Probleme sur PC qui ouvre des pages Web
sejetoax
Messages postés
9
Statut
Membre
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,
Voila j'ai petit pb avec mon PC.
Depuis quelques temps mon PC ouvre des pages web tout seul via Mozilla ou Internet Explorer, pages type "VIRUS PROTECTION' : Attention votre PC a des virus ....bla bla bla ... cliquez ici pour télécharger un protection...
Bon comme je ne suis pas un expert, y aurait-il quelqu'un qui puisse m'aider.
J'ai fait tourner HijackThis et voici le log :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:53:27, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\SYSMGT\TNGURC\rcHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE
C:\Program Files\Symantec\SPA\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\SxpInst\sxplog32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\SYSMGT\TNGSD\BIN\triggusr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Printkey\Printkey.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Documents and Settings\moniezs\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.dupont.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\SxpInst\sxplog32.exe
O1 - Hosts: 52.99.2.54 csdux90
O1 - Hosts: 52.99.2.53 csdux92
O1 - Hosts: 52.99.240.4 gsdda01
O1 - Hosts: 52.99.240.142 rsdix01
O1 - Hosts: 52.99.240.143 rsdix02
O1 - Hosts: 52.99.240.144 rsdix03
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\xwjfwklb.dll
O2 - BHO: (no name) - {1B15CCED-460A-4DDF-9E0C-AA4891E22FA1} - C:\WINDOWS\system32\wwktppca.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9A881238-8303-45C7-A4EC-2F9EB7E5E892} - C:\WINDOWS\system32\qomnn.dll
O2 - BHO: (no name) - {AFC9BF99-BFD7-4CCA-9D5E-025A63757211} - C:\WINDOWS\system32\cbxuvst.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\jkcywouy.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [AMOAgent] c:\sysmgt\tngam\agents\umclogin.exe
O4 - HKLM\..\Run: [CfgDownload] C:\PROGRA~1\IXOS-E~1\bin\CFGDOW~1.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - PocketPC] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtNts4] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtOrg97] C:\Program Files\Common Files\XCPCSync.OEM\Laplink.213-103\XCPCMenuHook.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - ScheduleSync] C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\yjkmsorc.dll",realset
O4 - HKLM\..\RunServices: [Windows Service] nzacqphmju.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CardScan AutoSync] "C:\Program Files\Corex\CardScan\System\csynccfg.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service] nzacqphmju.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrintKey.lnk = C:\Program Files\Printkey\Printkey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://europe.dupont.com
O15 - Trusted Zone: *.csc.com (HKLM)
O15 - Trusted Zone: *.LMAUC1 (HKLM)
O15 - Trusted Zone: *.onecsc.net (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://cdcln73.lvs.dupont.com/qp2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135a1e2c08da6314f006/netzip/RdxIE601.cab
O16 - DPF: {61803B6E-0994-4C05-AC45-1FE2EEDADECB} (Ariba Client Automation ActiveX Control v1.0.0.16) - http://esm.sscp.dupont.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dupontnet.net
O17 - HKLM\Software\..\Telephony: DomainName = dupontnet.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dupontnet.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: RCEnumDD.dll
O20 - Winlogon Notify: cbxuvst - C:\WINDOWS\SYSTEM32\cbxuvst.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: mljgfgd - C:\WINDOWS\SYSTEM32\mljgfgd.dll
O20 - Winlogon Notify: qomnn - C:\WINDOWS\system32\qomnn.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Asset Management Agent (AmoAgent) - Unknown owner - C:\WINDOWS\UMCSTUB.EXE (file missing)
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM Primer (DMPrimer) - Computer Associates - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FiberlinkComm Monitor Service (FiberlinkCommMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\SYSMGT\TNGURC\rcHost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Accociates, Intl Inc. - C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation. - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Voila j'ai petit pb avec mon PC.
Depuis quelques temps mon PC ouvre des pages web tout seul via Mozilla ou Internet Explorer, pages type "VIRUS PROTECTION' : Attention votre PC a des virus ....bla bla bla ... cliquez ici pour télécharger un protection...
Bon comme je ne suis pas un expert, y aurait-il quelqu'un qui puisse m'aider.
J'ai fait tourner HijackThis et voici le log :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:53:27, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\SYSMGT\TNGURC\rcHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE
C:\Program Files\Symantec\SPA\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\SxpInst\sxplog32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\SYSMGT\TNGSD\BIN\triggusr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Printkey\Printkey.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Documents and Settings\moniezs\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.dupont.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\SxpInst\sxplog32.exe
O1 - Hosts: 52.99.2.54 csdux90
O1 - Hosts: 52.99.2.53 csdux92
O1 - Hosts: 52.99.240.4 gsdda01
O1 - Hosts: 52.99.240.142 rsdix01
O1 - Hosts: 52.99.240.143 rsdix02
O1 - Hosts: 52.99.240.144 rsdix03
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\xwjfwklb.dll
O2 - BHO: (no name) - {1B15CCED-460A-4DDF-9E0C-AA4891E22FA1} - C:\WINDOWS\system32\wwktppca.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9A881238-8303-45C7-A4EC-2F9EB7E5E892} - C:\WINDOWS\system32\qomnn.dll
O2 - BHO: (no name) - {AFC9BF99-BFD7-4CCA-9D5E-025A63757211} - C:\WINDOWS\system32\cbxuvst.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\jkcywouy.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [AMOAgent] c:\sysmgt\tngam\agents\umclogin.exe
O4 - HKLM\..\Run: [CfgDownload] C:\PROGRA~1\IXOS-E~1\bin\CFGDOW~1.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - PocketPC] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtNts4] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtOrg97] C:\Program Files\Common Files\XCPCSync.OEM\Laplink.213-103\XCPCMenuHook.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - ScheduleSync] C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\yjkmsorc.dll",realset
O4 - HKLM\..\RunServices: [Windows Service] nzacqphmju.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CardScan AutoSync] "C:\Program Files\Corex\CardScan\System\csynccfg.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service] nzacqphmju.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrintKey.lnk = C:\Program Files\Printkey\Printkey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://europe.dupont.com
O15 - Trusted Zone: *.csc.com (HKLM)
O15 - Trusted Zone: *.LMAUC1 (HKLM)
O15 - Trusted Zone: *.onecsc.net (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://cdcln73.lvs.dupont.com/qp2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135a1e2c08da6314f006/netzip/RdxIE601.cab
O16 - DPF: {61803B6E-0994-4C05-AC45-1FE2EEDADECB} (Ariba Client Automation ActiveX Control v1.0.0.16) - http://esm.sscp.dupont.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dupontnet.net
O17 - HKLM\Software\..\Telephony: DomainName = dupontnet.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dupontnet.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: RCEnumDD.dll
O20 - Winlogon Notify: cbxuvst - C:\WINDOWS\SYSTEM32\cbxuvst.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: mljgfgd - C:\WINDOWS\SYSTEM32\mljgfgd.dll
O20 - Winlogon Notify: qomnn - C:\WINDOWS\system32\qomnn.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Asset Management Agent (AmoAgent) - Unknown owner - C:\WINDOWS\UMCSTUB.EXE (file missing)
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM Primer (DMPrimer) - Computer Associates - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FiberlinkComm Monitor Service (FiberlinkCommMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\SYSMGT\TNGURC\rcHost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Accociates, Intl Inc. - C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation. - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
A voir également:
- Probleme sur PC qui ouvre des pages Web
- Pc qui rame - Guide
- Télécharger musique gratuitement sur pc - Télécharger - Conversion & Extraction
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Lire epub sur pc - Guide
5 réponses
bonsoir,
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Salut Philae83,
Je me rappelle que tu m'avais aidé il y a quelques mois sur un autre PC.
Je fais ce que tu me dit et je te poste le tout.
A tout à l'heure.
SEJATOAX
Je me rappelle que tu m'avais aidé il y a quelques mois sur un autre PC.
Je fais ce que tu me dit et je te poste le tout.
A tout à l'heure.
SEJATOAX
re
on continue
* Télécharge hostXper
http://www.funkytoad.com/content/view/13/31/
* dézippe le surton bureau.
* Lance Hoster
* clique sur "Microsoft's Hosts file "
et
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
puis
* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
C:\WINDOWS\system32\xwjfwklb.dll
C:\WINDOWS\system32\wwktppca.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix,
puis
* lance hijackthis "scan" puis coche ces lignes :
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\SxpInst\sxplog32.exe
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\xwjfwklb.dll
O2 - BHO: (no name) - {1B15CCED-460A-4DDF-9E0C-AA4891E22FA1} - C:\WINDOWS\system32\wwktppca.dll
O2 - BHO: (no name) - {9A881238-8303-45C7-A4EC-2F9EB7E5E892} - C:\WINDOWS\system32\qomnn.dll (file missing)
O2 - BHO: (no name) - {AFC9BF99-BFD7-4CCA-9D5E-025A63757211} - C:\WINDOWS\system32\cbxuvst.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\yjkmsorc.dll",realset
O4 - HKLM\..\RunServices: [Windows Service] nzacqphmju.exe
O4 - HKCU\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Service] nzacqphmju.exe (User 'SYSTEM')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://cdcln73.lvs.dupont.com/qp2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135a1e2c08da6314f006/netzip/RdxIE601.cab
O16 - DPF: {61803B6E-0994-4C05-AC45-1FE2EEDADECB} (Ariba Client Automation ActiveX Control v1.0.0.16) - http://esm.sscp.dupont.com/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: RCEnumDD.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
* ferme toutes les applications ouvertes y compris Internet Explorer et clique sur "fix checked"
puis
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
c:\windows\system32\nzacqphmju.exe
C:\WINDOWS\system32\yjkmsorc.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
puis reposte les rapports demandés ainsi qu'un nouveau rapport hijackthis stp
on continue
* Télécharge hostXper
http://www.funkytoad.com/content/view/13/31/
* dézippe le surton bureau.
* Lance Hoster
* clique sur "Microsoft's Hosts file "
et
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
puis
* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
C:\WINDOWS\system32\xwjfwklb.dll
C:\WINDOWS\system32\wwktppca.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix,
puis
* lance hijackthis "scan" puis coche ces lignes :
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\SxpInst\sxplog32.exe
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\xwjfwklb.dll
O2 - BHO: (no name) - {1B15CCED-460A-4DDF-9E0C-AA4891E22FA1} - C:\WINDOWS\system32\wwktppca.dll
O2 - BHO: (no name) - {9A881238-8303-45C7-A4EC-2F9EB7E5E892} - C:\WINDOWS\system32\qomnn.dll (file missing)
O2 - BHO: (no name) - {AFC9BF99-BFD7-4CCA-9D5E-025A63757211} - C:\WINDOWS\system32\cbxuvst.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\yjkmsorc.dll",realset
O4 - HKLM\..\RunServices: [Windows Service] nzacqphmju.exe
O4 - HKCU\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Service] nzacqphmju.exe (User 'SYSTEM')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://cdcln73.lvs.dupont.com/qp2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135a1e2c08da6314f006/netzip/RdxIE601.cab
O16 - DPF: {61803B6E-0994-4C05-AC45-1FE2EEDADECB} (Ariba Client Automation ActiveX Control v1.0.0.16) - http://esm.sscp.dupont.com/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: RCEnumDD.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
* ferme toutes les applications ouvertes y compris Internet Explorer et clique sur "fix checked"
puis
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
c:\windows\system32\nzacqphmju.exe
C:\WINDOWS\system32\yjkmsorc.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
puis reposte les rapports demandés ainsi qu'un nouveau rapport hijackthis stp
Voila,
Primo, voila le rapport de Hijackthis.log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:19:06, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\SYSMGT\TNGURC\rcHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\TEMP\6512.tmp
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\SxpInst\sxplog32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\SYSMGT\TNGSD\BIN\triggusr.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Printkey\Printkey.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\moniezs\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.dupont.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AMOAgent] c:\sysmgt\tngam\agents\umclogin.exe
O4 - HKLM\..\Run: [CfgDownload] C:\PROGRA~1\IXOS-E~1\bin\CFGDOW~1.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - PocketPC] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtNts4] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtOrg97] C:\Program Files\Common Files\XCPCSync.OEM\Laplink.213-103\XCPCMenuHook.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - ScheduleSync] C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CardScan AutoSync] "C:\Program Files\Corex\CardScan\System\csynccfg.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: PrintKey.lnk = C:\Program Files\Printkey\Printkey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://europe.dupont.com
O15 - Trusted Zone: *.csc.com (HKLM)
O15 - Trusted Zone: *.LMAUC1 (HKLM)
O15 - Trusted Zone: *.onecsc.net (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dupontnet.net
O17 - HKLM\Software\..\Telephony: DomainName = dupontnet.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dupontnet.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Asset Management Agent (AmoAgent) - Unknown owner - C:\WINDOWS\UMCSTUB.EXE (file missing)
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM Primer (DMPrimer) - Computer Associates - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FiberlinkComm Monitor Service (FiberlinkCommMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\SYSMGT\TNGURC\rcHost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Accociates, Intl Inc. - C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation. - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Primo, voila le rapport de Hijackthis.log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:19:06, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\SYSMGT\TNGURC\rcHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\TEMP\6512.tmp
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\SxpInst\sxplog32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\SYSMGT\TNGSD\BIN\triggusr.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Printkey\Printkey.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\moniezs\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.dupont.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AMOAgent] c:\sysmgt\tngam\agents\umclogin.exe
O4 - HKLM\..\Run: [CfgDownload] C:\PROGRA~1\IXOS-E~1\bin\CFGDOW~1.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - PocketPC] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtNts4] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtOrg97] C:\Program Files\Common Files\XCPCSync.OEM\Laplink.213-103\XCPCMenuHook.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - ScheduleSync] C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CardScan AutoSync] "C:\Program Files\Corex\CardScan\System\csynccfg.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: PrintKey.lnk = C:\Program Files\Printkey\Printkey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://europe.dupont.com
O15 - Trusted Zone: *.csc.com (HKLM)
O15 - Trusted Zone: *.LMAUC1 (HKLM)
O15 - Trusted Zone: *.onecsc.net (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dupontnet.net
O17 - HKLM\Software\..\Telephony: DomainName = dupontnet.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dupontnet.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Asset Management Agent (AmoAgent) - Unknown owner - C:\WINDOWS\UMCSTUB.EXE (file missing)
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM Primer (DMPrimer) - Computer Associates - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FiberlinkComm Monitor Service (FiberlinkCommMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\SYSMGT\TNGURC\rcHost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Accociates, Intl Inc. - C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation. - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
ok, mais le rapport de :
C:\\\_OTMoveIt\MovedFiles.
poste le stp
C:\\\_OTMoveIt\MovedFiles.
poste le stp
Salut Philae83,
Quand je clique sur MoveIT, il me dit qu'il ne peut pas creer le fichier Movedfiles.log
En fait, deja j'ai un petit doute : quand tu dis :
* Lance Hoster
* clique sur "Microsoft's Hosts file "
EN fait je suppose que tu veux dire : "RESTORE MS HOst Files", car c'est la seule option que j'ai . Le PC ne fait rien de particulier...
Je pense que j'ai suivi tes instructions.... mais ca ne marche pas.
Merci de me dire si j'ai fait qqch d'incorrect.
Dans l'espoir de te lire
SEJETOAX
Quand je clique sur MoveIT, il me dit qu'il ne peut pas creer le fichier Movedfiles.log
En fait, deja j'ai un petit doute : quand tu dis :
* Lance Hoster
* clique sur "Microsoft's Hosts file "
EN fait je suppose que tu veux dire : "RESTORE MS HOst Files", car c'est la seule option que j'ai . Le PC ne fait rien de particulier...
Je pense que j'ai suivi tes instructions.... mais ca ne marche pas.
Merci de me dire si j'ai fait qqch d'incorrect.
Dans l'espoir de te lire
SEJETOAX
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour,
as tu regardé tout de même que tu n'as rien à l'emplacement souhaité
dans C
C:\\\_OTMoveIt\MovedFiles.
oui c'est ça, j'ai pas changé mon canned depuis la new version.
est-ce toi qui a mis dans la zone de confiance les sites
des lignes 015 ?
* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm
* tuto en image
https://forum.pcastuces.com/default.asp#haut
à la lettre T
as tu regardé tout de même que tu n'as rien à l'emplacement souhaité
dans C
C:\\\_OTMoveIt\MovedFiles.
EN fait je suppose que tu veux dire : "RESTORE MS HOst Files", car c'est la seule option que j'ai . Le PC ne fait rien de particulier...
oui c'est ça, j'ai pas changé mon canned depuis la new version.
est-ce toi qui a mis dans la zone de confiance les sites
des lignes 015 ?
* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm
* tuto en image
https://forum.pcastuces.com/default.asp#haut
à la lettre T
J'ai fait ce que tu m'as dit.
Voila le rapport VundoFix :
VundoFix V6.3.21
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 21:23:41 02/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbxuvst.dll
C:\WINDOWS\system32\crosmkjy.ini
C:\WINDOWS\system32\jgqpavtc.dll
C:\WINDOWS\system32\jhbdmrdh.dll
C:\WINDOWS\system32\jkcywouy.dll
C:\WINDOWS\system32\jrmoxrje.dll
C:\WINDOWS\system32\mljgfgd.dll
C:\WINDOWS\system32\nnmoq.bak1
C:\WINDOWS\system32\nnmoq.bak2
C:\WINDOWS\system32\nnmoq.ini
C:\WINDOWS\system32\nnmoq.ini2
C:\WINDOWS\system32\nnmoq.tmp
C:\WINDOWS\system32\qomnn.dll
C:\WINDOWS\system32\tvlhqklw.dll
C:\WINDOWS\system32\whsgvcmq.dll
C:\WINDOWS\system32\yjkmsorc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxuvst.dll
C:\WINDOWS\system32\cbxuvst.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\crosmkjy.ini
C:\WINDOWS\system32\crosmkjy.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jgqpavtc.dll
C:\WINDOWS\system32\jgqpavtc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jhbdmrdh.dll
C:\WINDOWS\system32\jhbdmrdh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkcywouy.dll
C:\WINDOWS\system32\jkcywouy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jrmoxrje.dll
C:\WINDOWS\system32\jrmoxrje.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgfgd.dll
C:\WINDOWS\system32\mljgfgd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnmoq.bak1
C:\WINDOWS\system32\nnmoq.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnmoq.bak2
C:\WINDOWS\system32\nnmoq.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnmoq.ini
C:\WINDOWS\system32\nnmoq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnmoq.ini2
C:\WINDOWS\system32\nnmoq.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnmoq.tmp
C:\WINDOWS\system32\nnmoq.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnn.dll
C:\WINDOWS\system32\qomnn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tvlhqklw.dll
C:\WINDOWS\system32\tvlhqklw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\whsgvcmq.dll
C:\WINDOWS\system32\whsgvcmq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yjkmsorc.dll
C:\WINDOWS\system32\yjkmsorc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxuvst.dll
C:\WINDOWS\system32\cbxuvst.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et puis celui de HijackThis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:10:55, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\SYSMGT\TNGURC\rcHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE
C:\Program Files\Symantec\SPA\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\TEMP\98F1.tmp
C:\SxpInst\sxplog32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\SYSMGT\TNGSD\BIN\triggusr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Printkey\Printkey.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\moniezs\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.dupont.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\SxpInst\sxplog32.exe
O1 - Hosts: 52.99.2.54 csdux90
O1 - Hosts: 52.99.2.53 csdux92
O1 - Hosts: 52.99.240.4 gsdda01
O1 - Hosts: 52.99.240.142 rsdix01
O1 - Hosts: 52.99.240.143 rsdix02
O1 - Hosts: 52.99.240.144 rsdix03
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\xwjfwklb.dll
O2 - BHO: (no name) - {1B15CCED-460A-4DDF-9E0C-AA4891E22FA1} - C:\WINDOWS\system32\wwktppca.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9A881238-8303-45C7-A4EC-2F9EB7E5E892} - C:\WINDOWS\system32\qomnn.dll (file missing)
O2 - BHO: (no name) - {AFC9BF99-BFD7-4CCA-9D5E-025A63757211} - C:\WINDOWS\system32\cbxuvst.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [AMOAgent] c:\sysmgt\tngam\agents\umclogin.exe
O4 - HKLM\..\Run: [CfgDownload] C:\PROGRA~1\IXOS-E~1\bin\CFGDOW~1.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - PocketPC] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\PocketPC\AUTODE~1.EXE
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtNts4] C:\PROGRA~1\COMMON~1\XCPCSync.OEM\LAPLIN~1.213\TRANSL~1\LtNts4\NtsAgnt.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - LtOrg97] C:\Program Files\Common Files\XCPCSync.OEM\Laplink.213-103\XCPCMenuHook.exe
O4 - HKLM\..\Run: [Laplink PDASync 3.2 - ScheduleSync] C:\PROGRA~1\LAPLIN~1.2\SCHEDU~1.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\e360SysTray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\yjkmsorc.dll",realset
O4 - HKLM\..\RunServices: [Windows Service] nzacqphmju.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CardScan AutoSync] "C:\Program Files\Corex\CardScan\System\csynccfg.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Windows Service] nzacqphmju.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service] nzacqphmju.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Server Runtime Process] C:\WINDOWS\system32\wbem\wbemstest.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrintKey.lnk = C:\Program Files\Printkey\Printkey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://europe.dupont.com
O15 - Trusted Zone: *.csc.com (HKLM)
O15 - Trusted Zone: *.LMAUC1 (HKLM)
O15 - Trusted Zone: *.onecsc.net (HKLM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://cdcln73.lvs.dupont.com/qp2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135a1e2c08da6314f006/netzip/RdxIE601.cab
O16 - DPF: {61803B6E-0994-4C05-AC45-1FE2EEDADECB} (Ariba Client Automation ActiveX Control v1.0.0.16) - http://esm.sscp.dupont.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dupontnet.net
O17 - HKLM\Software\..\Telephony: DomainName = dupontnet.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dupontnet.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: RCEnumDD.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Asset Management Agent (AmoAgent) - Unknown owner - C:\WINDOWS\UMCSTUB.EXE (file missing)
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM Primer (DMPrimer) - Computer Associates - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FiberlinkComm Monitor Service (FiberlinkCommMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\FLUtilsSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\SYSMGT\TNGURC\rcHost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Accociates, Intl Inc. - C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation. - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe