ravagelo

Listing files found while scanning.... C:\WINDOWS\system32\rqopmnl.dll C:\WINDOWS\system32\ihkmp.bak1 C:\WINDOWS\system32\ihkmp.tmp C:\WINDOWS\system32\ihkmp.ini C:\WINDOWS\system32\ihkmp.ini2 C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\ihkmp.ini2 C:\WINDOWS\system32\ihkmp.tmp C:\WINDOWS\system32\ihkmp.ini C:\WINDOWS\system32\ihkmp.ini2 C:\WINDOWS\system32\pmkhi.dll Attempting to delete C:\WINDOWS\system32\rqopmnl.dll C:\WINDOWS\system32\rqopmnl.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ihkmp.bak1 C:\WINDOWS\system32\ihkmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ihkmp.tmp C:\WINDOWS\system32\ihkmp.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\ihkmp.ini C:\WINDOWS\system32\ihkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ihkmp.ini2 C:\WINDOWS\system32\ihkmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\pmkhi.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ihkmp.ini C:\WINDOWS\system32\ihkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\pmkhi.dll Could not be deleted. Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 11:32:47, on 01/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\cusrvc.exe c:\Program Files\IP VPN Remote Services\cvpnd.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\Program Files\AccessManager\Client\sygman.exe C:\WINDOWS\System32\tlntsvr.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\Belkin\LOGICI~1\BTSTAC~1.EXE C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\TEMP\win28.tmp.exe C:\WINDOWS\TEMP\idd29.tmp.exe C:\Documents and Settings\lo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Cisco Systems IP VPN Remote Services.lnk = C:\Program Files\IP VPN Remote Services\vpngui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chezmoi O17 - HKLM\Software\..\Telephony: DomainName = chezmoi O17 - HKLM\System\CCS\Services\Tcpip\..\{89277C11-48CF-4C26-9630-97A0E81B9156}: NameServer = 212.27.54.252,212.27.39.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chezmoi O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chezmoi O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = chezmoi O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = chezmoi O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chezmoi O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\IP VPN Remote Services\cvpnd.exe O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe O23 - Service: Network Monitor - Novell, Inc. - (no file) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\appli\ORACLE\BIN\ONRSD.EXE O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Bha le PC ne va pas bien du tout ^^ J'ai toute mes aapplication en Tray qui n'apparaissent plus (genre: trafic reseau Wifi, add-watch qui demarre plus en auto ...ect..etc) - add-ware signale 'Virtumonde' a chaque scan. (l'anti-virus ne voit rien, et la cle registre signalé par add-ware est absente) - Un Win32.dialer.trojan qui se fait bloquer 15 fois par jour ... - Un repertoire Temp repli de 'truc' pas sympa de genre machin.tmp.exe De plus en utilisant l'outil Vundofix, j'ai des .dll detectés en permanence mais qui reviennent toujours.

Bonjour, j'ai parcouru enormement de post concernant ce 'truc', mais je n'arrive pas a l'eliminer .... Logfile of HijackThis v1.99.1 Scan saved at 00:56:19, on 01/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\cusrvc.exe c:\Program Files\IP VPN Remote Services\cvpnd.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\Program Files\AccessManager\Client\sygman.exe C:\WINDOWS\System32\tlntsvr.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\NWTRAY.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\lo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Cisco Systems IP VPN Remote Services.lnk = C:\Program Files\IP VPN Remote Services\vpngui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O14 - IERESET.INF: START_PAGE_URL=http://google.fr O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chezmoi O17 - HKLM\Software\..\Telephony: DomainName = chezmoi O17 - HKLM\System\CCS\Services\Tcpip\..\{12D432AC-EBF7-4E49-93E7-8E1145307CEF}: NameServer = 212.27.54.252,212.27.39.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{89277C11-48CF-4C26-9630-97A0E81B9156}: NameServer = 212.27.54.252,212.27.39.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chezmoi O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chezmoi O17 - HKLM\System\CS1\Services\Tcpip\..\{12D432AC-EBF7-4E49-93E7-8E1145307CEF}: NameServer = 212.27.54.252,212.27.39.2 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = chezmoi O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = chezmoi O17 - HKLM\System\CS2\Services\Tcpip\..\{12D432AC-EBF7-4E49-93E7-8E1145307CEF}: NameServer = 212.27.54.252,212.27.39.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chezmoi O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\IP VPN Remote Services\cvpnd.exe O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe O23 - Service: Network Monitor - Novell, Inc. - (no file) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\appli\ORACLE\BIN\ONRSD.EXE O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe