Win32:VBSTAT-C[Trj]..I need your help please!
Fermé
missorlie
Messages postés
14
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
5 décembre 2007
-
15 avril 2007 à 10:18
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 18 avril 2007 à 18:21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 18 avril 2007 à 18:21
A voir également:
- Win32:VBSTAT-C[Trj]..I need your help please!
- Hacktool win32 autokms ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Télécharger win32 valide pour windows 7 gratuit - Forum Windows
- Win32 pup gen ✓ - Forum Linux / Unix
- Puadimanager win32/installcore ✓ - Forum Virus
10 réponses
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
15 avril 2007 à 11:15
15 avril 2007 à 11:15
Salut
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
missorlie
Messages postés
14
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
5 décembre 2007
15 avril 2007 à 11:43
15 avril 2007 à 11:43
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.10
Scan started at 11:28:34 15/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\cdjcrgjq.dll
C:\WINDOWS\system32\crukubmn.dll
C:\WINDOWS\system32\dmmlcxgq.dll
C:\WINDOWS\system32\fvihjbnp.dll
C:\WINDOWS\system32\hwyyjude.dll
C:\WINDOWS\system32\jcuaddax.dll
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\kxfefpyi.dll
C:\WINDOWS\system32\leyjskxa.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mlxdnjwi.dll
C:\WINDOWS\system32\mvmgjwqu.dll
C:\WINDOWS\system32\ownhcqvh.dll
C:\WINDOWS\system32\qjgrcjdc.ini
C:\WINDOWS\system32\qxwxjgab.dll
C:\WINDOWS\system32\ssqrrrq.dll
C:\WINDOWS\system32\wvuussr.dll
C:\WINDOWS\system32\ytdsaeyh.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cdjcrgjq.dll
C:\WINDOWS\system32\cdjcrgjq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\crukubmn.dll
C:\WINDOWS\system32\crukubmn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dmmlcxgq.dll
C:\WINDOWS\system32\dmmlcxgq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fvihjbnp.dll
C:\WINDOWS\system32\fvihjbnp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hwyyjude.dll
C:\WINDOWS\system32\hwyyjude.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jcuaddax.dll
C:\WINDOWS\system32\jcuaddax.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\kjjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\kxfefpyi.dll
C:\WINDOWS\system32\kxfefpyi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\leyjskxa.dll
C:\WINDOWS\system32\leyjskxa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mljjk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlxdnjwi.dll
C:\WINDOWS\system32\mlxdnjwi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mvmgjwqu.dll
C:\WINDOWS\system32\mvmgjwqu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ownhcqvh.dll
C:\WINDOWS\system32\ownhcqvh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qjgrcjdc.ini
C:\WINDOWS\system32\qjgrcjdc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qxwxjgab.dll
C:\WINDOWS\system32\qxwxjgab.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqrrrq.dll
C:\WINDOWS\system32\ssqrrrq.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\wvuussr.dll
C:\WINDOWS\system32\wvuussr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytdsaeyh.dll
C:\WINDOWS\system32\ytdsaeyh.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.10
Scan started at 11:28:34 15/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\cdjcrgjq.dll
C:\WINDOWS\system32\crukubmn.dll
C:\WINDOWS\system32\dmmlcxgq.dll
C:\WINDOWS\system32\fvihjbnp.dll
C:\WINDOWS\system32\hwyyjude.dll
C:\WINDOWS\system32\jcuaddax.dll
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\kxfefpyi.dll
C:\WINDOWS\system32\leyjskxa.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mlxdnjwi.dll
C:\WINDOWS\system32\mvmgjwqu.dll
C:\WINDOWS\system32\ownhcqvh.dll
C:\WINDOWS\system32\qjgrcjdc.ini
C:\WINDOWS\system32\qxwxjgab.dll
C:\WINDOWS\system32\ssqrrrq.dll
C:\WINDOWS\system32\wvuussr.dll
C:\WINDOWS\system32\ytdsaeyh.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cdjcrgjq.dll
C:\WINDOWS\system32\cdjcrgjq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\crukubmn.dll
C:\WINDOWS\system32\crukubmn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dmmlcxgq.dll
C:\WINDOWS\system32\dmmlcxgq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fvihjbnp.dll
C:\WINDOWS\system32\fvihjbnp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hwyyjude.dll
C:\WINDOWS\system32\hwyyjude.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jcuaddax.dll
C:\WINDOWS\system32\jcuaddax.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\kjjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\kxfefpyi.dll
C:\WINDOWS\system32\kxfefpyi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\leyjskxa.dll
C:\WINDOWS\system32\leyjskxa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mljjk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlxdnjwi.dll
C:\WINDOWS\system32\mlxdnjwi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mvmgjwqu.dll
C:\WINDOWS\system32\mvmgjwqu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ownhcqvh.dll
C:\WINDOWS\system32\ownhcqvh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qjgrcjdc.ini
C:\WINDOWS\system32\qjgrcjdc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qxwxjgab.dll
C:\WINDOWS\system32\qxwxjgab.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqrrrq.dll
C:\WINDOWS\system32\ssqrrrq.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\wvuussr.dll
C:\WINDOWS\system32\wvuussr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytdsaeyh.dll
C:\WINDOWS\system32\ytdsaeyh.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
15 avril 2007 à 11:43
15 avril 2007 à 11:43
Un new HijackThis?
A+
A+
missorlie
Messages postés
14
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
5 décembre 2007
15 avril 2007 à 11:44
15 avril 2007 à 11:44
et voila le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:43:45, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\DOCUME~1\orlane\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\mlxdnjwi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {AC1E9D9E-FA2F-425E-BC6E-43F158B958AE} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {E057732A-B17D-4D62-BD65-ADCB6A81EE79} - C:\WINDOWS\system32\qweloqwt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\cdjcrgjq.dll",setvm
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:43:45, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\DOCUME~1\orlane\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\mlxdnjwi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {AC1E9D9E-FA2F-425E-BC6E-43F158B958AE} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {E057732A-B17D-4D62-BD65-ADCB6A81EE79} - C:\WINDOWS\system32\qweloqwt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\cdjcrgjq.dll",setvm
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
15 avril 2007 à 20:09
15 avril 2007 à 20:09
Salut,
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\DOCUME~1\orlane\LOCALS~1\Temp\RtkBtMnt.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\DOCUME~1\orlane\LOCALS~1\Temp\RtkBtMnt.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
missorlie
Messages postés
14
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
5 décembre 2007
16 avril 2007 à 15:37
16 avril 2007 à 15:37
merci regis59 voici le resultat du scan:
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
16 avril 2007 à 20:38
16 avril 2007 à 20:38
Bonjour,
Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:
1/
Spybot S&D 1.4
https://www.safer-networking.org/
Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/
Ad-Aware SE 1.06
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/ AVG Anti-Spyware :
https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/
4/ Ccleaner :
https://www.malekal.com/tutoriel-ccleaner/
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\mlxdnjwi.dll (file missing)
O2 - BHO: (no name) - {AC1E9D9E-FA2F-425E-BC6E-43F158B958AE} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {E057732A-B17D-4D62-BD65-ADCB6A81EE79} - C:\WINDOWS\system32\qweloqwt.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\cdjcrgjq.dll",setvm
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).
C:\WINDOWS\system32\qweloqwt.dll
ALCMTR.EXE
C:\WINDOWS\system32\cdjcrgjq.dll
----------------------------------------------------------------------------
¤ Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option 3
"Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport".
Copie/colle le rapport sur le forum.
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
-------------------------------------------------------------------------------------------
¤ Lance CCleaner comme sur le tuto fournit au début de la procédure.
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.
Précise tes soucis s’il en reste....
Tiens-moi au courant
A+
Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:
1/
Spybot S&D 1.4
https://www.safer-networking.org/
Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/
Ad-Aware SE 1.06
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/ AVG Anti-Spyware :
https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/
4/ Ccleaner :
https://www.malekal.com/tutoriel-ccleaner/
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\mlxdnjwi.dll (file missing)
O2 - BHO: (no name) - {AC1E9D9E-FA2F-425E-BC6E-43F158B958AE} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {E057732A-B17D-4D62-BD65-ADCB6A81EE79} - C:\WINDOWS\system32\qweloqwt.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\cdjcrgjq.dll",setvm
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).
C:\WINDOWS\system32\qweloqwt.dll
ALCMTR.EXE
C:\WINDOWS\system32\cdjcrgjq.dll
----------------------------------------------------------------------------
¤ Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option 3
"Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport".
Copie/colle le rapport sur le forum.
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
-------------------------------------------------------------------------------------------
¤ Lance CCleaner comme sur le tuto fournit au début de la procédure.
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.
Précise tes soucis s’il en reste....
Tiens-moi au courant
A+
missorlie
Messages postés
14
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
5 décembre 2007
18 avril 2007 à 16:05
18 avril 2007 à 16:05
voici donc le rapport de AVG:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:23:13 18/04/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP60\A0010374.exe -> Adware.MediaTicket : Nettoyé.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé.
C:\Documents and Settings\orlane\Application Data\winantispyware2006freeinstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé.
:mozilla.69:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.219:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.296:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.353:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.354:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.405:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Nettoyé.
:mozilla.222:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.223:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@adbrite[3].txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.194:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.197:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.92:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.182:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.76:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.195:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.196:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.198:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.20:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@enhance[1].txt -> TrackingCookie.Enhance : Nettoyé.
:mozilla.105:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.523:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Etracker : Nettoyé.
:mozilla.183:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.184:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.527:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.528:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.529:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.530:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.531:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.532:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.533:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.311:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.42:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.100:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.366:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.97:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.518:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Realtracker : Nettoyé.
:mozilla.411:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.412:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.133:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.134:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.135:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.136:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.137:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.138:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.44:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.45:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.46:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Nettoyé.
:mozilla.23:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.445:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.71:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.72:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.73:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.34:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.35:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.36:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.37:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.38:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.39:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:23:13 18/04/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP60\A0010374.exe -> Adware.MediaTicket : Nettoyé.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé.
C:\Documents and Settings\orlane\Application Data\winantispyware2006freeinstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé.
:mozilla.69:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.219:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.296:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.353:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.354:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.405:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Nettoyé.
:mozilla.222:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.223:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@adbrite[3].txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.194:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.197:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.92:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.182:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.76:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.195:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.196:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.198:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.20:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@enhance[1].txt -> TrackingCookie.Enhance : Nettoyé.
:mozilla.105:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.523:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Etracker : Nettoyé.
:mozilla.183:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.184:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.527:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.528:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.529:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.530:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.531:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.532:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.533:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.311:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.42:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.100:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.366:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.97:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.518:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Realtracker : Nettoyé.
:mozilla.411:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.412:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.133:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.134:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.135:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.136:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.137:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.138:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.44:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.45:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.46:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Nettoyé.
:mozilla.23:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.445:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.71:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.72:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.73:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.34:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.35:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.36:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.37:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.38:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.39:C:\Documents and Settings\orlane\Application Data\Mozilla\Firefox\Profiles\ut6x86j9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\orlane\Cookies\orlane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
missorlie
Messages postés
14
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
5 décembre 2007
18 avril 2007 à 16:07
18 avril 2007 à 16:07
et voici enfin le rapport de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 16:06:06, on 18/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\orlane\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E057732A-B17D-4D62-BD65-ADCB6A81EE79} - C:\WINDOWS\system32\qweloqwt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:06:06, on 18/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\orlane\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E057732A-B17D-4D62-BD65-ADCB6A81EE79} - C:\WINDOWS\system32\qweloqwt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
18 avril 2007 à 18:21
18 avril 2007 à 18:21
Salut
Upload ceci :
C:\WINDOWS\system32\qweloqwt.dll
A cette adresse:
https://www.bleepingcomputer.com/submit-malware.php?channel=13
Merci :)
Upload ceci :
C:\WINDOWS\system32\qweloqwt.dll
A cette adresse:
https://www.bleepingcomputer.com/submit-malware.php?channel=13
Merci :)