[Hijack] analyse malware
kakash
Messages postés
4
Statut
Membre
-
aranjuez31 Messages postés 8069 Statut Contributeur -
aranjuez31 Messages postés 8069 Statut Contributeur -
Bonjour j arrive pas à m en défaire popup ie ou mozilla ....hlp plz !
2j dessus j arrive à saturation :)
Logfile of HijackThis v1.99.1
Scan saved at 15:25:58, on 28/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
d:\perso\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\perso\Common Framework\FrameworkService.exe
D:\perso\VirusScan\Mcshield.exe
D:\perso\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\remisol\MsgServer.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
D:\perso\skype\Skype.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
D:\perso\nikon\NkVwMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\dmathieu\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [Skype] "D:\perso\skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wqzm] C:\PROGRA~1\COMMON~1\wqzm\wqzmm.exe
O4 - Global Startup: Analyseur de connectivité de client de pare-feu.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = D:\perso\nikon\NkVwMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_sit...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B5EB9433-CF7F-11D1-A4EE-0060970C43E2} (DropFile Class) - http://srv-sni2/WF/wfadmin/clientdrop.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {B9D450D5-C7CE-11D0-B495-204C4F4F5020} (FtpClient Class) - http://srv-sni2/wf/wfadmin/atlpf.ocx
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dni.fr
O17 - HKLM\Software\..\Telephony: DomainName = dni.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dni.fr
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\s2pulc791f.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - d:\perso\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HostSrv (HOSTSRV) - Unknown owner - c:\remisol\HostSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - D:\perso\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\perso\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\perso\VirusScan\VsTskMgr.exe
O23 - Service: MSGSERVER - Unknown owner - c:\remisol\MsgServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RCLH - Unknown owner - D:\PENTRADX\obj32\rclh.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
Merci !
2j dessus j arrive à saturation :)
Logfile of HijackThis v1.99.1
Scan saved at 15:25:58, on 28/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
d:\perso\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\perso\Common Framework\FrameworkService.exe
D:\perso\VirusScan\Mcshield.exe
D:\perso\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\remisol\MsgServer.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
D:\perso\skype\Skype.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
D:\perso\nikon\NkVwMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\dmathieu\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [Skype] "D:\perso\skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wqzm] C:\PROGRA~1\COMMON~1\wqzm\wqzmm.exe
O4 - Global Startup: Analyseur de connectivité de client de pare-feu.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = D:\perso\nikon\NkVwMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_sit...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B5EB9433-CF7F-11D1-A4EE-0060970C43E2} (DropFile Class) - http://srv-sni2/WF/wfadmin/clientdrop.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {B9D450D5-C7CE-11D0-B495-204C4F4F5020} (FtpClient Class) - http://srv-sni2/wf/wfadmin/atlpf.ocx
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dni.fr
O17 - HKLM\Software\..\Telephony: DomainName = dni.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dni.fr
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\s2pulc791f.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - d:\perso\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HostSrv (HOSTSRV) - Unknown owner - c:\remisol\HostSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - D:\perso\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\perso\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\perso\VirusScan\VsTskMgr.exe
O23 - Service: MSGSERVER - Unknown owner - c:\remisol\MsgServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RCLH - Unknown owner - D:\PENTRADX\obj32\rclh.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
Merci !
A voir également:
- [Hijack] analyse malware
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Echec de l'analyse antivirus - Astuces et Solutions
- Analyse performance pc - Guide
8 réponses
hello
1er boulot
Télécharger ceci (merci a S!RI pour ce petit programme) :
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
L'exécuter, puis double-cliquer sur Smitfraudfix.cmd
Choisir l’option 1, il va générer un rapport
Copier-coller ce dernier dans un message sur le forum.
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
1er boulot
Télécharger ceci (merci a S!RI pour ce petit programme) :
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
L'exécuter, puis double-cliquer sur Smitfraudfix.cmd
Choisir l’option 1, il va générer un rapport
Copier-coller ce dernier dans un message sur le forum.
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
re
2em boulot
3/ - Ewido (dowload)- gratuit même après 14 jours d’essai
http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
Copie/COLLE le rapport généré sur ce forum
6/ - Scan online avec BitDefender – fonctionne uniquement sous Internet Explorer en acceptant l’activX (à défaut de réussite, essaie avec Kasper et Panda )
https://assiste.com/404_La_page_demandee_n_existe_pas.php
Copie/COLLE le rapport entier
2em boulot
3/ - Ewido (dowload)- gratuit même après 14 jours d’essai
http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
Copie/COLLE le rapport généré sur ce forum
6/ - Scan online avec BitDefender – fonctionne uniquement sous Internet Explorer en acceptant l’activX (à défaut de réussite, essaie avec Kasper et Panda )
https://assiste.com/404_La_page_demandee_n_existe_pas.php
Copie/COLLE le rapport entier
re
3em boulot
ouvre hijack
http://pageperso.aol.fr/balltrap34/demohijack.htm
fixe lignes suivantes
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_sit...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B5EB9433-CF7F-11D1-A4EE-0060970C43E2} (DropFile Class) - http://srv-sni2/WF/wfadmin/clientdrop.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {B9D450D5-C7CE-11D0-B495-204C4F4F5020} (FtpClient Class) - http://srv-sni2/wf/wfadmin/atlpf.ocx
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
+
O4 - Global Startup: BTTray.lnk = ?
+
à venir.......
3em boulot
ouvre hijack
http://pageperso.aol.fr/balltrap34/demohijack.htm
fixe lignes suivantes
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_sit...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B5EB9433-CF7F-11D1-A4EE-0060970C43E2} (DropFile Class) - http://srv-sni2/WF/wfadmin/clientdrop.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {B9D450D5-C7CE-11D0-B495-204C4F4F5020} (FtpClient Class) - http://srv-sni2/wf/wfadmin/atlpf.ocx
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
+
O4 - Global Startup: BTTray.lnk = ?
+
à venir.......
Voilà les premirs rapports....bitdefender est en route ..
SmitFraudFix v2.35
Scan done at 20:20:24,24, 28/04/2006
Run from C:\Documents and Settings\dmathieu\Desktop\tmp\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dmathieu\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\dmathieu\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.35
Scan done at 20:24:21,95, 28/04/2006
Run from C:\Documents and Settings\dmathieu\Desktop\tmp\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 21:02:11, 28/04/2006
+ Report-Checksum: 9DE8B612
+ Scan result:
[592] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup
[288] C:\WINDOWS\system32\mdvcr71.dll -> Adware.Look2Me : Error during cleaning
:mozilla.7:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.8:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.9:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.10:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.11:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.15:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dmathieu\Cookies\dmathieu@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\dmathieu\Cookies\dmathieu@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Program Files\Common Files\wqzm\wqzmd\wqzmc.dll -> Adware.TargetServer : Cleaned with backup
C:\WINDOWS\SYSTEM32\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\vl6de.dll -> Adware.Look2Me : Cleaned with backup
::Report End
apparemment c le guard.tmp qui declenche tout à chaque fois mais je ne sais pas d ou il vient...
enfin j attends le resultat du defender et on verra ce ke ça donne apres le hijack.
D après ce que tu me dis j ai pas mal de conneries à virer !
Par contre mdvcr71.dll il faut que je la kill cette dll?
Merci pour l aide en tout cas ...
SmitFraudFix v2.35
Scan done at 20:20:24,24, 28/04/2006
Run from C:\Documents and Settings\dmathieu\Desktop\tmp\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dmathieu\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\dmathieu\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.35
Scan done at 20:24:21,95, 28/04/2006
Run from C:\Documents and Settings\dmathieu\Desktop\tmp\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 21:02:11, 28/04/2006
+ Report-Checksum: 9DE8B612
+ Scan result:
[592] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup
[288] C:\WINDOWS\system32\mdvcr71.dll -> Adware.Look2Me : Error during cleaning
:mozilla.7:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.8:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.9:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.10:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.11:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.15:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\dmathieu\Application Data\Mozilla\Firefox\Profiles\d7hhvgum.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dmathieu\Cookies\dmathieu@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\dmathieu\Cookies\dmathieu@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Program Files\Common Files\wqzm\wqzmd\wqzmc.dll -> Adware.TargetServer : Cleaned with backup
C:\WINDOWS\SYSTEM32\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\vl6de.dll -> Adware.Look2Me : Cleaned with backup
::Report End
apparemment c le guard.tmp qui declenche tout à chaque fois mais je ne sais pas d ou il vient...
enfin j attends le resultat du defender et on verra ce ke ça donne apres le hijack.
D après ce que tu me dis j ai pas mal de conneries à virer !
Par contre mdvcr71.dll il faut que je la kill cette dll?
Merci pour l aide en tout cas ...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ca y est finish...
defender report
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Infected with: Trojan.Qurl.3
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Disinfection failed
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Deleted
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Infected with: Trojan.Startpage.687
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Disinfection failed
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Deleted
C:\WINDOWS\icont.exe
Infected with: Trojan.Qurl.3
C:\WINDOWS\icont.exe
Disinfection failed
C:\WINDOWS\icont.exe
Deleted
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Detected with: Adware.Dinky.A.Trojan
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Disinfection failed
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Delete failed
C:\WINDOWS\Temp\bw2.com
Infected with: Trojan.Qurl.3
C:\WINDOWS\Temp\bw2.com
Disinfection failed
C:\WINDOWS\Temp\bw2.com
Deleted
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Infected with: Trojan.Qurl.3
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Disinfection failed
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Deleted
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Infected with: Trojan.Startpage.687
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Disinfection failed
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Deleted
C:\WINDOWS\icont.exe
Infected with: Trojan.Qurl.3
C:\WINDOWS\icont.exe
Disinfection failed
C:\WINDOWS\icont.exe
Deleted
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Detected with: Adware.Dinky.A.Trojan
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Disinfection failed
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Delete failed
C:\WINDOWS\Temp\bw2.com
Infected with: Trojan.Qurl.3
C:\WINDOWS\Temp\bw2.com
Disinfection failed
C:\WINDOWS\Temp\bw2.com
Deleted
le new hijack
Logfile of HijackThis v1.99.1
Scan saved at 22:45:20, on 28/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
d:\perso\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\perso\Common Framework\FrameworkService.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\perso\VirusScan\Mcshield.exe
D:\perso\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\remisol\MsgServer.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
D:\perso\skype\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
D:\perso\nikon\NkVwMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\dmathieu\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [Skype] "D:\perso\skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wqzm] C:\PROGRA~1\COMMON~1\wqzm\wqzmm.exe
O4 - Global Startup: Analyseur de connectivité de client de pare-feu.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: NkVwMon.exe.lnk = D:\perso\nikon\NkVwMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dni.fr
O17 - HKLM\Software\..\Telephony: DomainName = dni.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dni.fr
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\enlml1311.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - d:\perso\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HostSrv (HOSTSRV) - Unknown owner - c:\remisol\HostSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - D:\perso\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\perso\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\perso\VirusScan\VsTskMgr.exe
O23 - Service: MSGSERVER - Unknown owner - c:\remisol\MsgServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RCLH - Unknown owner - D:\PENTRADX\obj32\rclh.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
j ai encore le pb bien entendu ke dois je faire maintenant??
Merci
defender report
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Infected with: Trojan.Qurl.3
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Disinfection failed
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Deleted
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Infected with: Trojan.Startpage.687
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Disinfection failed
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Deleted
C:\WINDOWS\icont.exe
Infected with: Trojan.Qurl.3
C:\WINDOWS\icont.exe
Disinfection failed
C:\WINDOWS\icont.exe
Deleted
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Detected with: Adware.Dinky.A.Trojan
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Disinfection failed
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Delete failed
C:\WINDOWS\Temp\bw2.com
Infected with: Trojan.Qurl.3
C:\WINDOWS\Temp\bw2.com
Disinfection failed
C:\WINDOWS\Temp\bw2.com
Deleted
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Infected with: Trojan.Qurl.3
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Disinfection failed
C:\Documents and Settings\dmathieu\Local Settings\Temporary Internet Files\Content.IE5\XM29S2UD\AppWrap[1].exe
Deleted
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Infected with: Trojan.Startpage.687
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Disinfection failed
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Deleted
C:\WINDOWS\icont.exe
Infected with: Trojan.Qurl.3
C:\WINDOWS\icont.exe
Disinfection failed
C:\WINDOWS\icont.exe
Deleted
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Detected with: Adware.Dinky.A.Trojan
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Disinfection failed
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp
Delete failed
C:\WINDOWS\Temp\bw2.com
Infected with: Trojan.Qurl.3
C:\WINDOWS\Temp\bw2.com
Disinfection failed
C:\WINDOWS\Temp\bw2.com
Deleted
le new hijack
Logfile of HijackThis v1.99.1
Scan saved at 22:45:20, on 28/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
d:\perso\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\perso\Common Framework\FrameworkService.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\perso\VirusScan\Mcshield.exe
D:\perso\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\remisol\MsgServer.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
D:\perso\skype\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
D:\perso\nikon\NkVwMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\dmathieu\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [Skype] "D:\perso\skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wqzm] C:\PROGRA~1\COMMON~1\wqzm\wqzmm.exe
O4 - Global Startup: Analyseur de connectivité de client de pare-feu.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: NkVwMon.exe.lnk = D:\perso\nikon\NkVwMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dni.fr
O17 - HKLM\Software\..\Telephony: DomainName = dni.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dni.fr
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\enlml1311.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - d:\perso\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HostSrv (HOSTSRV) - Unknown owner - c:\remisol\HostSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - D:\perso\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\perso\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\perso\VirusScan\VsTskMgr.exe
O23 - Service: MSGSERVER - Unknown owner - c:\remisol\MsgServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RCLH - Unknown owner - D:\PENTRADX\obj32\rclh.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
j ai encore le pb bien entendu ke dois je faire maintenant??
Merci
hello
Installer L2mfix là (nettoie ligne O20 de Hijackthis)
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
http://users.skynet.be/BernieClub/tools.html
1. extraire le fichier sur le bureau
2. désactiver l'antivirus (car process est détecté faussement comme virus malware par certains antivirus)
3. lancer l2mfix.bat et sélectionner l'option #1 et faire Enter pour faire apparaître le log (cela prend qqs minutes)
4. Copie le log et colle sur un FORUM approprié pour une aide (par ex CMC sécurité/virus)
============
attendre que je lise pour savoir si la suite s'avère necessaire
===========
5. Ferme toutes tes fenêtres windows
6. Relance
s l2mfix.bat et sélectionne l'option #2
7. l'ordi va redémarrer automatiquement sinon le faire manuellement
8. Recopie le log et colle-le à nouveau sur un FORUM approprié pour une aide
9. Lances un Hijackthis http://www.merijn.org/files/hijackthis.zip ou là http://users.skynet.be/BernieClub/tools.html
tu le lances " Do a system scan and save log " et tu copie/colle le rapport sur un FORUM approprié pour une aide (avec cliq droit de la souris).
Installer L2mfix là (nettoie ligne O20 de Hijackthis)
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
http://users.skynet.be/BernieClub/tools.html
1. extraire le fichier sur le bureau
2. désactiver l'antivirus (car process est détecté faussement comme virus malware par certains antivirus)
3. lancer l2mfix.bat et sélectionner l'option #1 et faire Enter pour faire apparaître le log (cela prend qqs minutes)
4. Copie le log et colle sur un FORUM approprié pour une aide (par ex CMC sécurité/virus)
============
attendre que je lise pour savoir si la suite s'avère necessaire
===========
5. Ferme toutes tes fenêtres windows
6. Relance
s l2mfix.bat et sélectionne l'option #2
7. l'ordi va redémarrer automatiquement sinon le faire manuellement
8. Recopie le log et colle-le à nouveau sur un FORUM approprié pour une aide
9. Lances un Hijackthis http://www.merijn.org/files/hijackthis.zip ou là http://users.skynet.be/BernieClub/tools.html
tu le lances " Do a system scan and save log " et tu copie/colle le rapport sur un FORUM approprié pour une aide (avec cliq droit de la souris).
pas facile à éradiquer tout ça !
voilà les nouveaux logs
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enlml1311.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F7CE1DBC-1BF2-A378-AA6D-5081CBEAE200}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{3D309B01-03C7-4629-9405-A46656461D26}"=""
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{18C5A164-E998-4925-9DC6-C3F087124233}"=""
"{17953634-A097-47FC-B2D1-AAD72AE69B41}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3D309B01-03C7-4629-9405-A46656461D26}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D309B01-03C7-4629-9405-A46656461D26}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D309B01-03C7-4629-9405-A46656461D26}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D309B01-03C7-4629-9405-A46656461D26}\InprocServer32]
@="C:\\WINDOWS\\system32\\beins.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{18C5A164-E998-4925-9DC6-C3F087124233}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{18C5A164-E998-4925-9DC6-C3F087124233}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{18C5A164-E998-4925-9DC6-C3F087124233}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{18C5A164-E998-4925-9DC6-C3F087124233}\InprocServer32]
@="C:\\WINDOWS\\system32\\MPUPGRD.DLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{17953634-A097-47FC-B2D1-AAD72AE69B41}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{17953634-A097-47FC-B2D1-AAD72AE69B41}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{17953634-A097-47FC-B2D1-AAD72AE69B41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{17953634-A097-47FC-B2D1-AAD72AE69B41}\InprocServer32]
@="C:\\WINDOWS\\system32\\SFCSCCP.DLL"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
enlml1~1.dll Fri 28 Apr 2006 20:11:14 ..S.R 236 192 230,66 K
i4240e~1.dll Sat 29 Apr 2006 8:50:40 ..S.R 236 616 231,07 K
legitc~1.dll Tue 14 Feb 2006 9:20:14 ..... 550 120 537,23 K
lvn609~1.dll Fri 28 Apr 2006 22:43:14 ..S.R 236 851 231,30 K
sfcsccp.dll Sat 29 Apr 2006 8:50:42 ..S.R 236 192 230,66 K
spmsg.dll Mon 13 Feb 2006 19:03:38 ..... 8 632 8,43 K
6 items found: 6 files (4 H/S), 0 directories.
Total of file sizes: 1 504 603 bytes 1,43 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 2F61-8A0F
Directory of C:\WINDOWS\System32
29/04/2006 08:50 236ÿ192 SFCSCCP.DLL
29/04/2006 08:50 236ÿ616 i4240efqeh2e0.dll
28/04/2006 22:43 236ÿ851 lvn6095se.dll
28/04/2006 20:11 236ÿ192 enlml1311.dll
27/04/2006 22:14 <DIR> DLLCACHE
01/03/2004 16:09 <DIR> Microsoft
05/04/2001 19:43 94ÿ208 msstkprp.dll
21/03/2001 22:34 244ÿ232 Msflxgrd.ocx
6 File(s) 1ÿ284ÿ291 bytes
2 Dir(s) 1ÿ572ÿ261ÿ888 bytes free
et le hijack sans la ligne O20
Logfile of HijackThis v1.99.1
Scan saved at 09:24:10, on 29/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
d:\perso\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\perso\Common Framework\FrameworkService.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\perso\VirusScan\Mcshield.exe
D:\perso\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\remisol\MsgServer.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\perso\skype\Skype.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
D:\perso\nikon\NkVwMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\UltraEdit\uedit32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dmathieu\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [Skype] "D:\perso\skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wqzm] C:\PROGRA~1\COMMON~1\wqzm\wqzmm.exe
O4 - Global Startup: Analyseur de connectivité de client de pare-feu.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: NkVwMon.exe.lnk = D:\perso\nikon\NkVwMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dni.fr
O17 - HKLM\Software\..\Telephony: DomainName = dni.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dni.fr
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - d:\perso\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HostSrv (HOSTSRV) - Unknown owner - c:\remisol\HostSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - D:\perso\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\perso\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\perso\VirusScan\VsTskMgr.exe
O23 - Service: MSGSERVER - Unknown owner - c:\remisol\MsgServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RCLH - Unknown owner - D:\PENTRADX\obj32\rclh.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
J ai limpression que ça commence à être un peu plus clean ...
Il y a encore des opérations à effectuer selon vous ?
Merci
voilà les nouveaux logs
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enlml1311.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F7CE1DBC-1BF2-A378-AA6D-5081CBEAE200}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{3D309B01-03C7-4629-9405-A46656461D26}"=""
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{18C5A164-E998-4925-9DC6-C3F087124233}"=""
"{17953634-A097-47FC-B2D1-AAD72AE69B41}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3D309B01-03C7-4629-9405-A46656461D26}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D309B01-03C7-4629-9405-A46656461D26}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D309B01-03C7-4629-9405-A46656461D26}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D309B01-03C7-4629-9405-A46656461D26}\InprocServer32]
@="C:\\WINDOWS\\system32\\beins.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{18C5A164-E998-4925-9DC6-C3F087124233}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{18C5A164-E998-4925-9DC6-C3F087124233}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{18C5A164-E998-4925-9DC6-C3F087124233}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{18C5A164-E998-4925-9DC6-C3F087124233}\InprocServer32]
@="C:\\WINDOWS\\system32\\MPUPGRD.DLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{17953634-A097-47FC-B2D1-AAD72AE69B41}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{17953634-A097-47FC-B2D1-AAD72AE69B41}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{17953634-A097-47FC-B2D1-AAD72AE69B41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{17953634-A097-47FC-B2D1-AAD72AE69B41}\InprocServer32]
@="C:\\WINDOWS\\system32\\SFCSCCP.DLL"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
enlml1~1.dll Fri 28 Apr 2006 20:11:14 ..S.R 236 192 230,66 K
i4240e~1.dll Sat 29 Apr 2006 8:50:40 ..S.R 236 616 231,07 K
legitc~1.dll Tue 14 Feb 2006 9:20:14 ..... 550 120 537,23 K
lvn609~1.dll Fri 28 Apr 2006 22:43:14 ..S.R 236 851 231,30 K
sfcsccp.dll Sat 29 Apr 2006 8:50:42 ..S.R 236 192 230,66 K
spmsg.dll Mon 13 Feb 2006 19:03:38 ..... 8 632 8,43 K
6 items found: 6 files (4 H/S), 0 directories.
Total of file sizes: 1 504 603 bytes 1,43 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 2F61-8A0F
Directory of C:\WINDOWS\System32
29/04/2006 08:50 236ÿ192 SFCSCCP.DLL
29/04/2006 08:50 236ÿ616 i4240efqeh2e0.dll
28/04/2006 22:43 236ÿ851 lvn6095se.dll
28/04/2006 20:11 236ÿ192 enlml1311.dll
27/04/2006 22:14 <DIR> DLLCACHE
01/03/2004 16:09 <DIR> Microsoft
05/04/2001 19:43 94ÿ208 msstkprp.dll
21/03/2001 22:34 244ÿ232 Msflxgrd.ocx
6 File(s) 1ÿ284ÿ291 bytes
2 Dir(s) 1ÿ572ÿ261ÿ888 bytes free
et le hijack sans la ligne O20
Logfile of HijackThis v1.99.1
Scan saved at 09:24:10, on 29/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
d:\perso\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\perso\Common Framework\FrameworkService.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\perso\VirusScan\Mcshield.exe
D:\perso\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\remisol\MsgServer.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
D:\perso\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\perso\skype\Skype.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
D:\perso\nikon\NkVwMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\UltraEdit\uedit32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dmathieu\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [Skype] "D:\perso\skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wqzm] C:\PROGRA~1\COMMON~1\wqzm\wqzmm.exe
O4 - Global Startup: Analyseur de connectivité de client de pare-feu.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: NkVwMon.exe.lnk = D:\perso\nikon\NkVwMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dni.fr
O17 - HKLM\Software\..\Telephony: DomainName = dni.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dni.fr
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - d:\perso\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HostSrv (HOSTSRV) - Unknown owner - c:\remisol\HostSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\perso\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - D:\perso\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\perso\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\perso\VirusScan\VsTskMgr.exe
O23 - Service: MSGSERVER - Unknown owner - c:\remisol\MsgServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RCLH - Unknown owner - D:\PENTRADX\obj32\rclh.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
J ai limpression que ça commence à être un peu plus clean ...
Il y a encore des opérations à effectuer selon vous ?
Merci
bsr
as-tu réalisé l' option 2 de L2mfix ??
si non , fais-la comme décrite plus haut
=========
mets-toi en sans échec
ouvre hijack
coche et fixe lignes suivantes :
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
+
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
+
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [wqzm] C:\PROGRA~1\COMMON~1\wqzm\wqzmm.exe
O4 - Global Startup: NkVwMon.exe.lnk = D:\perso\nikon\NkVwMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
==
déma>'rechercher'
- wqzmm.exe
et supprime
====
fais fonctionner ewido
vire tt ce qu il trouve
=======
redémarre en normal
========
utilise ceci
4/ - regcleaner ( nettoyeur de registre)
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
Son tuto
http://www.softastuces.com/tuto/maint/regcleaner/index.php
5/ - cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo
http://pageperso.aol.fr/balltrap34/democleanup.htm
=======
remets moi un rapport du online de bitdefender et de ewido
=========
précise- moi le nom de :
ton antivirus ?
ton p-feu ?
as-tu réalisé l' option 2 de L2mfix ??
si non , fais-la comme décrite plus haut
=========
mets-toi en sans échec
ouvre hijack
coche et fixe lignes suivantes :
O16 - DPF: {EEF1AEE0-4312-11D2-B365-0060971632CC} (WebFolio Class) - http://srv-sni2/WF/wfadmin/webfoliox.ocx
+
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
+
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] D:\perso\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [wqzm] C:\PROGRA~1\COMMON~1\wqzm\wqzmm.exe
O4 - Global Startup: NkVwMon.exe.lnk = D:\perso\nikon\NkVwMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
==
déma>'rechercher'
- wqzmm.exe
et supprime
====
fais fonctionner ewido
vire tt ce qu il trouve
=======
redémarre en normal
========
utilise ceci
4/ - regcleaner ( nettoyeur de registre)
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
Son tuto
http://www.softastuces.com/tuto/maint/regcleaner/index.php
5/ - cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo
http://pageperso.aol.fr/balltrap34/democleanup.htm
=======
remets moi un rapport du online de bitdefender et de ewido
=========
précise- moi le nom de :
ton antivirus ?
ton p-feu ?
