[guqcg.dll, trojan startpage.19.ao, ie au dé
Jean
-
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
Bonjour et par avance merci de votre patience.
J'ai tout essayé : rien à y faire. J'ai viré toute une collection de trojans. Bref un vrai grenier à bestiole.
Pour plus de précision je peut vous dire que j'ai des clés about:blank et que j'ai beau virer rien n'y fait : tout reviens aussi sec
Logfile of HijackThis v1.99.1
Scan saved at 16:46:19, on 16/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ADDZY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TRUST\AMI MOUSE 300 OPTICAL DUAL SCROLL\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\WINPX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CLUB-INTERNET\LANCEUR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ACCESSOIRES\WORDPAD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\D3RF32.DLL (file missing)
O2 - BHO: Class - {1827F199-DD3F-2E2B-50AB-908D49CDED6E} - C:\WINDOWS\SYSTEM\NTJB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [WindowPictures_Tray_Icon] C:\WindPict\WindowPictures_Tray_Icon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HookSys] HookSys.exe
O4 - HKLM\..\Run: [IP Watch] C:\WINDOWS\TEMP\IP WATCH.EXE
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTHH32.EXE] C:\WINDOWS\NTHH32.EXE
O4 - HKLM\..\Run: [ADDCJ.EXE] C:\WINDOWS\SYSTEM\ADDCJ.EXE
O4 - HKLM\..\Run: [SYSZB.EXE] C:\WINDOWS\SYSTEM\SYSZB.EXE
O4 - HKLM\..\Run: [APPJI32.EXE] C:\WINDOWS\SYSTEM\APPJI32.EXE
O4 - HKLM\..\Run: [SYSLD.EXE] C:\WINDOWS\SYSLD.EXE
O4 - HKLM\..\Run: [APIZF.EXE] C:\WINDOWS\APIZF.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [ATLUK32.EXE] C:\WINDOWS\SYSTEM\ATLUK32.EXE
O4 - HKLM\..\Run: [MSWD.EXE] C:\WINDOWS\MSWD.EXE
O4 - HKLM\..\Run: [APPDO32.EXE] C:\WINDOWS\SYSTEM\APPDO32.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WINPX.EXE] C:\WINDOWS\WINPX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NTRR32.EXE] C:\WINDOWS\SYSTEM\NTRR32.EXE /s
O4 - HKLM\..\RunServices: [SYSTV32.EXE] C:\WINDOWS\SYSTV32.EXE /s
O4 - HKLM\..\RunServices: [D3UK32.EXE] C:\WINDOWS\SYSTEM\D3UK32.EXE /s
O4 - HKLM\..\RunServices: [WINOP.EXE] C:\WINDOWS\WINOP.EXE /s
O4 - HKLM\..\RunServices: [ADDWU.EXE] C:\WINDOWS\ADDWU.EXE /s
O4 - HKLM\..\RunServices: [MFCNM.EXE] C:\WINDOWS\MFCNM.EXE /s
O4 - HKLM\..\RunServices: [NETEC.EXE] C:\WINDOWS\NETEC.EXE /s
O4 - HKLM\..\RunServices: [NTPY32.EXE] C:\WINDOWS\SYSTEM\NTPY32.EXE /s
O4 - HKLM\..\RunServices: [IPYQ32.EXE] C:\WINDOWS\IPYQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE /s
O4 - HKLM\..\RunServices: [NTAF.EXE] C:\WINDOWS\SYSTEM\NTAF.EXE /s
O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\SYSTEM\APIKU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWM32.EXE] C:\WINDOWS\JAVAWM32.EXE /s
O4 - HKLM\..\RunServices: [MFCGV32.EXE] C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
O4 - HKLM\..\RunServices: [NTOQ32.EXE] C:\WINDOWS\NTOQ32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\SYSTEM\APIED32.EXE /s
O4 - HKLM\..\RunServices: [MFCBD.EXE] C:\WINDOWS\SYSTEM\MFCBD.EXE /s
O4 - HKLM\..\RunServices: [ATLHZ32.EXE] C:\WINDOWS\SYSTEM\ATLHZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDZY.EXE] C:\WINDOWS\SYSTEM\ADDZY.EXE /s
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343fr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294edb3ae3eec6a56006/netzip/RdxIE601_fr.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = ******
J'ai tout essayé : rien à y faire. J'ai viré toute une collection de trojans. Bref un vrai grenier à bestiole.
Pour plus de précision je peut vous dire que j'ai des clés about:blank et que j'ai beau virer rien n'y fait : tout reviens aussi sec
Logfile of HijackThis v1.99.1
Scan saved at 16:46:19, on 16/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ADDZY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TRUST\AMI MOUSE 300 OPTICAL DUAL SCROLL\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\WINPX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CLUB-INTERNET\LANCEUR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ACCESSOIRES\WORDPAD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\D3RF32.DLL (file missing)
O2 - BHO: Class - {1827F199-DD3F-2E2B-50AB-908D49CDED6E} - C:\WINDOWS\SYSTEM\NTJB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [WindowPictures_Tray_Icon] C:\WindPict\WindowPictures_Tray_Icon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HookSys] HookSys.exe
O4 - HKLM\..\Run: [IP Watch] C:\WINDOWS\TEMP\IP WATCH.EXE
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTHH32.EXE] C:\WINDOWS\NTHH32.EXE
O4 - HKLM\..\Run: [ADDCJ.EXE] C:\WINDOWS\SYSTEM\ADDCJ.EXE
O4 - HKLM\..\Run: [SYSZB.EXE] C:\WINDOWS\SYSTEM\SYSZB.EXE
O4 - HKLM\..\Run: [APPJI32.EXE] C:\WINDOWS\SYSTEM\APPJI32.EXE
O4 - HKLM\..\Run: [SYSLD.EXE] C:\WINDOWS\SYSLD.EXE
O4 - HKLM\..\Run: [APIZF.EXE] C:\WINDOWS\APIZF.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [ATLUK32.EXE] C:\WINDOWS\SYSTEM\ATLUK32.EXE
O4 - HKLM\..\Run: [MSWD.EXE] C:\WINDOWS\MSWD.EXE
O4 - HKLM\..\Run: [APPDO32.EXE] C:\WINDOWS\SYSTEM\APPDO32.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WINPX.EXE] C:\WINDOWS\WINPX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NTRR32.EXE] C:\WINDOWS\SYSTEM\NTRR32.EXE /s
O4 - HKLM\..\RunServices: [SYSTV32.EXE] C:\WINDOWS\SYSTV32.EXE /s
O4 - HKLM\..\RunServices: [D3UK32.EXE] C:\WINDOWS\SYSTEM\D3UK32.EXE /s
O4 - HKLM\..\RunServices: [WINOP.EXE] C:\WINDOWS\WINOP.EXE /s
O4 - HKLM\..\RunServices: [ADDWU.EXE] C:\WINDOWS\ADDWU.EXE /s
O4 - HKLM\..\RunServices: [MFCNM.EXE] C:\WINDOWS\MFCNM.EXE /s
O4 - HKLM\..\RunServices: [NETEC.EXE] C:\WINDOWS\NETEC.EXE /s
O4 - HKLM\..\RunServices: [NTPY32.EXE] C:\WINDOWS\SYSTEM\NTPY32.EXE /s
O4 - HKLM\..\RunServices: [IPYQ32.EXE] C:\WINDOWS\IPYQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE /s
O4 - HKLM\..\RunServices: [NTAF.EXE] C:\WINDOWS\SYSTEM\NTAF.EXE /s
O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\SYSTEM\APIKU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWM32.EXE] C:\WINDOWS\JAVAWM32.EXE /s
O4 - HKLM\..\RunServices: [MFCGV32.EXE] C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
O4 - HKLM\..\RunServices: [NTOQ32.EXE] C:\WINDOWS\NTOQ32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\SYSTEM\APIED32.EXE /s
O4 - HKLM\..\RunServices: [MFCBD.EXE] C:\WINDOWS\SYSTEM\MFCBD.EXE /s
O4 - HKLM\..\RunServices: [ATLHZ32.EXE] C:\WINDOWS\SYSTEM\ATLHZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDZY.EXE] C:\WINDOWS\SYSTEM\ADDZY.EXE /s
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343fr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294edb3ae3eec6a56006/netzip/RdxIE601_fr.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = ******
A voir également:
- [guqcg.dll, trojan startpage.19.ao, ie au dé
- Ie tab - Télécharger - Outils pour navigateurs
- Archicad 19 - Télécharger - 3D
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Ie 11 - Télécharger - Navigateurs
- Anti trojan - Télécharger - Antivirus & Antimalwares
27 réponses
Mis à part la fin je n'avais rien touché : je pensait que 194.117.200.10,194.177.200.15 pouvaient être nuisible sur le net?
Logfile of HijackThis v1.99.1
Scan saved at 03:53:14, on 18/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ADDZY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TRUST\AMI MOUSE 300 OPTICAL DUAL SCROLL\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\WINPX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\D3RF32.DLL (file missing)
O2 - BHO: Class - {1827F199-DD3F-2E2B-50AB-908D49CDED6E} - C:\WINDOWS\SYSTEM\NTJB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [WindowPictures_Tray_Icon] C:\WindPict\WindowPictures_Tray_Icon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HookSys] HookSys.exe
O4 - HKLM\..\Run: [IP Watch] C:\WINDOWS\TEMP\IP WATCH.EXE
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTHH32.EXE] C:\WINDOWS\NTHH32.EXE
O4 - HKLM\..\Run: [ADDCJ.EXE] C:\WINDOWS\SYSTEM\ADDCJ.EXE
O4 - HKLM\..\Run: [SYSZB.EXE] C:\WINDOWS\SYSTEM\SYSZB.EXE
O4 - HKLM\..\Run: [APPJI32.EXE] C:\WINDOWS\SYSTEM\APPJI32.EXE
O4 - HKLM\..\Run: [SYSLD.EXE] C:\WINDOWS\SYSLD.EXE
O4 - HKLM\..\Run: [APIZF.EXE] C:\WINDOWS\APIZF.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [ATLUK32.EXE] C:\WINDOWS\SYSTEM\ATLUK32.EXE
O4 - HKLM\..\Run: [MSWD.EXE] C:\WINDOWS\MSWD.EXE
O4 - HKLM\..\Run: [APPDO32.EXE] C:\WINDOWS\SYSTEM\APPDO32.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WINPX.EXE] C:\WINDOWS\WINPX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NTRR32.EXE] C:\WINDOWS\SYSTEM\NTRR32.EXE /s
O4 - HKLM\..\RunServices: [SYSTV32.EXE] C:\WINDOWS\SYSTV32.EXE /s
O4 - HKLM\..\RunServices: [D3UK32.EXE] C:\WINDOWS\SYSTEM\D3UK32.EXE /s
O4 - HKLM\..\RunServices: [WINOP.EXE] C:\WINDOWS\WINOP.EXE /s
O4 - HKLM\..\RunServices: [ADDWU.EXE] C:\WINDOWS\ADDWU.EXE /s
O4 - HKLM\..\RunServices: [MFCNM.EXE] C:\WINDOWS\MFCNM.EXE /s
O4 - HKLM\..\RunServices: [NETEC.EXE] C:\WINDOWS\NETEC.EXE /s
O4 - HKLM\..\RunServices: [NTPY32.EXE] C:\WINDOWS\SYSTEM\NTPY32.EXE /s
O4 - HKLM\..\RunServices: [IPYQ32.EXE] C:\WINDOWS\IPYQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE /s
O4 - HKLM\..\RunServices: [NTAF.EXE] C:\WINDOWS\SYSTEM\NTAF.EXE /s
O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\SYSTEM\APIKU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWM32.EXE] C:\WINDOWS\JAVAWM32.EXE /s
O4 - HKLM\..\RunServices: [MFCGV32.EXE] C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
O4 - HKLM\..\RunServices: [NTOQ32.EXE] C:\WINDOWS\NTOQ32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\SYSTEM\APIED32.EXE /s
O4 - HKLM\..\RunServices: [MFCBD.EXE] C:\WINDOWS\SYSTEM\MFCBD.EXE /s
O4 - HKLM\..\RunServices: [ATLHZ32.EXE] C:\WINDOWS\SYSTEM\ATLHZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDZY.EXE] C:\WINDOWS\SYSTEM\ADDZY.EXE /s
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343fr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294edb3ae3eec6a56006/netzip/RdxIE601_fr.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
194.117.200.10,194.177.200.15
Logfile of HijackThis v1.99.1
Scan saved at 03:53:14, on 18/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ADDZY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TRUST\AMI MOUSE 300 OPTICAL DUAL SCROLL\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\WINPX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\D3RF32.DLL (file missing)
O2 - BHO: Class - {1827F199-DD3F-2E2B-50AB-908D49CDED6E} - C:\WINDOWS\SYSTEM\NTJB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [WindowPictures_Tray_Icon] C:\WindPict\WindowPictures_Tray_Icon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HookSys] HookSys.exe
O4 - HKLM\..\Run: [IP Watch] C:\WINDOWS\TEMP\IP WATCH.EXE
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NTHH32.EXE] C:\WINDOWS\NTHH32.EXE
O4 - HKLM\..\Run: [ADDCJ.EXE] C:\WINDOWS\SYSTEM\ADDCJ.EXE
O4 - HKLM\..\Run: [SYSZB.EXE] C:\WINDOWS\SYSTEM\SYSZB.EXE
O4 - HKLM\..\Run: [APPJI32.EXE] C:\WINDOWS\SYSTEM\APPJI32.EXE
O4 - HKLM\..\Run: [SYSLD.EXE] C:\WINDOWS\SYSLD.EXE
O4 - HKLM\..\Run: [APIZF.EXE] C:\WINDOWS\APIZF.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [ATLUK32.EXE] C:\WINDOWS\SYSTEM\ATLUK32.EXE
O4 - HKLM\..\Run: [MSWD.EXE] C:\WINDOWS\MSWD.EXE
O4 - HKLM\..\Run: [APPDO32.EXE] C:\WINDOWS\SYSTEM\APPDO32.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WINPX.EXE] C:\WINDOWS\WINPX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NTRR32.EXE] C:\WINDOWS\SYSTEM\NTRR32.EXE /s
O4 - HKLM\..\RunServices: [SYSTV32.EXE] C:\WINDOWS\SYSTV32.EXE /s
O4 - HKLM\..\RunServices: [D3UK32.EXE] C:\WINDOWS\SYSTEM\D3UK32.EXE /s
O4 - HKLM\..\RunServices: [WINOP.EXE] C:\WINDOWS\WINOP.EXE /s
O4 - HKLM\..\RunServices: [ADDWU.EXE] C:\WINDOWS\ADDWU.EXE /s
O4 - HKLM\..\RunServices: [MFCNM.EXE] C:\WINDOWS\MFCNM.EXE /s
O4 - HKLM\..\RunServices: [NETEC.EXE] C:\WINDOWS\NETEC.EXE /s
O4 - HKLM\..\RunServices: [NTPY32.EXE] C:\WINDOWS\SYSTEM\NTPY32.EXE /s
O4 - HKLM\..\RunServices: [IPYQ32.EXE] C:\WINDOWS\IPYQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE /s
O4 - HKLM\..\RunServices: [NTAF.EXE] C:\WINDOWS\SYSTEM\NTAF.EXE /s
O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\SYSTEM\APIKU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWM32.EXE] C:\WINDOWS\JAVAWM32.EXE /s
O4 - HKLM\..\RunServices: [MFCGV32.EXE] C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
O4 - HKLM\..\RunServices: [NTOQ32.EXE] C:\WINDOWS\NTOQ32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\SYSTEM\APIED32.EXE /s
O4 - HKLM\..\RunServices: [MFCBD.EXE] C:\WINDOWS\SYSTEM\MFCBD.EXE /s
O4 - HKLM\..\RunServices: [ATLHZ32.EXE] C:\WINDOWS\SYSTEM\ATLHZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDZY.EXE] C:\WINDOWS\SYSTEM\ADDZY.EXE /s
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343fr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294edb3ae3eec6a56006/netzip/RdxIE601_fr.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
194.117.200.10,194.177.200.15
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
4/A2 Free (anti-trojans et worms)
http://www.emsisoft.net/fr/software/download/
8/about buster:
http://www.majorgeeks.com/download4289.html
Clique "Check for updates".
Télécharge les mises à jour
referme le
on l‘utilisera plus tard.
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as téléchargé avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\D3RF32.DLL (file missing)
O2 - BHO: Class - {1827F199-DD3F-2E2B-50AB-908D49CDED6E} - C:\WINDOWS\SYSTEM\NTJB.DLL
O4 - HKLM\..\Run: [NTHH32.EXE] C:\WINDOWS\NTHH32.EXE
O4 - HKLM\..\Run: [ADDCJ.EXE] C:\WINDOWS\SYSTEM\ADDCJ.EXE
O4 - HKLM\..\Run: [SYSZB.EXE] C:\WINDOWS\SYSTEM\SYSZB.EXE
O4 - HKLM\..\Run: [APPJI32.EXE] C:\WINDOWS\SYSTEM\APPJI32.EXE
O4 - HKLM\..\Run: [SYSLD.EXE] C:\WINDOWS\SYSLD.EXE
O4 - HKLM\..\Run: [APIZF.EXE] C:\WINDOWS\APIZF.EXE
O4 - HKLM\..\Run: [ATLUK32.EXE] C:\WINDOWS\SYSTEM\ATLUK32.EXE
O4 - HKLM\..\Run: [MSWD.EXE] C:\WINDOWS\MSWD.EXE
O4 - HKLM\..\Run: [APPDO32.EXE] C:\WINDOWS\SYSTEM\APPDO32.EXE
O4 - HKLM\..\Run: [WINPX.EXE] C:\WINDOWS\WINPX.EXE
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343fr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294edb3ae3eec6a56006/netzip/RdxIE601_fr.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents)
C:\WINDOWS\NTHH32.EXE
C:\WINDOWS\SYSTEM\ADDCJ.EXE
C:\WINDOWS\SYSTEM\SYSZB.EXE
C:\WINDOWS\SYSTEM\APPJI32.EXE
C:\WINDOWS\SYSLD.EXE
C:\WINDOWS\APIZF.EXE
C:\WINDOWS\SYSTEM\ATLUK32.EXE
C:\WINDOWS\MSWD.EXE
C:\WINDOWS\SYSTEM\APPDO32.EXE
C:\WINDOWS\WINPX.EXE
C:\WINDOWS\SYSTEM\NTRR32.EXE /s
C:\WINDOWS\SYSTV32.EXE /s
C:\WINDOWS\ADDWU.EXE /s
C:\WINDOWS\MFCNM.EXE /s
C:\WINDOWS\NETEC.EXE /s
C:\WINDOWS\SYSTEM\NTPY32.EXE /s
C:\WINDOWS\IPYQ32.EXE /s
C:\WINDOWS\SYSTEM\MFCWI32.EXE /s
C:\WINDOWS\SYSTEM\NTAF.EXE /s
C:\WINDOWS\SYSTEM\APIKU32.EXE /s
C:\WINDOWS\JAVAWM32.EXE /s
C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
C:\WINDOWS\NTOQ32.EXE /s
C:\WINDOWS\SYSTEM\APIED32.EXE /s
C:\WINDOWS\SYSTEM\MFCBD.EXE /s
C:\WINDOWS\SYSTEM\ATLHZ32.EXE /s
C:\WINDOWS\SYSTEM\ADDZY.EXE /s
----------------------------------------------------------------------------
¤ Passe about buster autant de fois qu il trouve qqchose (5/10/15 fois au besoin)
-------------------------------------------------------------------------
¤Passe a² et supp ce qu il trouve
----------------------------------------------------------------------------
¤ Passe Ad-Aware et vire tout ce qu’il trouve
----------------------------------------------------------------------------
¤ Passe Spybot et vire tout ce qu’il trouve
----------------------------------------------------------------------------
> Tu vides ta poubelle et tu redémarres en mode normal et refait un HijackThis
Précise tes soucis s’il en reste....
Tiens-moi au courant
a+
Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
4/A2 Free (anti-trojans et worms)
http://www.emsisoft.net/fr/software/download/
8/about buster:
http://www.majorgeeks.com/download4289.html
Clique "Check for updates".
Télécharge les mises à jour
referme le
on l‘utilisera plus tard.
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as téléchargé avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\guqcg.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\D3RF32.DLL (file missing)
O2 - BHO: Class - {1827F199-DD3F-2E2B-50AB-908D49CDED6E} - C:\WINDOWS\SYSTEM\NTJB.DLL
O4 - HKLM\..\Run: [NTHH32.EXE] C:\WINDOWS\NTHH32.EXE
O4 - HKLM\..\Run: [ADDCJ.EXE] C:\WINDOWS\SYSTEM\ADDCJ.EXE
O4 - HKLM\..\Run: [SYSZB.EXE] C:\WINDOWS\SYSTEM\SYSZB.EXE
O4 - HKLM\..\Run: [APPJI32.EXE] C:\WINDOWS\SYSTEM\APPJI32.EXE
O4 - HKLM\..\Run: [SYSLD.EXE] C:\WINDOWS\SYSLD.EXE
O4 - HKLM\..\Run: [APIZF.EXE] C:\WINDOWS\APIZF.EXE
O4 - HKLM\..\Run: [ATLUK32.EXE] C:\WINDOWS\SYSTEM\ATLUK32.EXE
O4 - HKLM\..\Run: [MSWD.EXE] C:\WINDOWS\MSWD.EXE
O4 - HKLM\..\Run: [APPDO32.EXE] C:\WINDOWS\SYSTEM\APPDO32.EXE
O4 - HKLM\..\Run: [WINPX.EXE] C:\WINDOWS\WINPX.EXE
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343fr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294edb3ae3eec6a56006/netzip/RdxIE601_fr.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_FR.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents)
C:\WINDOWS\NTHH32.EXE
C:\WINDOWS\SYSTEM\ADDCJ.EXE
C:\WINDOWS\SYSTEM\SYSZB.EXE
C:\WINDOWS\SYSTEM\APPJI32.EXE
C:\WINDOWS\SYSLD.EXE
C:\WINDOWS\APIZF.EXE
C:\WINDOWS\SYSTEM\ATLUK32.EXE
C:\WINDOWS\MSWD.EXE
C:\WINDOWS\SYSTEM\APPDO32.EXE
C:\WINDOWS\WINPX.EXE
C:\WINDOWS\SYSTEM\NTRR32.EXE /s
C:\WINDOWS\SYSTV32.EXE /s
C:\WINDOWS\ADDWU.EXE /s
C:\WINDOWS\MFCNM.EXE /s
C:\WINDOWS\NETEC.EXE /s
C:\WINDOWS\SYSTEM\NTPY32.EXE /s
C:\WINDOWS\IPYQ32.EXE /s
C:\WINDOWS\SYSTEM\MFCWI32.EXE /s
C:\WINDOWS\SYSTEM\NTAF.EXE /s
C:\WINDOWS\SYSTEM\APIKU32.EXE /s
C:\WINDOWS\JAVAWM32.EXE /s
C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
C:\WINDOWS\NTOQ32.EXE /s
C:\WINDOWS\SYSTEM\APIED32.EXE /s
C:\WINDOWS\SYSTEM\MFCBD.EXE /s
C:\WINDOWS\SYSTEM\ATLHZ32.EXE /s
C:\WINDOWS\SYSTEM\ADDZY.EXE /s
----------------------------------------------------------------------------
¤ Passe about buster autant de fois qu il trouve qqchose (5/10/15 fois au besoin)
-------------------------------------------------------------------------
¤Passe a² et supp ce qu il trouve
----------------------------------------------------------------------------
¤ Passe Ad-Aware et vire tout ce qu’il trouve
----------------------------------------------------------------------------
¤ Passe Spybot et vire tout ce qu’il trouve
----------------------------------------------------------------------------
> Tu vides ta poubelle et tu redémarres en mode normal et refait un HijackThis
Précise tes soucis s’il en reste....
Tiens-moi au courant
a+
Logfile of HijackThis v1.99.1
Scan saved at 21:19:04, on 25/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TRUST\AMI MOUSE 300 OPTICAL DUAL SCROLL\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\NETXS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {596F8480-AF4D-1795-88F6-07ABB014B3CF} - C:\WINDOWS\CRMW.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [WindowPictures_Tray_Icon] C:\WindPict\WindowPictures_Tray_Icon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HookSys] HookSys.exe
O4 - HKLM\..\Run: [IP Watch] C:\WINDOWS\TEMP\IP WATCH.EXE
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [NETXS.EXE] C:\WINDOWS\SYSTEM\NETXS.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NTRR32.EXE] C:\WINDOWS\SYSTEM\NTRR32.EXE /s
O4 - HKLM\..\RunServices: [SYSTV32.EXE] C:\WINDOWS\SYSTV32.EXE /s
O4 - HKLM\..\RunServices: [D3UK32.EXE] C:\WINDOWS\SYSTEM\D3UK32.EXE /s
O4 - HKLM\..\RunServices: [WINOP.EXE] C:\WINDOWS\WINOP.EXE /s
O4 - HKLM\..\RunServices: [ADDWU.EXE] C:\WINDOWS\ADDWU.EXE /s
O4 - HKLM\..\RunServices: [MFCNM.EXE] C:\WINDOWS\MFCNM.EXE /s
O4 - HKLM\..\RunServices: [NETEC.EXE] C:\WINDOWS\NETEC.EXE /s
O4 - HKLM\..\RunServices: [NTPY32.EXE] C:\WINDOWS\SYSTEM\NTPY32.EXE /s
O4 - HKLM\..\RunServices: [IPYQ32.EXE] C:\WINDOWS\IPYQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE /s
O4 - HKLM\..\RunServices: [NTAF.EXE] C:\WINDOWS\SYSTEM\NTAF.EXE /s
O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\SYSTEM\APIKU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWM32.EXE] C:\WINDOWS\JAVAWM32.EXE /s
O4 - HKLM\..\RunServices: [MFCGV32.EXE] C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
O4 - HKLM\..\RunServices: [NTOQ32.EXE] C:\WINDOWS\NTOQ32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\SYSTEM\APIED32.EXE /s
O4 - HKLM\..\RunServices: [MFCBD.EXE] C:\WINDOWS\SYSTEM\MFCBD.EXE /s
O4 - HKLM\..\RunServices: [ATLHZ32.EXE] C:\WINDOWS\SYSTEM\ATLHZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDZY.EXE] C:\WINDOWS\SYSTEM\ADDZY.EXE /s
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.117.200.10,194.177.200.15
Merci pour tout.
Dans
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
...
Décoche « masquer les extensions dont le type est connu »
Ce point je ne l'ai pas trouvé.
Dans
4/A2 Free (anti-trojans et worms)
http://www.emsisoft.net/fr/software/download/
impossible de l'utilisé : il me demande un mot de passe que je ne reçois jamais.
Et pour finir le démarrage de IE se fait toujour tout seul au départ bien que c'est vrai que j'ai gagné en rapidité.
Scan saved at 21:19:04, on 25/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TRUST\AMI MOUSE 300 OPTICAL DUAL SCROLL\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\NETXS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {596F8480-AF4D-1795-88F6-07ABB014B3CF} - C:\WINDOWS\CRMW.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [WindowPictures_Tray_Icon] C:\WindPict\WindowPictures_Tray_Icon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HookSys] HookSys.exe
O4 - HKLM\..\Run: [IP Watch] C:\WINDOWS\TEMP\IP WATCH.EXE
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [NETXS.EXE] C:\WINDOWS\SYSTEM\NETXS.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NTRR32.EXE] C:\WINDOWS\SYSTEM\NTRR32.EXE /s
O4 - HKLM\..\RunServices: [SYSTV32.EXE] C:\WINDOWS\SYSTV32.EXE /s
O4 - HKLM\..\RunServices: [D3UK32.EXE] C:\WINDOWS\SYSTEM\D3UK32.EXE /s
O4 - HKLM\..\RunServices: [WINOP.EXE] C:\WINDOWS\WINOP.EXE /s
O4 - HKLM\..\RunServices: [ADDWU.EXE] C:\WINDOWS\ADDWU.EXE /s
O4 - HKLM\..\RunServices: [MFCNM.EXE] C:\WINDOWS\MFCNM.EXE /s
O4 - HKLM\..\RunServices: [NETEC.EXE] C:\WINDOWS\NETEC.EXE /s
O4 - HKLM\..\RunServices: [NTPY32.EXE] C:\WINDOWS\SYSTEM\NTPY32.EXE /s
O4 - HKLM\..\RunServices: [IPYQ32.EXE] C:\WINDOWS\IPYQ32.EXE /s
O4 - HKLM\..\RunServices: [MFCWI32.EXE] C:\WINDOWS\SYSTEM\MFCWI32.EXE /s
O4 - HKLM\..\RunServices: [NTAF.EXE] C:\WINDOWS\SYSTEM\NTAF.EXE /s
O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\SYSTEM\APIKU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAWM32.EXE] C:\WINDOWS\JAVAWM32.EXE /s
O4 - HKLM\..\RunServices: [MFCGV32.EXE] C:\WINDOWS\SYSTEM\MFCGV32.EXE /s
O4 - HKLM\..\RunServices: [NTOQ32.EXE] C:\WINDOWS\NTOQ32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\SYSTEM\APIED32.EXE /s
O4 - HKLM\..\RunServices: [MFCBD.EXE] C:\WINDOWS\SYSTEM\MFCBD.EXE /s
O4 - HKLM\..\RunServices: [ATLHZ32.EXE] C:\WINDOWS\SYSTEM\ATLHZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDZY.EXE] C:\WINDOWS\SYSTEM\ADDZY.EXE /s
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.117.200.10,194.177.200.15
Merci pour tout.
Dans
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
...
Décoche « masquer les extensions dont le type est connu »
Ce point je ne l'ai pas trouvé.
Dans
4/A2 Free (anti-trojans et worms)
http://www.emsisoft.net/fr/software/download/
impossible de l'utilisé : il me demande un mot de passe que je ne reçois jamais.
Et pour finir le démarrage de IE se fait toujour tout seul au départ bien que c'est vrai que j'ai gagné en rapidité.
re,
Il en reste pas mal, comme a² tu n arrives pas a te le procurer,(verifie que tu bloques pas les mails avec expediteur inconnu)
fais ce scan en ligne:
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport
A+
Il en reste pas mal, comme a² tu n arrives pas a te le procurer,(verifie que tu bloques pas les mails avec expediteur inconnu)
fais ce scan en ligne:
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport
A+
Bonsoir,
ça enlève des trucs mais toujours IE au démarrage.
BitDefender Online Scanner
Scan report generated at: Sun, Sep 25, 2005 - 22:42:55
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:33:52
Files
34561
Folders
1832
Boot Sectors
2
Archives
636
Packed Files
3294
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4
Engines Info
Virus Definitions
212781
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
38
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\win32sys.exe
Infected with: Trojan.Dialer.Premium
C:\win32sys.exe
Disinfection failed
C:\win32sys.exe
Deleted
C:\PQSC\CPS\0000AE\FILES\001\020303.DAT
Infected with: Trojan.Dialer.Premium
C:\PQSC\CPS\0000AE\FILES\001\020303.DAT
Disinfection failed
C:\PQSC\CPS\0000AE\FILES\001\020303.DAT
Delete failed
C:\WINDOWS\TEMP\backups\backup-20050925-193254-869.dll
Infected with: Trojan.Downloader.782
C:\WINDOWS\TEMP\backups\backup-20050925-193254-869.dll
Disinfection failed
C:\WINDOWS\TEMP\backups\backup-20050925-193254-869.dll
Deleted
C:\WINDOWS\Downloaded Program Files\058343fr.exe
Infected with: Trojan.Dialer.Premium
C:\WINDOWS\Downloaded Program Files\058343fr.exe
Disinfection failed
C:\WINDOWS\Downloaded Program Files\058343fr.exe
Deleted
C:\WINDOWS\hook_dll.dll
Infected with: Trojan.Spy.Delf.GV
C:\WINDOWS\hook_dll.dll
Disinfection failed
C:\WINDOWS\hook_dll.dll
Deleted
ça enlève des trucs mais toujours IE au démarrage.
BitDefender Online Scanner
Scan report generated at: Sun, Sep 25, 2005 - 22:42:55
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:33:52
Files
34561
Folders
1832
Boot Sectors
2
Archives
636
Packed Files
3294
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4
Engines Info
Virus Definitions
212781
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
38
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\win32sys.exe
Infected with: Trojan.Dialer.Premium
C:\win32sys.exe
Disinfection failed
C:\win32sys.exe
Deleted
C:\PQSC\CPS\0000AE\FILES\001\020303.DAT
Infected with: Trojan.Dialer.Premium
C:\PQSC\CPS\0000AE\FILES\001\020303.DAT
Disinfection failed
C:\PQSC\CPS\0000AE\FILES\001\020303.DAT
Delete failed
C:\WINDOWS\TEMP\backups\backup-20050925-193254-869.dll
Infected with: Trojan.Downloader.782
C:\WINDOWS\TEMP\backups\backup-20050925-193254-869.dll
Disinfection failed
C:\WINDOWS\TEMP\backups\backup-20050925-193254-869.dll
Deleted
C:\WINDOWS\Downloaded Program Files\058343fr.exe
Infected with: Trojan.Dialer.Premium
C:\WINDOWS\Downloaded Program Files\058343fr.exe
Disinfection failed
C:\WINDOWS\Downloaded Program Files\058343fr.exe
Deleted
C:\WINDOWS\hook_dll.dll
Infected with: Trojan.Spy.Delf.GV
C:\WINDOWS\hook_dll.dll
Disinfection failed
C:\WINDOWS\hook_dll.dll
Deleted
Oui
Mais j'ai eu problème lord de son départ il a fallu que je le lance sans Update parce que Erreur 5
Mais j'ai eu :
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [19:47:47]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\drsiop.dat
Removed File! : C:\Windows\fpiokt.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:47:59
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [19:48:12]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:48:23
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [19:50:09]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:50:20
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [20:39:54]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was ABORTED at 20:40:02
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [23:34:44]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 23:34:59
Mais j'ai eu problème lord de son départ il a fallu que je le lance sans Update parce que Erreur 5
Mais j'ai eu :
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [19:47:47]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\drsiop.dat
Removed File! : C:\Windows\fpiokt.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:47:59
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [19:48:12]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:48:23
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [19:50:09]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:50:20
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [20:39:54]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was ABORTED at 20:40:02
AboutBuster 5.0 reference file 28
Scan started on [25/09/2005] at [23:34:44]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 23:34:59
oui apparament le serveur deu prog a certainement un soucis
a la place fait ceci pour voir et met moi le rapport
relance hijack clik sur open the misck tools section ensuite clik sur open ads spy
verifie que la case quick safe et la case ignore safe systeme soit cochez
et clik sur scan et apres le resultat sur save log et donne nous se log
a la place fait ceci pour voir et met moi le rapport
relance hijack clik sur open the misck tools section ensuite clik sur open ads spy
verifie que la case quick safe et la case ignore safe systeme soit cochez
et clik sur scan et apres le resultat sur save log et donne nous se log
Il refuse pourtant Quick Scan et Ignore safe sont cochés mais il met une fenêtre avec OK qui dit : Alternate Data Streams (ADS) are only possible on NTFS systems.
oki tu n est pas en ntfs c est normal
essai ceci pour voir
Téléchargez le RKFILES.ZIP d'ici :
http://skads.org/special/rkfiles.zip
Créez un nouveau dossier appelé c:RKFiles
Extrayez le contenu de RKFILES.ZIP dans ce nouveau dossier RKFILES.
Alors,
Redémarrez dans Mode sans echec
Ouvrez C:RKFiles dossier
double-cliquer RKFILES.BAT
attend qu il est fini
il vas crer un rapport donne moi le
Notez : Il devrait sauvegarder par défaut à C:\Log.txt
* Trouver ce journal, cliquez avec le bouton droit et renommez-le RKFiles_log.txt donc vous pouvez le poster.
essai ceci pour voir
Téléchargez le RKFILES.ZIP d'ici :
http://skads.org/special/rkfiles.zip
Créez un nouveau dossier appelé c:RKFiles
Extrayez le contenu de RKFILES.ZIP dans ce nouveau dossier RKFILES.
Alors,
Redémarrez dans Mode sans echec
Ouvrez C:RKFiles dossier
double-cliquer RKFILES.BAT
attend qu il est fini
il vas crer un rapport donne moi le
Notez : Il devrait sauvegarder par défaut à C:\Log.txt
* Trouver ce journal, cliquez avec le bouton droit et renommez-le RKFiles_log.txt donc vous pouvez le poster.
Bonjour,
Sur un point j'avais mis ça mais c'est bon j'ai réussi à le trouver
(Merci Regis 59 et Moe31) :
[Dans
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/
/option des dossiers/affichage
...
Décoche « masquer les extensions dont le type est connu »
Ce point je ne l'ai pas trouvé.]
Donc j'ai tout recommencé depuis le début et à la place de a2
que je n'ai toujours pas j'utilise AVG(??? éfficace ou pas c'est pas grave) .
J'ai viré un paquet de truc de la liste C:\WINDOWS\... que régis 59 à fait.
Pour plus d'infos :
Logfile of HijackThis v1.99.1
Scan saved at 03:08:25, on 30/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\CLUB-INTERNET\LANCEUR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TURBOZIP3\TURBOZIP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {596F8480-AF4D-1795-88F6-07ABB014B3CF} - C:\WINDOWS\CRMW.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.117.200.10,194.177.200.15
Pour ce qui est de RKFiles_log.txt voilà ce que j'ai balltrap34.
ECHO est inactif
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\SYSTEM\cpuinf32.dll: UPX!
C:\WINDOWS\SYSTEM\DivX.dll: PEC2
C:\WINDOWS\SYSTEM\DivX.dll: PEC2
Files Found in all users startup Folder............
------------------------
C:\WINDOWS\SYSTEM\cpuinf32.dll: UPX!
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
Sur un point j'avais mis ça mais c'est bon j'ai réussi à le trouver
(Merci Regis 59 et Moe31) :
[Dans
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/
/option des dossiers/affichage
...
Décoche « masquer les extensions dont le type est connu »
Ce point je ne l'ai pas trouvé.]
Donc j'ai tout recommencé depuis le début et à la place de a2
que je n'ai toujours pas j'utilise AVG(??? éfficace ou pas c'est pas grave) .
J'ai viré un paquet de truc de la liste C:\WINDOWS\... que régis 59 à fait.
Pour plus d'infos :
Logfile of HijackThis v1.99.1
Scan saved at 03:08:25, on 30/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\CLUB-INTERNET\LANCEUR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TURBOZIP3\TURBOZIP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {596F8480-AF4D-1795-88F6-07ABB014B3CF} - C:\WINDOWS\CRMW.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.117.200.10,194.177.200.15
Pour ce qui est de RKFiles_log.txt voilà ce que j'ai balltrap34.
ECHO est inactif
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\SYSTEM\cpuinf32.dll: UPX!
C:\WINDOWS\SYSTEM\DivX.dll: PEC2
C:\WINDOWS\SYSTEM\DivX.dll: PEC2
Files Found in all users startup Folder............
------------------------
C:\WINDOWS\SYSTEM\cpuinf32.dll: UPX!
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
fait analyser ces fichiers
C:\WINDOWS\vsapi32.dll
C:\WINDOWS\SYSTEM\cpuinf32.dll
C:\WINDOWS\SYSTEM\DivX.dll
ici
23 editeur d anti virus
http://www.virustotal.com/xhtml/virustotal_en.html
clik sur parcourir localise le fichier et clik sur send attend le rapport
et donne nous le
-----------------------
et refait un hijack
C:\WINDOWS\vsapi32.dll
C:\WINDOWS\SYSTEM\cpuinf32.dll
C:\WINDOWS\SYSTEM\DivX.dll
ici
23 editeur d anti virus
http://www.virustotal.com/xhtml/virustotal_en.html
clik sur parcourir localise le fichier et clik sur send attend le rapport
et donne nous le
-----------------------
et refait un hijack
Bonjour,
fait analyser ces fichiers
C:\WINDOWS\vsapi32.dll :
This is a report processed by VirusTotal on 10/02/2005 at
07:17:23 (CET) after scanning the file "vsapi32.dll" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 09.30.2005 no virus found
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 09.29.2005 no virus found
Avira 6.32.0.6 09.30.2005 no virus found
BitDefender 7.2 10.02.2005 no virus found
CAT-QuickHeal 8.00 10.02.2005 no virus found
ClamAV devel-20050917 09.30.2005 no virus found
DrWeb 4.32b 10.01.2005 no virus found
eTrust-Iris 7.1.194.0 10.01.2005 no virus found
eTrust-Vet 11.9.1.0 09.30.2005 no virus found
Fortinet 2.48.0.0 10.01.2005 suspicious
F-Prot 3.16c 09.30.2005 no virus found
Ikarus 0.2.59.0 09.30.2005 no virus found
Kaspersky 4.0.2.24 10.02.2005 no virus found
McAfee 4594 09.30.2005 no virus found
NOD32v2 1.1238 09.30.2005 no virus found
Norman 5.70.10 09.30.2005 no virus found
Panda 8.02.00 10.01.2005 no virus found
Sophos 3.98.0 10.01.2005 no virus found
Symantec 8.0 10.01.2005 no virus found
TheHacker 5.8.2.116 09.28.2005 no virus found
VBA32 3.10.4 09.30.2005 no virus found
C:\WINDOWS\SYSTEM\cpuinf32.dll
This is a report processed by VirusTotal on 10/02/2005 at
07:21:24 (CET) after scanning the file "cpuinf32.dll" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 09.30.2005 no virus found
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 09.29.2005 no virus found
Avira 6.32.0.6 09.30.2005 no virus found
BitDefender 7.2 10.02.2005 no virus found
CAT-QuickHeal 8.00 10.02.2005 no virus found
ClamAV devel-20050917 09.30.2005 no virus found
DrWeb 4.32b 10.01.2005 no virus found
eTrust-Iris 7.1.194.0 10.01.2005 no virus found
eTrust-Vet 11.9.1.0 09.30.2005 no virus found
Fortinet 2.48.0.0 10.01.2005 no virus found
F-Prot 3.16c 09.30.2005 no virus found
Ikarus 0.2.59.0 09.30.2005 no virus found
Kaspersky 4.0.2.24 10.02.2005 no virus found
McAfee 4594 09.30.2005 no virus found
NOD32v2 1.1238 09.30.2005 no virus found
Norman 5.70.10 09.30.2005 no virus found
Panda 8.02.00 10.01.2005 no virus found
Sophos 3.98.0 10.01.2005 no virus found
Symantec 8.0 10.01.2005 no virus found
TheHacker 5.8.2.116 09.28.2005 no virus found
VBA32 3.10.4 09.30.2005 no virus found
C:\WINDOWS\SYSTEM\DivX.dll
This is a report processed by VirusTotal on 10/02/2005
at 07:25:08 (CET) after scanning the file "DivX.dll" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 09.30.2005 no virus found
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 09.29.2005 no virus found
Avira 6.32.0.6 09.30.2005 no virus found
BitDefender 7.2 10.02.2005 no virus found
CAT-QuickHeal 8.00 10.02.2005 no virus found
ClamAV devel-20050917 09.30.2005 no virus found
DrWeb 4.32b 10.01.2005 no virus found
eTrust-Iris 7.1.194.0 10.01.2005 no virus found
eTrust-Vet 11.9.1.0 09.30.2005 no virus found
Fortinet 2.48.0.0 10.01.2005 no virus found
F-Prot 3.16c 09.30.2005 no virus found
Ikarus 0.2.59.0 09.30.2005 no virus found
Kaspersky 4.0.2.24 10.02.2005 no virus found
McAfee 4594 09.30.2005 no virus found
NOD32v2 1.1238 09.30.2005 no virus found
Norman 5.70.10 09.30.2005 no virus found
Panda 8.02.00 10.01.2005 no virus found
Sophos 3.98.0 10.01.2005 no virus found
Symantec 8.0 10.01.2005 no virus found
TheHacker 5.8.2.116 09.28.2005 no virus found
VBA32 3.10.4 09.30.2005 no virus found
gfile of HijackThis v1.99.1
Scan saved at 07:49:06, on 02/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {596F8480-AF4D-1795-88F6-07ABB014B3CF} - C:\WINDOWS\CRMW.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.117.200.10,194.177.200.15
Merci de m'aidé
fait analyser ces fichiers
C:\WINDOWS\vsapi32.dll :
This is a report processed by VirusTotal on 10/02/2005 at
07:17:23 (CET) after scanning the file "vsapi32.dll" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 09.30.2005 no virus found
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 09.29.2005 no virus found
Avira 6.32.0.6 09.30.2005 no virus found
BitDefender 7.2 10.02.2005 no virus found
CAT-QuickHeal 8.00 10.02.2005 no virus found
ClamAV devel-20050917 09.30.2005 no virus found
DrWeb 4.32b 10.01.2005 no virus found
eTrust-Iris 7.1.194.0 10.01.2005 no virus found
eTrust-Vet 11.9.1.0 09.30.2005 no virus found
Fortinet 2.48.0.0 10.01.2005 suspicious
F-Prot 3.16c 09.30.2005 no virus found
Ikarus 0.2.59.0 09.30.2005 no virus found
Kaspersky 4.0.2.24 10.02.2005 no virus found
McAfee 4594 09.30.2005 no virus found
NOD32v2 1.1238 09.30.2005 no virus found
Norman 5.70.10 09.30.2005 no virus found
Panda 8.02.00 10.01.2005 no virus found
Sophos 3.98.0 10.01.2005 no virus found
Symantec 8.0 10.01.2005 no virus found
TheHacker 5.8.2.116 09.28.2005 no virus found
VBA32 3.10.4 09.30.2005 no virus found
C:\WINDOWS\SYSTEM\cpuinf32.dll
This is a report processed by VirusTotal on 10/02/2005 at
07:21:24 (CET) after scanning the file "cpuinf32.dll" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 09.30.2005 no virus found
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 09.29.2005 no virus found
Avira 6.32.0.6 09.30.2005 no virus found
BitDefender 7.2 10.02.2005 no virus found
CAT-QuickHeal 8.00 10.02.2005 no virus found
ClamAV devel-20050917 09.30.2005 no virus found
DrWeb 4.32b 10.01.2005 no virus found
eTrust-Iris 7.1.194.0 10.01.2005 no virus found
eTrust-Vet 11.9.1.0 09.30.2005 no virus found
Fortinet 2.48.0.0 10.01.2005 no virus found
F-Prot 3.16c 09.30.2005 no virus found
Ikarus 0.2.59.0 09.30.2005 no virus found
Kaspersky 4.0.2.24 10.02.2005 no virus found
McAfee 4594 09.30.2005 no virus found
NOD32v2 1.1238 09.30.2005 no virus found
Norman 5.70.10 09.30.2005 no virus found
Panda 8.02.00 10.01.2005 no virus found
Sophos 3.98.0 10.01.2005 no virus found
Symantec 8.0 10.01.2005 no virus found
TheHacker 5.8.2.116 09.28.2005 no virus found
VBA32 3.10.4 09.30.2005 no virus found
C:\WINDOWS\SYSTEM\DivX.dll
This is a report processed by VirusTotal on 10/02/2005
at 07:25:08 (CET) after scanning the file "DivX.dll" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 09.30.2005 no virus found
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 09.29.2005 no virus found
Avira 6.32.0.6 09.30.2005 no virus found
BitDefender 7.2 10.02.2005 no virus found
CAT-QuickHeal 8.00 10.02.2005 no virus found
ClamAV devel-20050917 09.30.2005 no virus found
DrWeb 4.32b 10.01.2005 no virus found
eTrust-Iris 7.1.194.0 10.01.2005 no virus found
eTrust-Vet 11.9.1.0 09.30.2005 no virus found
Fortinet 2.48.0.0 10.01.2005 no virus found
F-Prot 3.16c 09.30.2005 no virus found
Ikarus 0.2.59.0 09.30.2005 no virus found
Kaspersky 4.0.2.24 10.02.2005 no virus found
McAfee 4594 09.30.2005 no virus found
NOD32v2 1.1238 09.30.2005 no virus found
Norman 5.70.10 09.30.2005 no virus found
Panda 8.02.00 10.01.2005 no virus found
Sophos 3.98.0 10.01.2005 no virus found
Symantec 8.0 10.01.2005 no virus found
TheHacker 5.8.2.116 09.28.2005 no virus found
VBA32 3.10.4 09.30.2005 no virus found
gfile of HijackThis v1.99.1
Scan saved at 07:49:06, on 02/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_France.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\cs0atx89.slt\prefs.js)
O2 - BHO: Class - {596F8480-AF4D-1795-88F6-07ABB014B3CF} - C:\WINDOWS\CRMW.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [NOD32POP3] "C:\Program Files\Eset\pop3scan.exe" /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = club-internet.fr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.117.200.10,194.177.200.15
Merci de m'aidé
