Naturellement, je suis un naze en informatique et je me retrouve tout con. J'ai télécharger spysweeper qui me les repère mais qui apparemment ne les vire pas. Problême critique et liés : mon graveur DVD n'est plus reconnu, des PUP .tmp.exe apparaissent à toute berzingue.
HEEEEEEELp !
JanusB
Autres pages sur : trojan sales betes
Lassé par la pub ? Créez un compte
Bonjour,
On attaque la desinfection.
Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
On attaque la desinfection.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Jean de La Tour - 06-10-04 16:42:51,37 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\ToolBar888
C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{C4848B88-0AE9-1036-0103-060223060021}
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))
2006-10-04 16:22 40,973 ---hs---- C:\WINDOWS\system32\yayxxya.dll
2006-10-04 15:39 86,036 --a------ C:\WINDOWS\system32\vaeelfud.dll
2006-10-04 12:43 94,208 --a------ C:\WINDOWS\system32\mbkrysb.dll
2006-10-04 12:43 72,192 --a------ C:\WINDOWS\system32\yljsekc.dll
2006-10-04 12:43 40,973 --------- C:\WINDOWS\system32\yayabxu.dll
2006-10-04 03:29 666,840 ---hs---- C:\WINDOWS\system32\rstwa.ini2
2006-10-03 10:44 93,696 --a------ C:\WINDOWS\system32\ipqsowe.dll
2006-10-03 10:44 72,704 --a------ C:\WINDOWS\system32\xlsthlk.dll
2006-10-03 02:55 143,380 --a------ C:\WINDOWS\system32\irhqpqym.exe
2006-10-03 02:07 94,208 --a------ C:\WINDOWS\system32\tdlbwal.dll
2006-10-03 02:07 73,216 --a------ C:\WINDOWS\system32\mbwletd.dll
2006-10-03 01:42 427,520 --a------ C:\WINDOWS\WRServices.dll
2006-10-03 01:42 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2006-10-01 16:56 835,872 --a------ C:\WINDOWS\system32\wodFtpDLX.dll
2006-10-01 16:56 49,152 --a------ C:\WINDOWS\system32\MTXM_Thumbs.dll
2006-10-01 14:07 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-09-29 19:37 45,525 --a------ C:\WINDOWS\system32\qkhgrjce.dll
2006-09-29 16:00 73,748 --a------ C:\WINDOWS\system32\utahjjio.dll
2006-09-28 14:59 688,876 ---hs---- C:\WINDOWS\system32\rstwa.bak2
2006-09-27 08:52 663,246 ---hs---- C:\WINDOWS\system32\rstwa.bak1
2006-09-27 08:52 577,588 ---hs---- C:\WINDOWS\system32\awtsr.dll
2006-09-27 08:52 45,525 --a------ C:\WINDOWS\system32\hknpbmyl.dll
2006-09-27 08:52 143,380 --a------ C:\WINDOWS\system32\tmnwfcjv.exe
2006-09-27 08:03 93,696 --a------ C:\WINDOWS\system32\oiobxdm.dll
2006-09-27 08:03 72,704 --a------ C:\WINDOWS\system32\etslxul.dll
2006-09-27 08:03 15,872 --a------ C:\WINDOWS\system32\winbfi32.dll
2006-09-27 06:54 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-09-27 06:54 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-04 16:44 -------- d-------- C:\Program Files\Fichiers communs
2006-10-04 16:21 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 18:49 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Adobe
2006-10-03 02:55 -------- d-------- C:\Program Files\VSToolbar
2006-10-03 02:27 -------- d-------- C:\Program Files\dvdSanta
2006-10-03 02:24 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Lavasoft
2006-10-03 01:42 -------- d-------- C:\Program Files\Webroot
2006-10-03 01:42 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Webroot
2006-10-03 01:01 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla
2006-10-02 18:50 -------- d-------- C:\Program Files\monAlbumPhoto
2006-10-02 18:50 -------- d-------- C:\Program Files\GlobFX Technologies
2006-10-02 18:50 -------- d-------- C:\Program Files\CCleaner
2006-10-01 16:20 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-01 16:20 -------- d-------- C:\Program Files\Adobe
2006-09-30 11:00 -------- d-------- C:\Program Files\CDex_150
2006-09-28 14:56 -------- d-------- C:\Program Files\WinRAR
2006-09-27 18:56 -------- d-------- C:\Program Files\Adolix
2006-09-27 10:48 -------- d---s---- C:\Documents and Settings\Jean de La Tour\Application Data\Microsoft
2006-09-27 07:22 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Opera
2006-09-26 13:23 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-26 13:22 -------- d-------- C:\Program Files\Snapshot Viewer
2006-09-26 13:22 -------- d-------- C:\Program Files\Microsoft Office
2006-09-26 13:22 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-26 13:21 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-26 13:17 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-26 13:17 -------- d-------- C:\Program Files\Fichiers communs\Designer
2006-09-26 13:14 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Microsoft Web Folders
2006-09-21 15:02 -------- d-------- C:\Program Files\Winamp
2006-09-19 14:07 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 14:07 -------- d-------- C:\Program Files\CyberLink
2006-09-14 19:12 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Identities
2006-09-12 20:51 -------- d-------- C:\Program Files\Audacity
2006-09-01 19:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"SwPrnMon"="\"C:\\Program Files\\Fichiers communs\\Sowedoo Shared\\Sowedoo PDF Printer V4\\SwPrnMon.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"oiobxdm.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\oiobxdm.dll,vbvqtlf"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"tdlbwal.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\tdlbwal.dll,xlnedle"
"ipqsowe.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ipqsowe.dll,pwjomwd"
"mbkrysb.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\mbkrysb.dll,qiustdc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,ff,00,00,00,00,00,00,00,01,03,00,00,c2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayabxu
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Rappel d'abonnement 1 auprŠs de l'ISP.job
C:\WINDOWS\tasks\Recherche de virus de McAfee.com - Mon ordinateur (STAFIX-Jean de La Tour).job
Completion time: 04/10/2006 16:45:59.96
ComboFix.txt
ComboFix 06.09.28 - Running from: "C:\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\ToolBar888
C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{C4848B88-0AE9-1036-0103-060223060021}
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))
2006-10-04 16:22 40,973 ---hs---- C:\WINDOWS\system32\yayxxya.dll
2006-10-04 15:39 86,036 --a------ C:\WINDOWS\system32\vaeelfud.dll
2006-10-04 12:43 94,208 --a------ C:\WINDOWS\system32\mbkrysb.dll
2006-10-04 12:43 72,192 --a------ C:\WINDOWS\system32\yljsekc.dll
2006-10-04 12:43 40,973 --------- C:\WINDOWS\system32\yayabxu.dll
2006-10-04 03:29 666,840 ---hs---- C:\WINDOWS\system32\rstwa.ini2
2006-10-03 10:44 93,696 --a------ C:\WINDOWS\system32\ipqsowe.dll
2006-10-03 10:44 72,704 --a------ C:\WINDOWS\system32\xlsthlk.dll
2006-10-03 02:55 143,380 --a------ C:\WINDOWS\system32\irhqpqym.exe
2006-10-03 02:07 94,208 --a------ C:\WINDOWS\system32\tdlbwal.dll
2006-10-03 02:07 73,216 --a------ C:\WINDOWS\system32\mbwletd.dll
2006-10-03 01:42 427,520 --a------ C:\WINDOWS\WRServices.dll
2006-10-03 01:42 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2006-10-01 16:56 835,872 --a------ C:\WINDOWS\system32\wodFtpDLX.dll
2006-10-01 16:56 49,152 --a------ C:\WINDOWS\system32\MTXM_Thumbs.dll
2006-10-01 14:07 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-09-29 19:37 45,525 --a------ C:\WINDOWS\system32\qkhgrjce.dll
2006-09-29 16:00 73,748 --a------ C:\WINDOWS\system32\utahjjio.dll
2006-09-28 14:59 688,876 ---hs---- C:\WINDOWS\system32\rstwa.bak2
2006-09-27 08:52 663,246 ---hs---- C:\WINDOWS\system32\rstwa.bak1
2006-09-27 08:52 577,588 ---hs---- C:\WINDOWS\system32\awtsr.dll
2006-09-27 08:52 45,525 --a------ C:\WINDOWS\system32\hknpbmyl.dll
2006-09-27 08:52 143,380 --a------ C:\WINDOWS\system32\tmnwfcjv.exe
2006-09-27 08:03 93,696 --a------ C:\WINDOWS\system32\oiobxdm.dll
2006-09-27 08:03 72,704 --a------ C:\WINDOWS\system32\etslxul.dll
2006-09-27 08:03 15,872 --a------ C:\WINDOWS\system32\winbfi32.dll
2006-09-27 06:54 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-09-27 06:54 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-04 16:44 -------- d-------- C:\Program Files\Fichiers communs
2006-10-04 16:21 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 18:49 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Adobe
2006-10-03 02:55 -------- d-------- C:\Program Files\VSToolbar
2006-10-03 02:27 -------- d-------- C:\Program Files\dvdSanta
2006-10-03 02:24 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Lavasoft
2006-10-03 01:42 -------- d-------- C:\Program Files\Webroot
2006-10-03 01:42 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Webroot
2006-10-03 01:01 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla
2006-10-02 18:50 -------- d-------- C:\Program Files\monAlbumPhoto
2006-10-02 18:50 -------- d-------- C:\Program Files\GlobFX Technologies
2006-10-02 18:50 -------- d-------- C:\Program Files\CCleaner
2006-10-01 16:20 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-01 16:20 -------- d-------- C:\Program Files\Adobe
2006-09-30 11:00 -------- d-------- C:\Program Files\CDex_150
2006-09-28 14:56 -------- d-------- C:\Program Files\WinRAR
2006-09-27 18:56 -------- d-------- C:\Program Files\Adolix
2006-09-27 10:48 -------- d---s---- C:\Documents and Settings\Jean de La Tour\Application Data\Microsoft
2006-09-27 07:22 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Opera
2006-09-26 13:23 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-26 13:22 -------- d-------- C:\Program Files\Snapshot Viewer
2006-09-26 13:22 -------- d-------- C:\Program Files\Microsoft Office
2006-09-26 13:22 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-26 13:21 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-26 13:17 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-26 13:17 -------- d-------- C:\Program Files\Fichiers communs\Designer
2006-09-26 13:14 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Microsoft Web Folders
2006-09-21 15:02 -------- d-------- C:\Program Files\Winamp
2006-09-19 14:07 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 14:07 -------- d-------- C:\Program Files\CyberLink
2006-09-14 19:12 -------- d-------- C:\Documents and Settings\Jean de La Tour\Application Data\Identities
2006-09-12 20:51 -------- d-------- C:\Program Files\Audacity
2006-09-01 19:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"SwPrnMon"="\"C:\\Program Files\\Fichiers communs\\Sowedoo Shared\\Sowedoo PDF Printer V4\\SwPrnMon.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"oiobxdm.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\oiobxdm.dll,vbvqtlf"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"tdlbwal.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\tdlbwal.dll,xlnedle"
"ipqsowe.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ipqsowe.dll,pwjomwd"
"mbkrysb.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\mbkrysb.dll,qiustdc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,ff,00,00,00,00,00,00,00,01,03,00,00,c2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayabxu
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Rappel d'abonnement 1 auprŠs de l'ISP.job
C:\WINDOWS\tasks\Recherche de virus de McAfee.com - Mon ordinateur (STAFIX-Jean de La Tour).job
Completion time: 04/10/2006 16:45:59.96
ComboFix.txt
mais rien de grave.VundoFix V6.2.0
Checking Java version...
Java version is 1.4.2.3
Java version is 1.5.0.6
Scan started at 16:53:48 04/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\hknpbmyl.dll
C:\WINDOWS\system32\qkhgrjce.dll
C:\WINDOWS\system32\utahjjio.dll
C:\WINDOWS\system32\yayabxu.dll
C:\WINDOWS\system32\yayxxya.dll
C:\WINDOWS\system32\irhqpqym.exe
C:\WINDOWS\system32\tmnwfcjv.exe
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.bak2
C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\rstwa.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hknpbmyl.dll
C:\WINDOWS\system32\hknpbmyl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qkhgrjce.dll
C:\WINDOWS\system32\qkhgrjce.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\utahjjio.dll
C:\WINDOWS\system32\utahjjio.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayabxu.dll
C:\WINDOWS\system32\yayabxu.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\yayxxya.dll
C:\WINDOWS\system32\yayxxya.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\irhqpqym.exe
C:\WINDOWS\system32\irhqpqym.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\tmnwfcjv.exe
C:\WINDOWS\system32\tmnwfcjv.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstwa.bak2
C:\WINDOWS\system32\rstwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\rstwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstwa.tmp
C:\WINDOWS\system32\rstwa.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\yayabxu.dll
C:\WINDOWS\system32\yayabxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!
Performing Repairs to the registry.
Done!
Voilà
Qui a dit que c'etait fini ?
Fais bien TOUT ce qui suit.
- Télécharge Hijackthis de Merjin
- Mets le dans un dossier ou sur ton bureau
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide
- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
NOTE :
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Fais bien TOUT ce qui suit.
- Télécharge Hijackthis de Merjin
- Mets le dans un dossier ou sur ton bureau
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide
- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
NOTE :
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Logfile of HijackThis v1.99.1
Scan saved at 17:12:40, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX01.719\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\yayabxu.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Scan saved at 17:12:40, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX01.719\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\yayabxu.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Pas tres propre tout ca !
Smitfraud ne marche pas : j'accede à une boite dans laquelle il est écrit qu'il manque le dossier process.exe
-> tu l'as mal dezippe Clique Droit sur le .zip -> Extraire
Si ton pc n'est pas tres recent en terme de puissance
Desinstalle SpySweeper puis :
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté détécté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport ici.
Smitfraud ne marche pas : j'accede à une boite dans laquelle il est écrit qu'il manque le dossier process.exe
-> tu l'as mal dezippe Clique Droit sur le .zip -> Extraire
Si ton pc n'est pas tres recent en terme de puissance
Desinstalle SpySweeper puis :
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté détécté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport ici.
C'est bon !
SmitFraudFix v2.104
Rapport fait à 17:19:05,73, 04/10/2006
Executé à partir de C:\Documents and Settings\Jean de La Tour\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean de La Tour
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean de La Tour\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEANDE~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.104
Rapport fait à 17:19:05,73, 04/10/2006
Executé à partir de C:\Documents and Settings\Jean de La Tour\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean de La Tour
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean de La Tour\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEANDE~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:04:59 04/10/2006
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP89\A0014439.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP89\A0014461.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018580.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018609.dll -> Adware.Softomate : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Mes documents\Programmes\Worms2-dm.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP55\A0008454.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP55\A0009476.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP65\A0011025.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP81\A0014052.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018454.dll -> Adware.Virtumionde : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018516.dll -> Adware.Virtumionde : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018581.dll -> Adware.Virtumionde : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018689.dll -> Adware.Virtumionde : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018698.dll -> Adware.Virtumionde : Nettoyé.
C:\VundoFix Backups\yayabxu.dll.bad -> Adware.Virtumionde : Nettoyé.
C:\VundoFix Backups\yayxxya.dll.bad -> Adware.Virtumionde : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Local Settings\Temporary Internet Files\Content.IE5\KCVWIGNF\L2[1].exe -> Downloader.Small.dod : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018455.exe -> Downloader.Zlob.amq : Nettoyé.
C:\WINDOWS\Temp\idd4.tmp.exe -> Heuristic.Win32.Dialer : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP92\A0016869.dll -> Logger.VBStat.e : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP93\A0017131.dll -> Logger.VBStat.e : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0017393.dll -> Logger.VBStat.e : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018686.dll -> Logger.VBStat.e : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018687.dll -> Logger.VBStat.e : Nettoyé.
C:\VundoFix Backups\hknpbmyl.dll.bad -> Logger.VBStat.e : Nettoyé.
C:\VundoFix Backups\qkhgrjce.dll.bad -> Logger.VBStat.e : Nettoyé.
:mozilla.245:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.278:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.348:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.349:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.353:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.354:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.355:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.356:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.319:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.320:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.345:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.346:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.23:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.27:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.159:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.185:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Clickbank : Nettoyé.
:mozilla.187:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@com[1].txt -> TrackingCookie.Com : Nettoyé.
:mozilla.331:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.332:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.333:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.334:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.15:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.335:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.336:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@estat[2].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.299:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.300:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.301:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.302:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.175:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.176:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.261:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Findwhat : Nettoyé.
:mozilla.186:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.371:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.372:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.35:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.313:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.314:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.266:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.267:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.315:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.173:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.65:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.66:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.67:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.68:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.69:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.70:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.71:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.72:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.73:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.74:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.75:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.76:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.77:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.79:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.80:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.81:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.36:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.37:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.38:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.39:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.40:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.14:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.16:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.281:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.282:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.274:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.275:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.276:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.277:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.303:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé.
:mozilla.211:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.213:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.214:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.121:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.122:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.344:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018452.exe -> Trojan.Starter.65 : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018575.exe -> Trojan.Starter.65 : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018610.exe -> Trojan.Starter.65 : Nettoyé.
Fin du rapport
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:04:59 04/10/2006
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP89\A0014439.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP89\A0014461.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018580.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018609.dll -> Adware.Softomate : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Mes documents\Programmes\Worms2-dm.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP55\A0008454.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP55\A0009476.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP65\A0011025.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP81\A0014052.exe -> Adware.Trymedia : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018454.dll -> Adware.Virtumionde : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018516.dll -> Adware.Virtumionde : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018581.dll -> Adware.Virtumionde : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018689.dll -> Adware.Virtumionde : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018698.dll -> Adware.Virtumionde : Nettoyé.
C:\VundoFix Backups\yayabxu.dll.bad -> Adware.Virtumionde : Nettoyé.
C:\VundoFix Backups\yayxxya.dll.bad -> Adware.Virtumionde : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Local Settings\Temporary Internet Files\Content.IE5\KCVWIGNF\L2[1].exe -> Downloader.Small.dod : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018455.exe -> Downloader.Zlob.amq : Nettoyé.
C:\WINDOWS\Temp\idd4.tmp.exe -> Heuristic.Win32.Dialer : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP92\A0016869.dll -> Logger.VBStat.e : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP93\A0017131.dll -> Logger.VBStat.e : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0017393.dll -> Logger.VBStat.e : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018686.dll -> Logger.VBStat.e : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018687.dll -> Logger.VBStat.e : Nettoyé.
C:\VundoFix Backups\hknpbmyl.dll.bad -> Logger.VBStat.e : Nettoyé.
C:\VundoFix Backups\qkhgrjce.dll.bad -> Logger.VBStat.e : Nettoyé.
:mozilla.245:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.278:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.348:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.349:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.353:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.354:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.355:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.356:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.319:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.320:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.345:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.346:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.23:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.27:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.159:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.185:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Clickbank : Nettoyé.
:mozilla.187:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@com[1].txt -> TrackingCookie.Com : Nettoyé.
:mozilla.331:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.332:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.333:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.334:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.15:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.335:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.336:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@estat[2].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.299:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.300:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.301:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.302:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.175:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.176:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.261:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Findwhat : Nettoyé.
:mozilla.186:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.371:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.372:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.35:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.313:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.314:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.266:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.267:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.315:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.173:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.65:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.66:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.67:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.68:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.69:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.70:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.71:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.72:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.73:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.74:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.75:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.76:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.77:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.79:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.80:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.81:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.36:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.37:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.38:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.39:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.40:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.14:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.16:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.281:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.282:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.274:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.275:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.276:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.277:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.303:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.
C:\Documents and Settings\Jean de La Tour\Cookies\jean de la tour@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé.
:mozilla.211:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.213:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.214:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.121:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.122:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.344:C:\Documents and Settings\Jean de La Tour\Application Data\Mozilla\Firefox\Profiles\bdrkvm0n.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018452.exe -> Trojan.Starter.65 : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018575.exe -> Trojan.Starter.65 : Nettoyé.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP94\A0018610.exe -> Trojan.Starter.65 : Nettoyé.
Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 19:21:39, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\yayabxu.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Scan saved at 19:21:39, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\yayabxu.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Re,
Télécharge : KillBox
Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)
Selectionne le texte dans le cadre:
Clique droit puis Copier.
----------
. Ouvre Killbox.exe
. Choisis "Delete on reboot"
. Clique sur :
- " File " -> " Paste from Clipboard "
- " Unregister .dll Before Deleting "
Pour terminer clique sur le rond rouge avec une croix blanche.
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
. Repond par "oui", un compte à rebour s'enclenche, ton PC va redémarrer.
Supprime ce dossier : C:\!KillBox
Aide sur KillBox
+ rapport Hijackthis
Télécharge : KillBox
Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)
Selectionne le texte dans le cadre:
Citation :
C:\WINDOWS\SYSTEM32\winbfi32.dll Clique droit puis Copier.
----------
. Ouvre Killbox.exe
. Choisis "Delete on reboot"
. Clique sur :
- " File " -> " Paste from Clipboard "
- " Unregister .dll Before Deleting "
Pour terminer clique sur le rond rouge avec une croix blanche.
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
. Repond par "oui", un compte à rebour s'enclenche, ton PC va redémarrer.
Supprime ce dossier : C:\!KillBox
Aide sur KillBox
+ rapport Hijackthis
Attends : il y a eu du changement : j'ai installé Kaspersky 6.0 qui m'a trouvé un beau virus Packvirus.win32.Klone.g
Rapport :
Logfile of HijackThis v1.99.1
Scan saved at 23:05:17, on 05/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX01.875\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
La suite ?
Rapport :
Logfile of HijackThis v1.99.1
Scan saved at 23:05:17, on 05/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX01.875\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
La suite ?
Bonsoir,
1/ fais la manip d'Angeldark avec Killbox
2/ ensuite :
- Dézippe Hijackthis et mets-le dans un dossier specifique (exemple : ..\Bureau\Hijackthis\Hijackthis.exe )
- Renomme le fichier HijackThis.exe par exemple en Scanner.exe
(le renommer permet de faire apparaître des infections qui se cachent dès qu'elles détectent HijackThis.exe)
- Lance Scanner.exe
- Clique sur "Do a system scan and save a logfile" et poste le rapport avec copier/coller
1/ fais la manip d'Angeldark avec Killbox
2/ ensuite :
- Dézippe Hijackthis et mets-le dans un dossier specifique (exemple : ..\Bureau\Hijackthis\Hijackthis.exe )
- Renomme le fichier HijackThis.exe par exemple en Scanner.exe
(le renommer permet de faire apparaître des infections qui se cachent dès qu'elles détectent HijackThis.exe)
- Lance Scanner.exe
- Clique sur "Do a system scan and save a logfile" et poste le rapport avec copier/coller
Logfile of HijackThis v1.99.1
Scan saved at 01:00:14, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.579\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Scan saved at 01:00:14, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.579\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Re,
On a pas toujours sur le pc !
Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit sur la case blanche, puis choisis Add more files ?
Ajoute dans la première case :
C:\WINDOWS\system32\oiobxdm.dll
Dans la deuxieme :
C:\WINDOWS\system32\tdlbwal.dll
Dans la troisieme :
C:\WINDOWS\system32\ipqsowe.dll
Clique successivement sur :
- Add files
- Close Window
- Remove Vundo
Si l'outil te demande de redémarrer, accepte
Refais la meme chose mais collant dans la premier ligne :
C:\WINDOWS\system32\mbkrysb.dll
Copie/Colle ensuite le rapport C:\vundofix.txt
On a pas toujours sur le pc !
C:\WINDOWS\system32\oiobxdm.dll
Dans la deuxieme :
C:\WINDOWS\system32\tdlbwal.dll
Dans la troisieme :
C:\WINDOWS\system32\ipqsowe.dll
- Add files
- Close Window
- Remove Vundo
Refais la meme chose mais collant dans la premier ligne :
C:\WINDOWS\system32\mbkrysb.dll
Déjà, un énorme merci pour ton aide. J'imagine bien que tu n'es pas h24 derrière ton ordi et que tu aides bénévolement (mais j'aimerais quand même te remercier : je t'enverrais un mail privé).
J'ai suivi tes instructions. En rebootant, l'ordi m'indique 4 erreurs systeme correspondant aux dll supprimés. Normal ?
Ci joint le rapport Vundo
J'ai suivi tes instructions. En rebootant, l'ordi m'indique 4 erreurs systeme correspondant aux dll supprimés. Normal ?
Ci joint le rapport Vundo
Beginning removal...
Attempting to delete C:\WINDOWS\system32\oiobxdm.dll
C:\WINDOWS\system32\oiobxdm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdlbwal.dll
C:\WINDOWS\system32\tdlbwal.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ipqsowe.dll
C:\WINDOWS\system32\ipqsowe.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mbkrysb.dll
C:\WINDOWS\system32\mbkrysb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 18:25:28, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Scan saved at 18:25:28, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Re,
Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit dans la fenêtre blanche, chosis Add more files ?
Rajoute dans la première ligne :
C:\WINDOWS\SYSTEM32\winbfi32.dll
Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo
Si l'outil te demande de redémarrer, accepte.
Copie/Colle ensuite le rapport C:\vundofix.txt
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:
C:\WINDOWS\system32\xlsthlk.dll
C:\WINDOWS\system32\etslxul.dll
C:\WINDOWS\system32\mbwletd.dll
C:\WINDOWS\system32\yljsekc.dll
Clique ensuite sur Send
Poste le rapport en fin d'analyse.
Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.
C:\WINDOWS\SYSTEM32\winbfi32.dll
- Add Files
- Close Windows
- Remove Vundo
Citation :
- Assure toi d'avoir accès aux dossiers/fichiers cachés-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:
C:\WINDOWS\system32\xlsthlk.dll
C:\WINDOWS\system32\etslxul.dll
C:\WINDOWS\system32\mbwletd.dll
C:\WINDOWS\system32\yljsekc.dll
Clique ensuite sur Send
Poste le rapport en fin d'analyse.
Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.
Beginning removal...
Attempting to delete C:\WINDOWS\system32\oiobxdm.dll
C:\WINDOWS\system32\oiobxdm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdlbwal.dll
C:\WINDOWS\system32\tdlbwal.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ipqsowe.dll
C:\WINDOWS\system32\ipqsowe.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mbkrysb.dll
C:\WINDOWS\system32\mbkrysb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\winbfi32.dll
C:\WINDOWS\SYSTEM32\winbfi32.dll Has been deleted!
Performing Repairs to the registry.
Done!
Attempting to delete C:\WINDOWS\system32\oiobxdm.dll
C:\WINDOWS\system32\oiobxdm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdlbwal.dll
C:\WINDOWS\system32\tdlbwal.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ipqsowe.dll
C:\WINDOWS\system32\ipqsowe.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mbkrysb.dll
C:\WINDOWS\system32\mbkrysb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\winbfi32.dll
C:\WINDOWS\SYSTEM32\winbfi32.dll Has been deleted!
Performing Repairs to the registry.
Done!
AntiVir 7.2.0.25 10.06.2006 no virus found
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.06.2006 no virus found
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 Trojan.DownLoader.based
Ewido 4.0 10.06.2006 no virus found
Fortinet 2.82.0.0 10.06.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 probably a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found
Aditional Information
File size: 72704 bytes
MD5: efef3b1c526513560740fa246eabf0b0
SHA1: 49b695098afb452df4461f3c90b334929c0efebf
packers: embedded
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.06.2006 no virus found
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 Trojan.DownLoader.based
Ewido 4.0 10.06.2006 no virus found
Fortinet 2.82.0.0 10.06.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 probably a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found
Aditional Information
File size: 72704 bytes
MD5: efef3b1c526513560740fa246eabf0b0
SHA1: 49b695098afb452df4461f3c90b334929c0efebf
packers: embedded
Complete scanning result of "etslxul.dll", received in VirusTotal at 10.06.2006, 18:58:08 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 no virus found
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 no virus found
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.06.2006 no virus found
Fortinet 2.82.0.0 10.06.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 no virus found
Norman 5.90.23 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found
Aditional Information
File size: 72704 bytes
MD5: 74af174e6b418c786c76b0fb8fd5089d
SHA1: ec702487d9446751b2e5bf5ea025e024ff12c5bb
packers: embedded
Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 no virus found
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 no virus found
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.06.2006 no virus found
Fortinet 2.82.0.0 10.06.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 no virus found
Norman 5.90.23 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found
Aditional Information
File size: 72704 bytes
MD5: 74af174e6b418c786c76b0fb8fd5089d
SHA1: ec702487d9446751b2e5bf5ea025e024ff12c5bb
packers: embedded
Complete scanning result of "yljsekc.dll", received in VirusTotal at 10.06.2006, 19:01:21 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 no virus found
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 Trojan.DownLoader.based
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.06.2006 no virus found
Fortinet 2.82.0.0 10.06.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 probably a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found
Aditional Information
File size: 72192 bytes
MD5: 4ff48dcba43bcdfae8c5ef60d9c8b0a6
SHA1: 5b986bc870ba273ea8d18d20b48816d9678b39ee
packers: embedded
Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 no virus found
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 Trojan.DownLoader.based
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.06.2006 no virus found
Fortinet 2.82.0.0 10.06.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 probably a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found
Aditional Information
File size: 72192 bytes
MD5: 4ff48dcba43bcdfae8c5ef60d9c8b0a6
SHA1: 5b986bc870ba273ea8d18d20b48816d9678b39ee
packers: embedded
Complete scanning result of "mbwletd.dll", received in VirusTotal at 10.06.2006, 19:06:35 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 no virus found
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 no virus found
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.06.2006 no virus found
Fortinet 2.82.0.0 10.06.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 probably a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found
Aditional Information
File size: 73216 bytes
MD5: 305cda2dc310d6db35bbfad106612380
SHA1: 4ddb94a456b7890f8210a251da59149ab9d073ef
packers: embedded
Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 no virus found
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 no virus found
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.06.2006 no virus found
Fortinet 2.82.0.0 10.06.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 probably a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found
Aditional Information
File size: 73216 bytes
MD5: 305cda2dc310d6db35bbfad106612380
SHA1: 4ddb94a456b7890f8210a251da59149ab9d073ef
packers: embedded
Re,
S'il te plaît, va ici pour uploader un fichier douteux pour analyse.
"Your Username:" - Entre ton pseudo sur ce forum
"Topic Where File Was Requested:" - Copie-colle le lien vers cette discussion
"File(s) To Submit:" - Bouton "Parcourir..." pour naviguer vers ce nom de fichier : C:\WINDOWS\system32\xlsthlk.dll
Cliquez sur Send File
Fais pareil avec :
C:\WINDOWS\system32\mbwletd.dll
C:\WINDOWS\system32\yljsekc.dll
Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit dans la fenêtre blanche, chosis Add more files ?
Rajoute dans la première ligne :
C:\WINDOWS\system32\xlsthlk.dll
Dans la deuxième :
C:\WINDOWS\system32\mbwletd.dll
Dans la troisième :
C:\WINDOWS\system32\yljsekc.dll
Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo
Si l'outil te demande de redémarrer, accepte.
Copie/Colle ensuite le rapport C:\vundofix.txt
S'il te plaît, va ici pour uploader un fichier douteux pour analyse.
Fais pareil avec :
C:\WINDOWS\system32\mbwletd.dll
C:\WINDOWS\system32\yljsekc.dll
C:\WINDOWS\system32\xlsthlk.dll
Dans la deuxième :
C:\WINDOWS\system32\mbwletd.dll
Dans la troisième :
C:\WINDOWS\system32\yljsekc.dll
- Add Files
- Close Windows
- Remove Vundo
Beginning removal...
Attempting to delete C:\WINDOWS\system32\oiobxdm.dll
C:\WINDOWS\system32\oiobxdm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdlbwal.dll
C:\WINDOWS\system32\tdlbwal.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ipqsowe.dll
C:\WINDOWS\system32\ipqsowe.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mbkrysb.dll
C:\WINDOWS\system32\mbkrysb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\winbfi32.dll
C:\WINDOWS\SYSTEM32\winbfi32.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\xlsthlk.dll
C:\WINDOWS\system32\xlsthlk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mbwletd.dll
C:\WINDOWS\system32\mbwletd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yljsekc.dll
C:\WINDOWS\system32\yljsekc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 19:24:53, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll (file missing)
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll (file missing)
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Scan saved at 19:24:53, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll (file missing)
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll (file missing)
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll (file missing)
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll (file missing)
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll (file missing)
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
Clique sur Fix checked (en bas à gauche)
Je pense qu'il faut supprimer :
C:\WINDOWS\system32\etslxul.dll
Attends l'avis des autres helpers.
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00A44F84-01EF-4574-97A5-B399861219A1} - (no file)
O2 - BHO: (no name) - {09AE7E38-DA43-2CC1-0245-06D44285C1EA} - C:\WINDOWS\system32\xlsthlk.dll (file missing)
O2 - BHO: (no name) - {27B3C5D3-443C-7951-02C8-0765AFC1E145} - C:\WINDOWS\system32\mbwletd.dll (file missing)
O2 - BHO: (no name) - {59A92610-89A2-684B-148F-081C2400A6F8} - C:\WINDOWS\system32\yljsekc.dll (file missing)
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - (no file)
O4 - HKLM\..\Run: [oiobxdm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\oiobxdm.dll,vbvqtlf
O4 - HKLM\..\Run: [tdlbwal.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tdlbwal.dll,xlnedle
O4 - HKLM\..\Run: [ipqsowe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ipqsowe.dll,pwjomwd
O4 - HKLM\..\Run: [mbkrysb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mbkrysb.dll,qiustdc
Clique sur Fix checked (en bas à gauche)
Je pense qu'il faut supprimer :
C:\WINDOWS\system32\etslxul.dll
Attends l'avis des autres helpers.
Voilà...
Nouveau rapport
Logfile of HijackThis v1.99.1
Scan saved at 19:36:23, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Winamp\Winamp.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Nouveau rapport
Logfile of HijackThis v1.99.1
Scan saved at 19:36:23, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Winamp\Winamp.exe
C:\DOCUME~1\JEANDE~1\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {129768E8-82D9-9B99-C18E-01FE5A0856E3} - C:\WINDOWS\system32\etslxul.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\vaeelfud.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Angeldark a dit :
Je pense qu'il faut supprimer :C:\WINDOWS\system32\etslxul.dll
Attends l'avis des autres helpers.
Bonsoir Angeldark, JanusB,
oui c'est clair
C:\WINDOWS\system32\etslxul.dll --> à supprimer
et aussi :
C:\WINDOWS\system32\vaeelfud.dll --> à supprimer
essaie comme ceci :
C:\WINDOWS\system32\etslxul.dll
Dans la deuxième :
C:\WINDOWS\system32\vaeelfud.dll
- Add Files
- Close Windows
- Remove Vundo
Beginning removal...
Attempting to delete C:\WINDOWS\system32\oiobxdm.dll
C:\WINDOWS\system32\oiobxdm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdlbwal.dll
C:\WINDOWS\system32\tdlbwal.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ipqsowe.dll
C:\WINDOWS\system32\ipqsowe.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mbkrysb.dll
C:\WINDOWS\system32\mbkrysb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\winbfi32.dll
C:\WINDOWS\SYSTEM32\winbfi32.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\xlsthlk.dll
C:\WINDOWS\system32\xlsthlk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mbwletd.dll
C:\WINDOWS\system32\mbwletd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yljsekc.dll
C:\WINDOWS\system32\yljsekc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\etslxul.dll
C:\WINDOWS\system32\etslxul.dll Has been deleted!
Performing Repairs to the registry.
Done!
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumTrojan trojan horse proxy.nlw
- ForumTrojan trojan horse et trojan.starpage
- ForumTrojan infecte par trojan-downloader.win32
- ForumTrojan infecte par de multiples trojan.
- ForumTrojan
- ForumTrojan dropper et downloader trojan
- ForumBêtes d'orage écran
- ForumBêtes d'orage dans mon écran
- ForumTrojan infecte par trojan downloader.win32.
- ForumTrojan - infecte par 3 trojan
- Voir plus
