Questce qui est bon et pas bon

[phithomas]

Logfile of HijackThis v1.99.1

Scan saved at 01:40:50, on 24/09/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRAM FILES\UMSD TOOLS2.35\UMSD.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\misiCTRL.exe

C:\WINDOWS\SYSTEM\MISITRAY.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\CMEII\CMESYS.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\DAP\DAP.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE

C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE

C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\GMT\GMT.EXE

C:\PROGRAM FILES\FREEDIAL\FREEDIAL.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE

C:\WINDOWS\NOTEPAD.EXE

C:\WINDOWS\BUREAU\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://your-searcher.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL

O2 - BHO: Class - {E3B9B58F-7428-A46F-BDB7-E86BF07130FF} - C:\WINDOWS\SYSTEM\IEIM32.DLL

O2 - BHO: (no name) - {1C816AE0-721A-11D9-9A59-444553540000} - C:\WINDOWS\SYSTEM\MSZOE.DLL

O2 - BHO: (no name) - {C28D5A21-721A-11D9-9A59-44456F434D57} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\BMWPL.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL

O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\IESP1.DLL

O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\BMWPL.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\\NVCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [barre d'état système] SysTray.Exe

O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools2.35\umsd.exe sys_auto_run C:\Program Files\UMSD Tools2.35

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SPLASH SCREEN\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4\UTILITY\MMOVER32\PQINIT.EXE

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Fichiers communs\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [misiCTRL] C:\WINDOWS\SYSTEM\misiCTRL.exe

O4 - HKLM\..\Run: [misiTRAY] C:\WINDOWS\SYSTEM\misiTRAY.exe

O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\FICHIERS COMMUNS\CMEII\CMESYS.EXE"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe

O4 - HKLM\..\Run: [ipcfg.exe] C:\WINDOWS\SYSTEM\IPCFG.EXE

O4 - HKLM\..\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE

O4 - HKLM\..\Run: [sysTray] C:\WINDOWS\SYSTEM\SNNPAPI.EXE

O4 - HKLM\..\Run: [bogobot] Dest068.exe

O4 - HKLM\..\Run: [sysconf16] newbreed.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM\..\Run: [down] MSXMIDI.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\sentstrt.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe

O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"

O4 - HKCU\..\Run: [___] startman.exe

O4 - HKCU\..\Run: [NopeZ] Uint32.exe

O4 - HKCU\..\Run: [_ctcp] ActionScr.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe

O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - User Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - User Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - User Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O15 - Trusted Zone: http://*.63.219.181.7

O16 - DPF: {10000000-1000-0000-1000-000000000000} -

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab

O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSEWC.cab

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab

O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\foo.mht!http://66.98.208.89/x3x/fr.chm::/adult.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...1bb9ab412ee222b

O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://64.200.26.76/d1/arctaa.chm::/painter.exe

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab

O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab

O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:oexist.mht!http://crdrcr.com/chm.chm::/a.exe

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2df997f9/enter.cab

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.161.131,85.255.112.14

O18 - Filter: text/html - {C28D5A20-721A-11D9-9A59-4445000FE8CC} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

O18 - Filter: text/plain - {C28D5A20-721A-11D9-9A59-4445000FE8CC} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

[Thanos]

salut phithomas et bienvenue sur le forum

 

Tu as bien fait de venir , ton pc agonisait!!!

 

-Télécharge Spybot S&D,met le à jour:

http://www.safer-networking.org/fr/index.html

 

-Télécharge Clean Up 40:

http://www.stevengould.org/software/cleanup/

 

-Télécharge HSRemove

ICI

 

--télécharge CWshredder:

http://www.trendmicro.com/ftp/products/onl.../cwshredder.exe

 

-Télécharge EasyCleaner

http://personal.inet.fi/business/toniarts/ecleane.htm

 

redémarre le PC, impérativement en mode sans échec, (n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Assure toi d'avoir accès à tous les fichiers.

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

 

Passe par Installer /Désinstaller(Panneau de Configuration) et désinstalle les programmes suivant:

-SearchToolbar

-FreshBar

-DAP

-DSB

-WareOut

 

Démarre Hijackthis "Do a system scan only", et coche les lignes suivantes :

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://your-searcher.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

 

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL

O2 - BHO: Class - {E3B9B58F-7428-A46F-BDB7-E86BF07130FF} - C:\WINDOWS\SYSTEM\IEIM32.DLL

O2 - BHO: (no name) - {1C816AE0-721A-11D9-9A59-444553540000} - C:\WINDOWS\SYSTEM\MSZOE.DLL

O2 - BHO: (no name) - {C28D5A21-721A-11D9-9A59-44456F434D57} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\BMWPL.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL

O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\IESP1.DLL

O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\BMWPL.DLL

 

O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\FICHIERS COMMUNS\CMEII\CMESYS.EXE"

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe

O4 - HKLM\..\Run: [ipcfg.exe] C:\WINDOWS\SYSTEM\IPCFG.EXE

O4 - HKLM\..\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE

O4 - HKLM\..\Run: [sysTray] C:\WINDOWS\SYSTEM\SNNPAPI.EXE

O4 - HKLM\..\Run: [bogobot] Dest068.exe

O4 - HKLM\..\Run: [sysconf16] newbreed.exe

O4 - HKLM\..\Run: [down] MSXMIDI.EXE

O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\sentstrt.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

 

O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"

O4 - HKCU\..\Run: [___] startman.exe

O4 - HKCU\..\Run: [NopeZ] Uint32.exe

O4 - HKCU\..\Run: [_ctcp] ActionScr.exe

O4 - Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe

O4 - User Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe

 

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

 

O15 - Trusted Zone: http://*.63.219.181.7

O16 - DPF: {10000000-1000-0000-1000-000000000000} -

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab

O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSEWC.cab

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab

O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\foo.mht!http://66.98.208.89/x3x/fr.chm::/adult.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...1bb9ab412ee222b

O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://64.200.26.76/d1/arctaa.chm::/painter.exe

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab

O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab

O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:oexist.mht!http://crdrcr.com/chm.chm::/a.exe

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2df997f9/enter.cab

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

 

O18 - Filter: text/html - {C28D5A20-721A-11D9-9A59-4445000FE8CC} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

O18 - Filter: text/plain - {C28D5A20-721A-11D9-9A59-4445000FE8CC} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

 

Ferme toutes les fenêtres, tous les programmes et clique surFix checked

 

-Exécute HSremove

 

-Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

 

-C:\PROGRAM FILES\DAP

-C:\WINDOWS\SYSTEM\IEIM32.DLL

-C:\WINDOWS\SYSTEM\MSZOE.DLL

-C:\WINDOWS\SYSTEM\ENIHIB.DLL

-C:\WINDOWS\SYSTEM\BMWPL.DLL

-C:\WINDOWS\SYSTEM\MSDXM.OCX

-C:\WINDOWS\SYSTEM\IESP1.DLL

-C:\WINDOWS\SYSTEM\BMWPL.DLL

-C:\Program Files\DSB

-C:\PROGRAM FILES\FICHIERS COMMUNS\CMEII

-C:\WINDOWS\system32\xpsp2fw.exe

-C:\WINDOWS\SYSTEM\IPCFG.EXE

-C:\WINDOWS\SYSTEM\SCANDS32.EXE

-C:\WINDOWS\SYSTEM\SNNPAPI.EXE

-C:\WINDOWS\system32\rundll32.vbe

-C:\WINDOWS\SYSTEM\sentstrt.exe

-C:\Program Files\WareOut

-C:\Program Files\Fichiers communs\GMT

-C:\WINDOWS\SYSTEM\ENIHIB.DLL

 

*Dans System32 probablement:

- Dest068.exe

-[sysconf16] newbreed.exe

-[down] MSXMIDI.EXE

-startman.exe

- Uint32.exe

- ActionScr.exe

 

--Lance CWShredder et clique sur fix

 

--Lance Spybot S&D et vire ce qu'il trouve.

 

J'ai un doute concernant ceci=> O4 - HKLM\..\Run: [barre d'état système] SysTray.Exe :

 

Plutôt l'habitude de voir ceci=> O4 - HKLM\..\Run: [systemTray] SysTray.Exe

 

Fais donc analyser ce SysTray.Exe qui doit se trouver dans "C:\WINDOWS\SYSTEM\SYSTRAY.EXE"

 

par le virus scan de jotti=> http://virusscan.jotti.org/ et donne le résultat.

 

-Exécute EasyCleaner Registre et Inutiles.Ne pas toucher à la fonction doublons. Supprime tout ce qu'il te propose.

 

-Exécute Cleanup40

 

-aide en image:(merci a Balltrap34)

http://pageperso.aol.fr/balltrap34/democleanup.htm

 

Redémarre normalement et poste un nouveau rapport Hijackthis pour vérification.

 

EDIT: installe d'urgence =>un parefeu!!! sinon toute désinfection est inutile!!

 

-zone alarm: http://telechargement.zebulon.fr/58-zonealarm-60-fr.html

 

-son tutorial: http://www.zebulon.fr/articles/configurationZA_1.php

Modifié le 24 septembre 2005 par charles ingals

[bebert]

...alors là...respect et chapeau bas!!

[ipl_001]

Bonjour phithomas, charles ingals, bebert, bonjour à tous,

 

Messages : 1

Je te souhaite la bienvenue sur Zeb'Sécurité ! Merci de venir sur notre forum !

 

Tu ne nous dis pas si ton Win98 tournait bien !

 

"Questce qui est bon et pas bon"

Pour ce qui est "pas bon", charles ingals a donné une réponse...

Pour le "bon", ta question est plus difficile : on cherche toujours !

 

NB : S'il te plaît, ne prends pas mes mots pour des remarques méchantes ! C'est écrit avec un ton souriant mais pas moqueur !

[phithomas]

(fusionné)

 

Logfile of HijackThis v1.99.1

Scan saved at 21:32:04, on 26/09/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\CMEII\CMESYS.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\PROGRAM FILES\DAP\DAP.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\WINDOWS\SYSTEM\MISITRAY.EXE

C:\WINDOWS\SYSTEM\misiCTRL.exe

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\UMSD TOOLS2.35\UMSD.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE

C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\GMT\GMT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\FREEDIAL\FREEDIAL.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\BUREAU\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://your-searcher.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

O2 - BHO: (no name) - {1C816AE0-721A-11D9-9A59-444553540000} - C:\WINDOWS\SYSTEM\MSZOE.DLL

O2 - BHO: Class - {E3B9B58F-7428-A46F-BDB7-E86BF07130FF} - C:\WINDOWS\SYSTEM\IEIM32.DLL

O2 - BHO: (no name) - {A1579DCA-2ED0-11DA-9A5B-DE4BF04E102D} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

O3 - Toolbar: (no name) - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - (no file)

O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\FICHIERS COMMUNS\CMEII\CMESYS.EXE"

O4 - HKLM\..\Run: [down] MSXMIDI.EXE

O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sysconf16] newbreed.exe

O4 - HKLM\..\Run: [bogobot] Dest068.exe

O4 - HKLM\..\Run: [sysTray] C:\WINDOWS\SYSTEM\SNNPAPI.EXE

O4 - HKLM\..\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE

O4 - HKLM\..\Run: [ipcfg.exe] C:\WINDOWS\SYSTEM\IPCFG.EXE

O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKLM\..\Run: [misiTRAY] C:\WINDOWS\SYSTEM\misiTRAY.exe

O4 - HKLM\..\Run: [misiCTRL] C:\WINDOWS\SYSTEM\misiCTRL.exe

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Fichiers communs\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4\UTILITY\MMOVER32\PQINIT.EXE

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SPLASH SCREEN\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools2.35\umsd.exe sys_auto_run C:\Program Files\UMSD Tools2.35

O4 - HKLM\..\Run: [barre d'état système] SysTray.Exe

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\\NVCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\sentstrt.exe

O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKCU\..\Run: [_ctcp] ActionScr.exe

O4 - HKCU\..\Run: [NopeZ] Uint32.exe

O4 - HKCU\..\Run: [___] startman.exe

O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"

O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe

O4 - Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - User Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe

O4 - User Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - User Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O15 - Trusted Zone: http://*.63.219.181.7'>http://*.63.219.181.7

O15 - Trusted Zone: http://*.63.219.181.7

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab

O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\foo.mht!http://66.98.208.89/x3x/fr.chm::/adult.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...1bb9ab412ee222b

O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://64.200.26.76/d1/arctaa.chm::/painter.exe

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab

O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab

O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:oexist.mht!http://crdrcr.com/chm.chm::/a.exe

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2df997f9/enter.cab

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.113.122,85.255.112.13

O18 - Filter: text/html - {A1579DC9-2ED0-11DA-9A5B-DE4B009C8E5A} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

O18 - Filter: text/plain - {A1579DC9-2ED0-11DA-9A5B-DE4B009C8E5A} - C:\WINDOWS\SYSTEM\ENIHIB.DLL

[ipl_001]

(fusionné)

 

Bonsoir phithomas, bonsoir à tous,

 

Je te souhaite la bienvenue sur Zeb'Sécurité ! Merci de venir sur notre forum !

 

Ton système est bien infecté... Windows 98 est particulièrement exposé aux menaces du Web !

 

S'il te plaît, applique la procédure "Pré-Nettoyage d'un PC infecté" -> http://forum.zebulon.fr/index.php?showtopic=69176

 

Lorsque tu auras posté le rapport HijackThis qui en résulte, nous l'analyserons et te dirons que faire !

[Thanos]

(fusionné)

 

salut ipl_001,phithomas

 

Tu n'as pas recherché le message que tu as posté le samedi 24/05 !!!=>

 

http://forum.zebulon.fr/index.php?showtopic=75518

 

S'il te plait continue la discussion sur le même post , qu'il n'y ait pas deux analyses pour

 

le même sujet!! Ipl peux tu fusionner les deux topics? Merci