Problème internet explorer/ realsearch

chicane -  
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
Bonjour,

Lors d'une connection le 29/12/2004, mon anti-virus s'est déclenché. malgré cela depuis que je relance internet explorer (windows XP) plusieurs problèmes se posent:

- La page d'accueil est realserch.cc et impossible d'en changer!!! à chaque fois que je modifie ce paramète au redemarrage ça repart avec realsearch.cc...( idem pour la fonction recherche d'ie)

- Dans mes favoris apparait un dossier free ardco porn que l'on peut supprimer mais qui revient à chaque demarrage.

Que faire pour venir à bout de ces pollutions?
Merci beaucoup de vos réponses
bruno

10 réponses

  1. medicis Messages postés 10 Statut Membre
     
    suite au téléchargement de Hijackthis voila ce que j'obtiens

    Logfile of HijackThis v1.99.0
    Scan saved at 16:46:02, on 01/01/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\xpsp2fw.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\GREGOIRE Philippe\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://realsearch.cc/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
    O2 - BHO: ADW Class - {00000000-002B-EFE6-6B08-560C01922D3B} - C:\WINDOWS\System32\apcups32.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
    O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\mswl.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
    O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\msiesh.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
    O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EEB18F6-3AD8-4833-9F20-53BBE3E16B3C}: NameServer = 212.27.32.176 212.27.39.1
    O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
    O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
    O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Network Manager Provider - Unknown - C:\WINDOWS\System32\drivers\svchost.exe (file missing)
    O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

    Que faire?merci
    Bruno
    0
  2. tufs
     
    re il faut dabord faire un peu le menage avec ça
    http://maxtinium.free.fr/acceuil.php3?twap=spyware.php3
    parceque ton log et remplie de spywares en tout genres
    apres tu nous recolle ton log pour analyse
    0
    1. medicis Messages postés 10 Statut Membre
       
      Ad-Aware SE Build 1.05
      Logfile Created on:samedi 1 janvier 2005 17:14:39
      Created with Ad-Aware SE Personal, free for private use.
      Using definitions file:SE1R24 29.12.2004
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      References detected during the scan:
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
      Alexa(TAC index:5):11 total references
      BargainBuddy(TAC index:8):1 total references
      CoolWebSearch(TAC index:10):74 total references
      istbar.dotcomToolbar(TAC index:5):2 total references
      istbar(TAC index:6):2 total references
      Other(TAC index:5):2 total references
      Possible Browser Hijack attempt(TAC index:3):4 total references
      Tracking Cookie(TAC index:3):8 total references
      TX4.BrowserAd(TAC index:3):7 total references
      WebDialer(TAC index:5):1 total references
      Win32.Welchia.B(TAC index:8):16 total references
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      Ad-Aware SE Settings
      ===========================
      Set : Search for negligible risk entries
      Set : Safe mode (always request confirmation)
      Set : Scan active processes
      Set : Scan registry
      Set : Deep-scan registry
      Set : Scan my IE Favorites for banned URLs
      Set : Scan my Hosts file

      Extended Ad-Aware SE Settings
      ===========================
      Set : Unload recognized processes & modules during scan
      Set : Scan registry for all users instead of current user only
      Set : Always try to unload modules before deletion
      Set : During removal, unload Explorer and IE if necessary
      Set : Let Windows remove files in use at next reboot
      Set : Delete quarantined objects after restoring
      Set : Include basic Ad-Aware settings in log file
      Set : Include additional Ad-Aware settings in log file
      Set : Include reference summary in log file
      Set : Include alternate data stream details in log file
      Set : Play sound at scan completion if scan locates critical objects


      01-01-2005 17:14:39 - Scan started. (Full System Scan)

      Listing running processes
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      #:1 [smss.exe]
      FilePath : \SystemRoot\System32\
      ProcessID : 428
      ThreadCreationTime : 01-01-2005 14:51:29
      BasePriority : Normal


      #:2 [csrss.exe]
      FilePath : \??\C:\WINDOWS\system32\
      ProcessID : 484
      ThreadCreationTime : 01-01-2005 14:51:35
      BasePriority : Normal


      #:3 [winlogon.exe]
      FilePath : \??\C:\WINDOWS\system32\
      ProcessID : 508
      ThreadCreationTime : 01-01-2005 14:51:36
      BasePriority : High


      #:4 [services.exe]
      FilePath : C:\WINDOWS\system32\
      ProcessID : 552
      ThreadCreationTime : 01-01-2005 14:51:36
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Système d'exploitation Microsoft® Windows®
      CompanyName : Microsoft Corporation
      FileDescription : Applications Services et Contrôleur
      InternalName : services.exe
      LegalCopyright : © Microsoft Corporation. Tous droits réservés.
      OriginalFilename : services.exe

      #:5 [lsass.exe]
      FilePath : C:\WINDOWS\system32\
      ProcessID : 564
      ThreadCreationTime : 01-01-2005 14:51:36
      BasePriority : Normal
      FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
      ProductVersion : 5.1.2600.1106
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : LSA Shell (Export Version)
      InternalName : lsass.exe
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : lsass.exe

      #:6 [svchost.exe]
      FilePath : C:\WINDOWS\system32\
      ProcessID : 760
      ThreadCreationTime : 01-01-2005 14:51:37
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : Generic Host Process for Win32 Services
      InternalName : svchost.exe
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : svchost.exe

      #:7 [svchost.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 784
      ThreadCreationTime : 01-01-2005 14:51:37
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : Generic Host Process for Win32 Services
      InternalName : svchost.exe
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : svchost.exe

      #:8 [svchost.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 880
      ThreadCreationTime : 01-01-2005 14:51:37
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : Generic Host Process for Win32 Services
      InternalName : svchost.exe
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : svchost.exe

      #:9 [svchost.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 936
      ThreadCreationTime : 01-01-2005 14:51:37
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : Generic Host Process for Win32 Services
      InternalName : svchost.exe
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : svchost.exe

      #:10 [spoolsv.exe]
      FilePath : C:\WINDOWS\system32\
      ProcessID : 1052
      ThreadCreationTime : 01-01-2005 14:51:38
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (XPClient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : Spooler SubSystem App
      InternalName : spoolsv.exe
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : spoolsv.exe

      #:11 [explorer.exe]
      FilePath : C:\WINDOWS\
      ProcessID : 1304
      ThreadCreationTime : 01-01-2005 14:51:43
      BasePriority : Normal
      FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
      ProductVersion : 6.00.2800.1106
      ProductName : Système d'exploitation Microsoft® Windows®
      CompanyName : Microsoft Corporation
      FileDescription : Explorateur Windows
      InternalName : explorer
      LegalCopyright : © Microsoft Corporation. Tous droits réservés.
      OriginalFilename : EXPLORER.EXE
      Warning! CoolWebSearch Object found in memory(C:\Program Files\Submit\submithook.dll)

      CoolWebSearch Object Recognized!
      Type : Process
      Data : submithook.dll
      Category : Malware
      Comment :
      Object : C:\Program Files\Submit\
      FileVersion : 1, 6, 0, 0
      ProductVersion : 1, 6, 0, 1
      ProductName : Free Community Toolbar
      FileDescription : Free Community Toolbar
      InternalName : Free Community
      LegalCopyright : Copyright 2002
      OriginalFilename : LizardBar.dll

      Warning! CoolWebSearch Object found in memory(C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\msiesh.dll)

      CoolWebSearch Object Recognized!
      Type : Process
      Data : msiesh.dll
      Category : Malware
      Comment :
      Object : C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\
      FileVersion : 1, 0, 0, 9
      ProductVersion : 1, 0, 0, 9
      ProductName : SearchHook Module
      FileDescription : SearchHook Module
      InternalName : SearchHook
      LegalCopyright : Copyright 2003
      OriginalFilename : SearchHook.DLL


      #:12 [alg.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 1364
      ThreadCreationTime : 01-01-2005 14:51:44
      BasePriority : Normal
      FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
      ProductVersion : 5.1.2600.1106
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : Application Layer Gateway Service
      InternalName : ALG.exe
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : ALG.exe

      #:13 [nvsvc32.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 1412
      ThreadCreationTime : 01-01-2005 14:51:44
      BasePriority : Normal
      FileVersion : 6.14.10.4403
      ProductVersion : 6.14.10.4403
      ProductName : NVIDIA Driver Helper Service, Version 44.03
      CompanyName : NVIDIA Corporation
      FileDescription : NVIDIA Driver Helper Service, Version 44.03
      InternalName : NVSVC
      LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
      OriginalFilename : nvsvc32.exe

      #:14 [svchost.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 1528
      ThreadCreationTime : 01-01-2005 14:51:44
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : Generic Host Process for Win32 Services
      InternalName : svchost.exe
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : svchost.exe

      #:15 [tmntsrv.exe]
      FilePath : C:\Program Files\Trend Micro\PC-cillin 9\
      ProcessID : 1548
      ThreadCreationTime : 01-01-2005 14:51:44
      BasePriority : Normal
      FileVersion : 9.0.6.1403
      ProductVersion : 9.0.6
      ProductName : Trend Pc-cillin 9.0
      CompanyName : Trend Micro Inc.
      FileDescription : Tmntsrv
      InternalName : Tmntsrv
      LegalCopyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
      LegalTrademarks : Copyright (C) Trend Micro Inc.
      OriginalFilename : Tmntsrv.exe

      #:16 [wdfmgr.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 1608
      ThreadCreationTime : 01-01-2005 14:51:44
      BasePriority : Normal
      FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
      ProductVersion : 5.2.3790.1230
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : Windows User Mode Driver Manager
      InternalName : WdfMgr
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : WdfMgr.exe

      #:17 [fxssvc.exe]
      FilePath : C:\WINDOWS\system32\
      ProcessID : 1748
      ThreadCreationTime : 01-01-2005 14:51:45
      BasePriority : Normal
      FileVersion : 5.2.1776.1023
      ProductVersion : 5.2.1776.1023
      ProductName : Microsoft® Fax Server
      CompanyName : Microsoft Corporation
      FileDescription : Service de télécopie
      InternalName : FXSSVC.EXE
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : FXSSVC.EXE

      #:18 [rundll32.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 1900
      ThreadCreationTime : 01-01-2005 14:51:46
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Système d'exploitation Microsoft® Windows®
      CompanyName : Microsoft Corporation
      FileDescription : Exécuter une DLL en tant qu'application
      InternalName : rundll
      LegalCopyright : © Microsoft Corporation. Tous droits réservés.
      OriginalFilename : RUNDLL.EXE

      #:19 [realsched.exe]
      FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
      ProcessID : 1908
      ThreadCreationTime : 01-01-2005 14:51:46
      BasePriority : Normal
      FileVersion : 0.1.0.1622
      ProductVersion : 0.1.0.1622
      ProductName : RealOne Player (32-bit)
      CompanyName : RealNetworks, Inc.
      FileDescription : RealNetworks Scheduler
      InternalName : schedapp
      LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
      LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
      OriginalFilename : realsched.exe

      #:20 [pccguide.exe]
      FilePath : C:\Program Files\Trend Micro\PC-cillin 9\
      ProcessID : 1916
      ThreadCreationTime : 01-01-2005 14:51:46
      BasePriority : Normal
      FileVersion : 9.0.6.1403
      ProductVersion : 9.0.6
      ProductName : Trend Pc-cillin 9.0
      CompanyName : Trend Micro Inc.
      FileDescription : PCCGuide
      InternalName : PCCGuide
      LegalCopyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
      LegalTrademarks : Copyright (C) Trend Micro Inc.
      OriginalFilename : PCCGuide

      #:21 [pccclient.exe]
      FilePath : C:\Program Files\Trend Micro\PC-cillin 9\
      ProcessID : 1924
      ThreadCreationTime : 01-01-2005 14:51:46
      BasePriority : Normal
      FileVersion : 9.0.6.1403
      ProductVersion : 9.0.6
      ProductName : Trend Pc-cillin 9.0
      CompanyName : Trend Micro Inc.
      FileDescription : PCCClient
      InternalName : PCCClient
      LegalCopyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
      LegalTrademarks : Copyright (C) Trend Micro Inc.
      OriginalFilename : PCCClient

      #:22 [pop3trap.exe]
      FilePath : C:\Program Files\Trend Micro\PC-cillin 9\
      ProcessID : 1932
      ThreadCreationTime : 01-01-2005 14:51:46
      BasePriority : Normal
      FileVersion : 9.0.6.1403
      ProductVersion : 9.0.6
      ProductName : Trend Pc-cillin 9.0
      CompanyName : Trend Micro Inc.
      FileDescription : POP3Trap
      InternalName : POP3Trap
      LegalCopyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved.
      LegalTrademarks : Copyright (C) Trend Micro Inc.
      OriginalFilename : POP3Trap

      #:23 [msnappau.exe]
      FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\
      ProcessID : 2028
      ThreadCreationTime : 01-01-2005 14:51:46
      BasePriority : Normal


      #:24 [logitray.exe]
      FilePath : C:\Program Files\Logitech\Video\
      ProcessID : 152
      ThreadCreationTime : 01-01-2005 14:51:47
      BasePriority : Normal
      FileVersion : 8.1.5.1016
      ProductVersion : 8.1.5.1016
      ProductName : Logitech QuickCam
      CompanyName : Logitech Inc.
      FileDescription : ImageStudio Tray Application
      InternalName : LogiTray.exe
      LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
      OriginalFilename : LogiTray.exe

      #:25 [xpsp2fw.exe]
      FilePath : C:\WINDOWS\system32\
      ProcessID : 164
      ThreadCreationTime : 01-01-2005 14:51:47
      BasePriority : Normal


      #:26 [ctfmon.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 172
      ThreadCreationTime : 01-01-2005 14:51:47
      BasePriority : Normal
      FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
      ProductVersion : 5.1.2600.1106
      ProductName : Microsoft® Windows® Operating System
      CompanyName : Microsoft Corporation
      FileDescription : CTF Loader
      InternalName : CTFMON
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : CTFMON.EXE

      #:27 [rundll32.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 196
      ThreadCreationTime : 01-01-2005 14:51:47
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Système d'exploitation Microsoft® Windows®
      CompanyName : Microsoft Corporation
      FileDescription : Exécuter une DLL en tant qu'application
      InternalName : rundll
      LegalCopyright : © Microsoft Corporation. Tous droits réservés.
      OriginalFilename : RUNDLL.EXE

      #:28 [msnmsgr.exe]
      FilePath : C:\Program Files\MSN Messenger\
      ProcessID : 216
      ThreadCreationTime : 01-01-2005 14:51:47
      BasePriority : Normal
      FileVersion : 6.2.0137
      ProductVersion : Version 6.2
      ProductName : MSN Messenger
      CompanyName : Microsoft Corporation
      FileDescription : MSN Messenger
      InternalName : msnmsgr
      LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
      LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
      OriginalFilename : msnmsgr.exe

      #:29 [backweb-8876480.exe]
      FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
      ProcessID : 336
      ThreadCreationTime : 01-01-2005 14:51:47
      BasePriority : Normal


      #:30 [pccpfw.exe]
      FilePath : C:\Program Files\Trend Micro\PC-cillin 9\
      ProcessID : 352
      ThreadCreationTime : 01-01-2005 14:51:48
      BasePriority : Normal


      #:31 [rundll32.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 368
      ThreadCreationTime : 01-01-2005 14:51:48
      BasePriority : Normal
      FileVersion : 5.1.2600.0 (xpclient.010817-1148)
      ProductVersion : 5.1.2600.0
      ProductName : Système d'exploitation Microsoft® Windows®
      CompanyName : Microsoft Corporation
      FileDescription : Exécuter une DLL en tant qu'application
      InternalName : rundll
      LegalCopyright : © Microsoft Corporation. Tous droits réservés.
      OriginalFilename : RUNDLL.EXE

      #:32 [dslmon.exe]
      FilePath : C:\Program Files\SAGEM\SAGEM F@st 800-908\
      ProcessID : 404
      ThreadCreationTime : 01-01-2005 14:51:48
      BasePriority : Normal
      FileVersion : 1, 0, 0, 1
      ProductVersion : 1, 0, 0, 1
      ProductName : DSLMON Application
      FileDescription : ADIMON MFC Application
      InternalName : DSLMON
      LegalCopyright : Copyright (C) 2000
      OriginalFilename : ADIMON.EXE

      #:33 [hpohmr08.exe]
      FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
      ProcessID : 444
      ThreadCreationTime : 01-01-2005 14:51:48
      BasePriority : Normal
      FileVersion : 4.2.0.020
      ProductVersion : 2.4.1.020
      ProductName : hp digital imaging - hp all-in-one series
      CompanyName : Hewlett-Packard Co.
      FileDescription : HP OfficeJet COM Device Objects
      InternalName : HPOHMR08
      LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
      OriginalFilename : HPOHMR08.EXE
      Comments : HP OfficeJet <Homer> Series COM Device Objects

      #:34 [hpotdd01.exe]
      FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
      ProcessID : 568
      ThreadCreationTime : 01-01-2005 14:51:49
      BasePriority : Normal
      FileVersion : 1, 0, 0, 1
      ProductVersion : 1, 0, 0, 1
      ProductName : Hewlett-Packard hpotdd01
      CompanyName : Hewlett-Packard
      FileDescription : hpotdd01
      InternalName : hpotdd01
      LegalCopyright : Copyright © 2002
      OriginalFilename : hpotdd01.exe

      #:35 [lvcoms.exe]
      FilePath : C:\WINDOWS\System32\
      ProcessID : 752
      ThreadCreationTime : 01-01-2005 14:51:49
      BasePriority : Normal
      FileVersion : 8.0.3.1110
      ProductVersion : 8.0.3.1110
      ProductName : Logitech QuickCam
      CompanyName : Logitech Inc.
      FileDescription : LVCom Server
      InternalName : LVComS.exe
      LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
      OriginalFilename : LVComS.exe

      #:36 [hpoevm08.exe]
      FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
      ProcessID : 1260
      ThreadCreationTime : 01-01-2005 14:51:50
      BasePriority : Normal
      FileVersion : 4.2.0.020
      ProductVersion : 2.4.1.020
      ProductName : hp digital imaging - hp all-in-one series
      CompanyName : Hewlett-Packard Co.
      FileDescription : HP OfficeJet COM Event Manager
      InternalName : HPOEVM08
      LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
      OriginalFilename : HPOEVM08.EXE
      Comments : HP OfficeJet COM Event Manager

      #:37 [hposts08.exe]
      FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
      ProcessID : 2208
      ThreadCreationTime : 01-01-2005 14:51:55
      BasePriority : Normal
      FileVersion : 4.2.0.020
      ProductVersion : 2.4.1.020
      ProductName : hp digital imaging - hp all-in-one series
      CompanyName : Hewlett-Packard Co.
      FileDescription : HP OfficeJet Status
      InternalName : HPOSTS08
      LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
      OriginalFilename : HPOSTS08.EXE
      Comments : HP OfficeJet Status

      #:38 [iexplore.exe]
      FilePath : C:\Program Files\Internet Explorer\
      ProcessID : 2072
      ThreadCreationTime : 01-01-2005 15:58:21
      BasePriority : Normal
      FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
      ProductVersion : 6.00.2800.1106
      ProductName : Système d'exploitation Microsoft® Windows®
      CompanyName : Microsoft Corporation
      FileDescription : Internet Explorer
      InternalName : iexplore
      LegalCopyright : © Microsoft Corporation. Tous droits réservés.
      OriginalFilename : IEXPLORE.EXE
      Warning! CoolWebSearch Object found in memory(C:\Program Files\Submit\submithook.dll)

      CoolWebSearch Object Recognized!
      Type : Process
      Data : submithook.dll
      Category : Malware
      Comment :
      Object : C:\Program Files\Submit\
      FileVersion : 1, 6, 0, 0
      ProductVersion : 1, 6, 0, 1
      ProductName : Free Community Toolbar
      FileDescription : Free Community Toolbar
      InternalName : Free Community
      LegalCopyright : Copyright 2002
      OriginalFilename : LizardBar.dll

      Warning! CoolWebSearch Object found in memory(C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\msiesh.dll)

      CoolWebSearch Object Recognized!
      Type : Process
      Data : msiesh.dll
      Category : Malware
      Comment :
      Object : C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\
      FileVersion : 1, 0, 0, 9
      ProductVersion : 1, 0, 0, 9
      ProductName : SearchHook Module
      FileDescription : SearchHook Module
      InternalName : SearchHook
      LegalCopyright : Copyright 2003
      OriginalFilename : SearchHook.DLL


      #:39 [gdho.exe]
      FilePath : C:\Program Files\GDHO\
      ProcessID : 3160
      ThreadCreationTime : 01-01-2005 16:13:29
      BasePriority : Normal
      FileVersion : 1, 1, 0, 1
      ProductVersion : 1, 1, 0, 1
      ProductName : OHD
      CompanyName : Oxford University Press
      FileDescription : Oxford-Hachette French Dictionary
      InternalName : OHD
      LegalCopyright : Copyright (C) OUP 2002
      OriginalFilename : OHD.EXE
      Comments : Developed by Tony Smith (tony@werdz.com)

      #:40 [ad-aware.exe]
      FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
      ProcessID : 2940
      ThreadCreationTime : 01-01-2005 16:14:26
      BasePriority : Normal
      FileVersion : 6.2.0.206
      ProductVersion : VI.Second Edition
      ProductName : Lavasoft Ad-Aware SE
      CompanyName : Lavasoft Sweden
      FileDescription : Ad-Aware SE Core application
      InternalName : Ad-Aware.exe
      LegalCopyright : Copyright © Lavasoft Sweden
      OriginalFilename : Ad-Aware.exe
      Comments : All Rights Reserved

      #:41 [hh.exe]
      FilePath : C:\WINDOWS\
      ProcessID : 1824
      ThreadCreationTime : 01-01-2005 16:14:26
      BasePriority : Normal
      FileVersion : 5.2.3644.0
      ProductVersion : 5.2.3644.0
      ProductName : HTML Help
      CompanyName : Microsoft Corporation
      FileDescription : Microsoft® HTML Help Executable
      InternalName : HH 1.4
      LegalCopyright : © Microsoft Corporation. All rights reserved.
      OriginalFilename : HH.exe

      Memory scan result:
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
      New critical objects: 0
      Objects found so far: 4


      Started registry scan
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      Alexa Object Recognized!
      Type : Regkey
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
      Value : MenuText

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
      Value : MenuStatusBar

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
      Value : Script

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
      Value : clsid

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
      Value : Icon

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
      Value : HotIcon

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
      Value : ButtonText

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : typelib\{ed7a0b22-11d9-4f74-8c1d-0936efa66b3d}

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : typelib\{01a9eb70-69bc-11d2-ab2f-204c4f4f5020}

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : searchhook.searchhookobject.1

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : searchhook.searchhookobject.1
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : searchhook.searchhookobject

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : searchhook.searchhookobject
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : mailhook.mailto.1

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : mailhook.mailto.1
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : mailhook.mailto

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : mailhook.mailto
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : interface\{01a9eb7c-69bc-11d2-ab2f-204c4f4f5020}

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : interface\{01a9eb7c-69bc-11d2-ab2f-204c4f4f5020}
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : clsid\{fd9bc004-8331-4457-b830-4759ff704c22}

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : clsid\{fd9bc004-8331-4457-b830-4759ff704c22}
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : clsid\{2e9caff6-30c7-4208-8807-e79d4ec6f806}

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : clsid\{2e9caff6-30c7-4208-8807-e79d4ec6f806}
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : ae23.ae23obj.1

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : ae23.ae23obj.1
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : ae23.ae23obj

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : ae23.ae23obj
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{fd9bc004-8331-4457-b830-4759ff704c22}

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{fd9bc004-8331-4457-b830-4759ff704c22}
      Value :

      istbar.dotcomToolbar Object Recognized!
      Type : Regkey
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\classes\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}

      istbar.dotcomToolbar Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\classes\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}
      Value :

      istbar Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}

      istbar Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}
      Value :

      TX4.BrowserAd Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : clsid\{00000000-0001-0345-2280-0287f27a63ee}

      TX4.BrowserAd Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : clsid\{00000000-0001-0345-2280-0287f27a63ee}
      Value :

      TX4.BrowserAd Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : interface\{31ca5c07-7f5f-4502-8c77-99a91558add0}

      TX4.BrowserAd Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : interface\{31ca5c07-7f5f-4502-8c77-99a91558add0}
      Value :

      TX4.BrowserAd Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : typelib\{223a26d8-9f91-42f6-8ed3-094b637de020}

      TX4.BrowserAd Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\classes\clsid\{00000000-0001-0345-2280-0287f27a63ee}

      TX4.BrowserAd Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\classes\clsid\{00000000-0001-0345-2280-0287f27a63ee}
      Value :

      WebDialer Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_USERS
      Object : S-1-5-21-2383853130-4137269730-2270115496-1005\software\webdialer

      Win32.Welchia.B Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\controlset001\services\wkspatch

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\controlset001\services\wkspatch
      Value : Type

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\controlset001\services\wkspatch
      Value : Start

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\controlset001\services\wkspatch
      Value : ErrorControl

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\controlset001\services\wkspatch
      Value : ImagePath

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\controlset001\services\wkspatch
      Value : DisplayName

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\controlset001\services\wkspatch
      Value : ObjectName

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\controlset001\services\wkspatch
      Value : Description

      Win32.Welchia.B Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\currentcontrolset\services\wkspatch

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\currentcontrolset\services\wkspatch
      Value : Type

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\currentcontrolset\services\wkspatch
      Value : Start

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\currentcontrolset\services\wkspatch
      Value : ErrorControl

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\currentcontrolset\services\wkspatch
      Value : ImagePath

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\currentcontrolset\services\wkspatch
      Value : DisplayName

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\currentcontrolset\services\wkspatch
      Value : ObjectName

      Win32.Welchia.B Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_LOCAL_MACHINE
      Object : system\currentcontrolset\services\wkspatch
      Value : Description

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
      Rootkey : HKEY_USERS
      Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
      Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
      Rootkey : HKEY_USERS
      Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
      Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

      Alexa Object Recognized!
      Type : RegValue
      Data :
      Category : Data Miner
      Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
      Rootkey : HKEY_USERS
      Object : S-1-5-21-2383853130-4137269730-2270115496-1005\software\microsoft\internet explorer\extensions\cmdmapping
      Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

      BargainBuddy Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment : "Bargains"
      Rootkey : HKEY_LOCAL_MACHINE
      Object : software\microsoft\windows\currentversion\run
      Value : Bargains

      Registry Scan result:
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
      New critical objects: 62
      Objects found so far: 66


      Started deep registry scan
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
      Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

      Possible Browser Hijack attempt Object Recognized!
      Type : RegData
      Data : "res://msaps.dll/index.html"
      Category : Malware
      Comment : Possible Browser Hijack attempt
      Rootkey : HKEY_LOCAL_MACHINE
      Object : Software\Microsoft\Internet Explorer\Main
      Value : Start Page
      Data : "res://msaps.dll/index.html"
      Possible Browser Hijack attempt : S-1-5-21-2383853130-4137269730-2270115496-1005\Software\Microsoft\Internet Explorer\MainLocal Page.dll/index.html

      Possible Browser Hijack attempt Object Recognized!
      Type : RegData
      Data : "res://msaps.dll/index.html"
      Category : Malware
      Comment : Possible Browser Hijack attempt
      Rootkey : HKEY_USERS
      Object : S-1-5-21-2383853130-4137269730-2270115496-1005\Software\Microsoft\Internet Explorer\Main
      Value : Local Page
      Data : "res://msaps.dll/index.html"
      Possible Browser Hijack attempt : S-1-5-21-2383853130-4137269730-2270115496-1005\Software\Microsoft\Internet ExplorerSearchAssistant.008i.com

      Possible Browser Hijack attempt Object Recognized!
      Type : RegData
      Data : "http://www.008i.com/search.html"
      Category : Malware
      Comment : Possible Browser Hijack attempt
      Rootkey : HKEY_USERS
      Object : S-1-5-21-2383853130-4137269730-2270115496-1005\Software\Microsoft\Internet Explorer
      Value : SearchAssistant
      Data : "http://www.008i.com/search.html"
      Possible Browser Hijack attempt : S-1-5-21-2383853130-4137269730-2270115496-1005\Software\Microsoft\Internet ExplorerCustomizeSearch.008i.com

      Possible Browser Hijack attempt Object Recognized!
      Type : RegData
      Data : "http://www.008i.com/search.html"
      Category : Malware
      Comment : Possible Browser Hijack attempt
      Rootkey : HKEY_USERS
      Object : S-1-5-21-2383853130-4137269730-2270115496-1005\Software\Microsoft\Internet Explorer
      Value : CustomizeSearch
      Data : "http://www.008i.com/search.html"

      Deep registry scan result:
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
      New critical objects: 4
      Objects found so far: 70


      Started Tracking Cookie scan
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


      Tracking Cookie Object Recognized!
      Type : IECache Entry
      Data : gregoire philippe@mediaplex[1].txt
      Category : Data Miner
      Comment : Hits:1
      Value : Cookie:gregoire philippe@mediaplex.com/
      Expires : 22-06-2009 01:00:00
      LastSync : Hits:1
      UseCount : 0
      Hits : 1

      Tracking Cookie Object Recognized!
      Type : IECache Entry
      Data : gregoire philippe@www.cibleclick[2].txt
      Category : Data Miner
      Comment : Hits:8
      Value : Cookie:gregoire philippe@www.cibleclick.com/
      Expires : 31-01-2005 18:12:50
      LastSync : Hits:8
      UseCount : 0
      Hits : 8

      Tracking Cookie Object Recognized!
      Type : IECache Entry
      Data : gregoire philippe@247realmedia[1].txt
      Category : Data Miner
      Comment : Hits:1
      Value : Cookie:gregoire philippe@247realmedia.com/
      Expires : 01-01-2011 01:00:00
      LastSync : Hits:1
      UseCount : 0
      Hits : 1

      Tracking Cookie Object Recognized!
      Type : IECache Entry
      Data : gregoire philippe@tradedoubler[2].txt
      Category : Data Miner
      Comment : Hits:7
      Value : Cookie:gregoire philippe@tradedoubler.com/
      Expires : 02-01-2005 04:38:00
      LastSync : Hits:7
      UseCount : 0
      Hits : 7

      Tracking Cookie Object Recognized!
      Type : IECache Entry
      Data : gregoire philippe@doubleclick[1].txt
      Category : Data Miner
      Comment : Hits:6
      Value : Cookie:gregoire philippe@doubleclick.net/
      Expires : 01-01-2008 16:04:34
      LastSync : Hits:6
      UseCount : 0
      Hits : 6

      Tracking Cookie Object Recognized!
      Type : IECache Entry
      Data : gregoire philippe@cgi-bin[1].txt
      Category : Data Miner
      Comment : Hits:14
      Value : Cookie:gregoire philippe@imrworldwide.com/cgi-bin
      Expires : 30-12-2014 16:20:36
      LastSync : Hits:14
      UseCount : 0
      Hits : 14

      Tracking Cookie Object Recognized!
      Type : IECache Entry
      Data : gregoire philippe@bluestreak[2].txt
      Category : Data Miner
      Comment : Hits:8
      Value : Cookie:gregoire philippe@bluestreak.com/
      Expires : 30-12-2014 11:45:00
      LastSync : Hits:8
      UseCount : 0
      Hits : 8

      Tracking cookie scan result:
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
      New critical objects: 7
      Objects found so far: 77



      Deep scanning and examining files (C:)
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      CoolWebSearch Object Recognized!
      Type : File
      Data : msiesh.dll
      Category : Malware
      Comment :
      Object : C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\
      FileVersion : 1, 0, 0, 9
      ProductVersion : 1, 0, 0, 9
      ProductName : SearchHook Module
      FileDescription : SearchHook Module
      InternalName : SearchHook
      LegalCopyright : Copyright 2003
      OriginalFilename : SearchHook.DLL


      CoolWebSearch Object Recognized!
      Type : File
      Data : submit2.exe
      Category : Malware
      Comment :
      Object : C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\



      Tracking Cookie Object Recognized!
      Type : IECache Entry
      Data : gregoire philippe@doubleclick[1].txt
      Category : Data Miner
      Comment :
      Value : C:\Documents and Settings\GREGOIRE Philippe\Local Settings\Temp\Cookies\gregoire philippe@doubleclick[1].txt

      CoolWebSearch Object Recognized!
      Type : File
      Data : submithook.dll
      Category : Malware
      Comment :
      Object : C:\Program Files\Submit\
      FileVersion : 1, 6, 0, 0
      ProductVersion : 1, 6, 0, 1
      ProductName : Free Community Toolbar
      FileDescription : Free Community Toolbar
      InternalName : Free Community
      LegalCopyright : Copyright 2002
      OriginalFilename : LizardBar.dll


      CoolWebSearch Object Recognized!
      Type : File
      Data : svchost.exe
      Category : Malware
      Comment :
      Object : C:\WINDOWS\



      Disk Scan Result for C:\
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
      New critical objects: 0
      Objects found so far: 82


      Scanning Hosts file......
      Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      Hosts file scan result:
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
      1 entries scanned.
      New critical objects:0
      Objects found so far: 82




      Performing conditional scans...
      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : iefeatsl.viewsource.1

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : iefeatsl.viewsource.1
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : iefeatsl.viewsource

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : iefeatsl.viewsource
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : clsid\{587dbf2d-9145-4c9e-92c2-1f953da73773}

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CLASSES_ROOT
      Object : clsid\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value :

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\winlink

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{fd9bc004-8331-4457-b830-4759ff704c22}

      CoolWebSearch Object Recognized!
      Type : Regkey
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : Counter

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : LastDay

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : LastUpdate

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : UpdateHour

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : ModuleVersion

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : DictVersion

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : Dict2Version

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : LastHPDay

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : SponsorID

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : InstallDay

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : SHVersion

      CoolWebSearch Object Recognized!
      Type : RegValue
      Data :
      Category : Malware
      Comment :
      Rootkey : HKEY_CURRENT_USER
      Object : software\microsoft\windows\currentversion\explorer\{587dbf2d-9145-4c9e-92c2-1f953da73773}
      Value : HPDllVersion

      CoolWebSearch Object Recognized!
      Type : R
      0
  3. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut
    relance hijack coche ces lignes et fix

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://realsearch.cc/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
    O2 - BHO: ADW Class - {00000000-002B-EFE6-6B08-560C01922D3B} - C:\WINDOWS\System32\apcups32.dll (file missing)
    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
    O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\mswl.dll (file missing)
    O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\msiesh.dll
    O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
    O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O23 - Service: Network Manager Provider - Unknown - C:\WINDOWS\System32\drivers\svchost.exe (file missing)

    ensuite fait ceci
    Affiche tous les fichiers et dossiers :
    cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
    Cocher afficher les dossiers cacher
    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
    Puis fais «Ok» pour valider les changements.
    Décocher masquer les extensions dont le type est connu
    Et appliquer

    recherche et suppr ceci
    C:\WINDOWS\System32\tss.exe <==le fichier
    C:\WINDOWS\system32\xpsp2fw.exe <==le fichier
    C:\WINDOWS\system32\wuclient.exe <==le fichier

    la chasse et le balltrap ma vrai passion
    voir site perso dans profil
    0
    1. medicis Messages postés 10 Statut Membre
       
      ok mais quand je fais décocher la case masquer les fichiers proteger le système d'exploitation ( recommander) on m'annonce que mon ordi risque d'être inutilisable???
      0
      1. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332 > medicis Messages postés 10 Statut Membre
         
        tu ne risque rien fait le

        la chasse et le balltrap ma vrai passion
        voir site perso dans profil
        0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. tufs
     
    re et bien un bon coup de ad-awar ça fait du bien vu tout
    ce qu il trouve maintenant tu peux refaire un scanne avec
    hijacthis et nous coller ton nouveau rapport ça sairas plus
    simple maintenant
    0
    1. medicis Messages postés 10 Statut Membre
       
      Logfile of HijackThis v1.99.0
      Scan saved at 18:29:59, on 01/01/2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\WINDOWS\System32\RunDll32.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe
      C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
      C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe
      C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\WINDOWS\system32\xpsp2fw.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\WINDOWS\System32\LVComS.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\GREGOIRE Philippe\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html
      R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
      R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
      O2 - BHO: ADW Class - {00000000-002B-EFE6-6B08-560C01922D3B} - C:\WINDOWS\System32\apcups32.dll (file missing)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
      O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\mswl.dll (file missing)
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
      O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\msiesh.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
      O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
      O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
      O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
      O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
      O4 - HKLM\..\Run: [adiras] adiras.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
      O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2EEB18F6-3AD8-4833-9F20-53BBE3E16B3C}: NameServer = 212.27.32.176 212.27.39.1
      O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
      O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
      O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
      O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
      O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
      O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
      O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
      O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
      O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Network Manager Provider - Unknown - C:\WINDOWS\System32\drivers\svchost.exe (file missing)
      O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe



      Voila avec la Bonne version de hijack
      que faire? maintenant?
      0
      1. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332 > medicis Messages postés 10 Statut Membre
         
        fait se que je t ai mis au n°4
        coche et fix les lignes que tu trouvent et fait le reste

        la chasse et le balltrap ma vrai passion
        voir site perso dans profil
        0
  6. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    pour completer
    CWShredder
    (ici) http://pageperso.aol.fr/balltrap34/page%20virus.htm

    il faut l'ouvrir (absolument) toutes fenêtres fermées et hors connexion et faire fix- next - next

    la chasse et le balltrap ma vrai passion
    voir site perso dans profil
    0
  7. medicis Messages postés 10 Statut Membre
     
    Logfile of HijackThis v1.98.2
    Scan saved at 18:14:16, on 01/01/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\xpsp2fw.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Real\RealOne Player\RealPlay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
    C:\Documents and Settings\GREGOIRE Philippe\Local Settings\Temporary Internet Files\Content.IE5\YX0ZQ125\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.008i.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.008i.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://realsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://realsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
    O2 - BHO: ADW Class - {00000000-002B-EFE6-6B08-560C01922D3B} - C:\WINDOWS\System32\apcups32.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
    O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\mswl.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
    O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\GREGOIRE Philippe\Application Data\mswl\msiesh.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
    O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EEB18F6-3AD8-4833-9F20-53BBE3E16B3C}: NameServer = 212.27.32.176 212.27.39.1

    voila ce que j'obtiens.
    que faire maintenant?
    merci
    0
  8. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    deja ta version de hj n est pas la bonne par rapport a la premiere qui est bonne
    a tu utiliser les log que ta mis tufs ainsi que celui que j ai rajouter
    si oui fix les lignes que je t ai mis

    la chasse et le balltrap ma vrai passion
    voir site perso dans profil
    0
  9. medicis Messages postés 10 Statut Membre
     
    merci beaucoup je crois que j'ai virer toutes les poluutions de ie.
    merci!!!!
    vous êtes formidables!!!!!
    0
  10. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    content pour toi
    bonne annnee
    a++

    la chasse et le balltrap ma vrai passion
    voir site perso dans profil
    0