Problèmes à la chaîne
Résolu/Fermé
A voir également:
- Problèmes à la chaîne
- Chaine tnt gratuite sur mobile - Guide
- Plus de chaine tv - Guide
- Nouvelle chaîne tnt gratuite 2024 - Guide
- Recherche chaine tv techwood - Forum TNT / Satellite / Réception
- Chaine whatsapp - Guide
54 réponses
Utilisateur anonyme
4 août 2005 à 19:38
4 août 2005 à 19:38
Lol,
qu es ki dit Olivier lol
Poignee de main, mon cher olivier, enchanté, c est tout en honneur lol
a+
qu es ki dit Olivier lol
Poignee de main, mon cher olivier, enchanté, c est tout en honneur lol
a+
Utilisateur anonyme
4 août 2005 à 20:22
4 août 2005 à 20:22
enchanté quentin :-)
Bonjour Moe31 et bonjour Regis59
C'est gentil de me permettre d'être témoin d'un si sympathique moment de rencontre entre deux as...
(en passant, moi c'est Isabelle)
Alors J'ai fait ce que Moe31 proposait, sauf que lorsque je suis arrivée à la ligne
O20 - Winlogon Notify: style32 - C:\WINDOWS\system32\winstyle3.dll
il n'y était pas écrit (file missing). Je l'ai coché quand même. Puis je suis retournée effacer le fichier à nouveau en le changeant de nom comme la première fois. (il était bien revenu)
Maintenant, je remarque une amélioration quelque part parce que là, pour la première fois, j'ai pu exécuter hijackthis sans problème à mon retour en mode normal, sans avoir besoin de recourir à aucune astuce.
Voici ce que ça donne. Est-ce sain?
Logfile of HijackThis v1.99.1
Scan saved at 10:33:11, on 2005-08-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hi jak tis\Galyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nouvelles.sympatico.msn.ca/Accueil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
C'est gentil de me permettre d'être témoin d'un si sympathique moment de rencontre entre deux as...
(en passant, moi c'est Isabelle)
Alors J'ai fait ce que Moe31 proposait, sauf que lorsque je suis arrivée à la ligne
O20 - Winlogon Notify: style32 - C:\WINDOWS\system32\winstyle3.dll
il n'y était pas écrit (file missing). Je l'ai coché quand même. Puis je suis retournée effacer le fichier à nouveau en le changeant de nom comme la première fois. (il était bien revenu)
Maintenant, je remarque une amélioration quelque part parce que là, pour la première fois, j'ai pu exécuter hijackthis sans problème à mon retour en mode normal, sans avoir besoin de recourir à aucune astuce.
Voici ce que ça donne. Est-ce sain?
Logfile of HijackThis v1.99.1
Scan saved at 10:33:11, on 2005-08-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hi jak tis\Galyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nouvelles.sympatico.msn.ca/Accueil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Utilisateur anonyme
5 août 2005 à 18:04
5 août 2005 à 18:04
salut isabelle
ben apparement ca a l'air ok, meme si j'ai un doute sur
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
mais bon, le scan du fichier n'a rien donné.
je te conseille quand meme de faire un voire plusieurs scans av en ligne pour vérifier que tout est ok:
http://www.bitdefender.com/scan/licence.php
http://www.pandasoftware.com/activescan/fr/activescan_principal.htm
si tu ne les à pas dejà, essaye ces 2 antispywares (gratuits et complementaires)
* Spybot S&D version 1.4:
http://spybot.safer-networking.de/fr/mirrors/index.html
l'aide:
http://assiste.free.fr/p/internet_utilitaires/spybot_search_destroy.php#ssd_02
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
* Ad-aware 1.06:
http://www.lavasoftusa.com/french/support/download/
l'aide:
http://www.tutopat.com/viewtopic.php?t=1191
Le patch francais:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
une fois installé, tu choisis la langue dans les parametres d'ad-aware.
clic sur l'engrenage puis sur interface choisis french et clic sur proceed pour valider
a+
ben apparement ca a l'air ok, meme si j'ai un doute sur
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
mais bon, le scan du fichier n'a rien donné.
je te conseille quand meme de faire un voire plusieurs scans av en ligne pour vérifier que tout est ok:
http://www.bitdefender.com/scan/licence.php
http://www.pandasoftware.com/activescan/fr/activescan_principal.htm
si tu ne les à pas dejà, essaye ces 2 antispywares (gratuits et complementaires)
* Spybot S&D version 1.4:
http://spybot.safer-networking.de/fr/mirrors/index.html
l'aide:
http://assiste.free.fr/p/internet_utilitaires/spybot_search_destroy.php#ssd_02
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
* Ad-aware 1.06:
http://www.lavasoftusa.com/french/support/download/
l'aide:
http://www.tutopat.com/viewtopic.php?t=1191
Le patch francais:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
une fois installé, tu choisis la langue dans les parametres d'ad-aware.
clic sur l'engrenage puis sur interface choisis french et clic sur proceed pour valider
a+
Et bien merci beaucoup Olivier,
J'ai ad-aware et spybot depuis peu. Je ne manquerai pas de suivre tes derniers conseils.
Vous m'avez été, regis59 et toi, d'un grand secours alors je vous envoie plein de fleurs (des pensées).
Continuez votre implication extraordinaire, c'est tellement apprécié!
Tourlou!
J'ai ad-aware et spybot depuis peu. Je ne manquerai pas de suivre tes derniers conseils.
Vous m'avez été, regis59 et toi, d'un grand secours alors je vous envoie plein de fleurs (des pensées).
Continuez votre implication extraordinaire, c'est tellement apprécié!
Tourlou!
Utilisateur anonyme
6 août 2005 à 00:47
6 août 2005 à 00:47
il n'y a vraiment pas de quoi
Merci à toi pour la gentillesse de tes propos, c'est vraiment sympa et apprécié.
a+ et bon surf ;-)
Merci à toi pour la gentillesse de tes propos, c'est vraiment sympa et apprécié.
a+ et bon surf ;-)
Bonjour Moe31,
Un petit mot pour te dire que tu avais bien raison à propos du fichier qui te semblait suspect
C:\WINDOWS\adsldpbc.dll
Parce que c'est dans le rapport du scan online de BitDefender que voilà:
(Pourrais-tu me dire si ça veut dire que tout ça est bien détruit? Et y a-t-il d'autres opérations à faire à la suite de ça?)
Statistics
Time
01:08:33
Files
199896
Folders
5565
Boot Sectors
3
Archives
1578
Packed Files
32505
Results
Identified Viruses
12
Infected Files
18
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
18
Engines Info
Virus Definitions
198795
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\andré\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-44f02fe1.class
Infected with: Trojan.Downloader.Small.WV
C:\Documents and Settings\andré\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-44f02fe1.class
Disinfection failed
C:\Documents and Settings\andré\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-44f02fe1.class
Deleted
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\KLQ38PUF\adsldpbc[1].dll
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\KLQ38PUF\adsldpbc[1].dll
Disinfection failed
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\KLQ38PUF\adsldpbc[1].dll
Deleted
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\OHYJGDE7\q387[1].exe
Infected with: Trojan.Downloader.Small.BCE
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\OHYJGDE7\q387[1].exe
Deleted
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe=>(Embedded EXE o)
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe=>(Embedded EXE o)
Disinfection failed
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe=>(Embedded EXE o)
Deleted
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe
Update failed
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\YAUX6FNV\q387[1].exe
Infected with: Trojan.Downloader.Small.BCE
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\YAUX6FNV\q387[1].exe
Deleted
C:\Documents and Settings\léonie\adsldpbc.exe=>(Embedded EXE o)
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\léonie\adsldpbc.exe=>(Embedded EXE o)
Disinfection failed
C:\Documents and Settings\léonie\adsldpbc.exe=>(Embedded EXE o)
Deleted
C:\Documents and Settings\léonie\adsldpbc.exe
Update failed
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe=>(Embedded EXE o)
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe=>(Embedded EXE o)
Disinfection failed
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe=>(Embedded EXE o)
Deleted
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe
Update failed
C:\Documents and Settings\léonie\Local Settings\Temporary Internet Files\Content.IE5\0ZJTV5TU\q387[1].exe
Infected with: Trojan.Downloader.Small.BCE
C:\Documents and Settings\léonie\Local Settings\Temporary Internet Files\Content.IE5\0ZJTV5TU\q387[1].exe
Deleted
C:\RECYCLER\S-1-5-21-1078081533-113007714-839522115-1004\Dc1\csrss.exe
Infected with: Win32.Worm.VB.Chedo
C:\RECYCLER\S-1-5-21-1078081533-113007714-839522115-1004\Dc1\csrss.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1078081533-113007714-839522115-1004\Dc1\csrss.exe
Deleted
C:\WINDOWS\system32\adsldpbc.dll
Infected with: BehavesLike:Trojan.TrustedZone
C:\WINDOWS\system32\adsldpbc.dll
Disinfection failed
C:\WINDOWS\system32\adsldpbc.dll
Deleted
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Clicker.Vb.DN
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Vb.SY
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0003
Disinfection failed
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0003
Deleted
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)
Update failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Clicker.Vb.DN
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0002
Disinfection failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0002
Deleted
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)
Update failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Vb.SY
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0003
Disinfection failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0003
Deleted
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)
Update failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0007
Infected with: Trojan.Killav.DU
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0007
Deleted
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)
Update failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0020
Detected with: Application.Adware.180solutions.A
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0020
Disinfection failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0020
Deleted
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe
Update failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0022
Infected with: Backdoor.Ruledor.C
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0022
Disinfection failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0022
Deleted
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe
Update failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0023
Infected with: Dropped:Trojan.Dropper.Small.GT
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0023
Disinfection failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0023
Deleted
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe
Update failed
Bonne journée!
Un petit mot pour te dire que tu avais bien raison à propos du fichier qui te semblait suspect
C:\WINDOWS\adsldpbc.dll
Parce que c'est dans le rapport du scan online de BitDefender que voilà:
(Pourrais-tu me dire si ça veut dire que tout ça est bien détruit? Et y a-t-il d'autres opérations à faire à la suite de ça?)
Statistics
Time
01:08:33
Files
199896
Folders
5565
Boot Sectors
3
Archives
1578
Packed Files
32505
Results
Identified Viruses
12
Infected Files
18
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
18
Engines Info
Virus Definitions
198795
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\andré\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-44f02fe1.class
Infected with: Trojan.Downloader.Small.WV
C:\Documents and Settings\andré\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-44f02fe1.class
Disinfection failed
C:\Documents and Settings\andré\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-44f02fe1.class
Deleted
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\KLQ38PUF\adsldpbc[1].dll
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\KLQ38PUF\adsldpbc[1].dll
Disinfection failed
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\KLQ38PUF\adsldpbc[1].dll
Deleted
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\OHYJGDE7\q387[1].exe
Infected with: Trojan.Downloader.Small.BCE
C:\Documents and Settings\Isabelle Crepeau\Local Settings\Temporary Internet Files\Content.IE5\OHYJGDE7\q387[1].exe
Deleted
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe=>(Embedded EXE o)
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe=>(Embedded EXE o)
Disinfection failed
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe=>(Embedded EXE o)
Deleted
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe
Update failed
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\YAUX6FNV\q387[1].exe
Infected with: Trojan.Downloader.Small.BCE
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\YAUX6FNV\q387[1].exe
Deleted
C:\Documents and Settings\léonie\adsldpbc.exe=>(Embedded EXE o)
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\léonie\adsldpbc.exe=>(Embedded EXE o)
Disinfection failed
C:\Documents and Settings\léonie\adsldpbc.exe=>(Embedded EXE o)
Deleted
C:\Documents and Settings\léonie\adsldpbc.exe
Update failed
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe=>(Embedded EXE o)
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe=>(Embedded EXE o)
Disinfection failed
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe=>(Embedded EXE o)
Deleted
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe
Update failed
C:\Documents and Settings\léonie\Local Settings\Temporary Internet Files\Content.IE5\0ZJTV5TU\q387[1].exe
Infected with: Trojan.Downloader.Small.BCE
C:\Documents and Settings\léonie\Local Settings\Temporary Internet Files\Content.IE5\0ZJTV5TU\q387[1].exe
Deleted
C:\RECYCLER\S-1-5-21-1078081533-113007714-839522115-1004\Dc1\csrss.exe
Infected with: Win32.Worm.VB.Chedo
C:\RECYCLER\S-1-5-21-1078081533-113007714-839522115-1004\Dc1\csrss.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-1078081533-113007714-839522115-1004\Dc1\csrss.exe
Deleted
C:\WINDOWS\system32\adsldpbc.dll
Infected with: BehavesLike:Trojan.TrustedZone
C:\WINDOWS\system32\adsldpbc.dll
Disinfection failed
C:\WINDOWS\system32\adsldpbc.dll
Deleted
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Clicker.Vb.DN
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Vb.SY
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0003
Disinfection failed
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)=>zlib_nsis0003
Deleted
C:\WINDOWS\system32\nxscript.exe=>(NSIS o)
Update failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Clicker.Vb.DN
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0002
Disinfection failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0002
Deleted
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)
Update failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Vb.SY
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0003
Disinfection failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>zlib_nsis0003
Deleted
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0006=>(NSIS o)
Update failed
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0007
Infected with: Trojan.Killav.DU
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)=>lzma_nsis0007
Deleted
D:\Gabriel\arcade-3[1].1.exe=>(NSIS o)
Update failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0020
Detected with: Application.Adware.180solutions.A
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0020
Disinfection failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0020
Deleted
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe
Update failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0022
Infected with: Backdoor.Ruledor.C
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0022
Disinfection failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0022
Deleted
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe
Update failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0023
Infected with: Dropped:Trojan.Dropper.Small.GT
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0023
Disinfection failed
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe=>wise0023
Deleted
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe
Update failed
Bonne journée!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
7 août 2005 à 19:03
7 août 2005 à 19:03
salut
lance hijackthis et supprime cette ligne si elle existe:
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
Ensuite rend visible les fichiers cachés et systeme (n'oublie pas de les recacher apres) et vérifie que tout ce que bitdel à trouvé à bien été supprimé:
C:\WINDOWS\adsldpbc.dll
C:\WINDOWS\system32\adsldpbc.dll
C:\WINDOWS\system32\nxscript.exe
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe
C:\Documents and Settings\léonie\adsldpbc.exe
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe
D:\Gabriel\arcade-3[1].1.exe
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe
normalement il les à tous supprimés d'apres le rapport...
ensuite refais un scan de controle
a+
lance hijackthis et supprime cette ligne si elle existe:
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
Ensuite rend visible les fichiers cachés et systeme (n'oublie pas de les recacher apres) et vérifie que tout ce que bitdel à trouvé à bien été supprimé:
C:\WINDOWS\adsldpbc.dll
C:\WINDOWS\system32\adsldpbc.dll
C:\WINDOWS\system32\nxscript.exe
C:\Documents and Settings\lydiane\Bureau\adsldpbc.exe
C:\Documents and Settings\léonie\adsldpbc.exe
C:\Documents and Settings\léonie\Bureau\adsldpbc.exe
D:\Gabriel\arcade-3[1].1.exe
D:\Isabelle\téléchargement\foyer\3dcabinfireplacesetup.exe
normalement il les à tous supprimés d'apres le rapport...
ensuite refais un scan de controle
a+
Merci pour ta réponse si rapide!
J'ai tout réussi à supprimer sauf C:\WINDOWS\system32\adsldpbc.dll
J'ai essayé en le renommant mais ça n'a pas fonctionné non plus.
Y a-t-il un autre moyen?
Voici ce que ça donne maintenant:
Logfile of HijackThis v1.99.1
Scan saved at 13:22:15, on 2005-08-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\hi jak tis\Galyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nouvelles.sympatico.msn.ca/Accueil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\winstyle3.dll - {0976BE78-EA53-4DD6-91E6-E6175940032B} - C:\WINDOWS\system32\winstyle3.dll (file missing)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Est-ce qu'on ne dirait pas que certaines vieilles affaires que je croyais mortes reviennent?
J'ai tout réussi à supprimer sauf C:\WINDOWS\system32\adsldpbc.dll
J'ai essayé en le renommant mais ça n'a pas fonctionné non plus.
Y a-t-il un autre moyen?
Voici ce que ça donne maintenant:
Logfile of HijackThis v1.99.1
Scan saved at 13:22:15, on 2005-08-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\hi jak tis\Galyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nouvelles.sympatico.msn.ca/Accueil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\winstyle3.dll - {0976BE78-EA53-4DD6-91E6-E6175940032B} - C:\WINDOWS\system32\winstyle3.dll (file missing)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Est-ce qu'on ne dirait pas que certaines vieilles affaires que je croyais mortes reviennent?
Utilisateur anonyme
7 août 2005 à 19:53
7 août 2005 à 19:53
exact, winstyle3.dll et reapparue
je voudrait vérifier quelque chose:
telecharge Registry Search Tool
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
dezippe le et lance le
dans la boite de dialogue tape:
0976BE78-EA53-4DD6-91E6-E6175940032B
et valide
poste le resultat de la recherche
ensuite dans la boite de dialogue tape:
style32
valide et poste le resultat de la recherche
je voudrait vérifier quelque chose:
telecharge Registry Search Tool
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
dezippe le et lance le
dans la boite de dialogue tape:
0976BE78-EA53-4DD6-91E6-E6175940032B
et valide
poste le resultat de la recherche
ensuite dans la boite de dialogue tape:
style32
valide et poste le resultat de la recherche
D'accord:
Voici pour le premier:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "0976BE78-EA53-4DD6-91E6-E6175940032B" 2005-08-07 14:16:25
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0976BE78-EA53-4DD6-91E6-E6175940032B}"="style 2"
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}\iexplore]
Et pour le second:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "style32" 2005-08-07 14:19:52
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\style32]
Merci de continuer !
Voici pour le premier:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "0976BE78-EA53-4DD6-91E6-E6175940032B" 2005-08-07 14:16:25
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0976BE78-EA53-4DD6-91E6-E6175940032B}"="style 2"
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}\iexplore]
Et pour le second:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "style32" 2005-08-07 14:19:52
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\style32]
Merci de continuer !
Utilisateur anonyme
7 août 2005 à 20:32
7 août 2005 à 20:32
ok
j'oubliais, fais aussi une recherche avec Registry Search Tool sur
adsldpbc.dll
et poste le resultat
a+
j'oubliais, fais aussi une recherche avec Registry Search Tool sur
adsldpbc.dll
et poste le resultat
a+
Utilisateur anonyme
7 août 2005 à 23:35
7 août 2005 à 23:35
ok
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
l'aide détaillé de la manip est téléchargeable ici:
http://get.yourfile.net/qn53063.zip
redemarre en mode sans echec
lance hijackthis et supprime:
O2 - BHO: C:\WINDOWS\system32\winstyle3.dll - {0976BE78-EA53-4DD6-91E6-E6175940032B} - C:\WINDOWS\system32\winstyle3.dll (file missing)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
Ensuite:
ouvre le bloc note et fais un copier coller de ce qui est en gras ci-dessous:
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\style2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0976BE78-EA53-4DD6-91E6-E6175940032B}"=-
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\style32]
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur fix.reg et accepte de fusionner
1- Double-clic sur KillBox.exe (sert toi de l'aide si tu à du mal pour cette manip)
2- ouvre le bloc notes et copie la liste en gras ci-dessous
3- Selectionne "Delete on Reboot"
4- reviens sur le bloc-notes et surligne toute la liste, puis clic droit dessus et clic sur copier
5- reviens sur killbox, et dans le menu du haut clic sur tool, puis sur paste from clipboard
5- clic sur le rond rouge
6- une fenetre va apparaitre pour confirmation clic sur OUI
7- une seconde fenetre te demande si tu veux redemarrer clic sur OUI
liste
C:\WINDOWS\system32\winstyle3.dll
C:\WINDOWS\system32\adsldpbc.dll
le pc devrait redemarrer tout seul, si tu recois un message d'erreur de killbox, redemarre manuellement
ensuite refais un scan de controle avec bitdefender et reposte un hijack
a+
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
l'aide détaillé de la manip est téléchargeable ici:
http://get.yourfile.net/qn53063.zip
redemarre en mode sans echec
lance hijackthis et supprime:
O2 - BHO: C:\WINDOWS\system32\winstyle3.dll - {0976BE78-EA53-4DD6-91E6-E6175940032B} - C:\WINDOWS\system32\winstyle3.dll (file missing)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
Ensuite:
ouvre le bloc note et fais un copier coller de ce qui est en gras ci-dessous:
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\style2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0976BE78-EA53-4DD6-91E6-E6175940032B}"=-
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\style32]
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur fix.reg et accepte de fusionner
1- Double-clic sur KillBox.exe (sert toi de l'aide si tu à du mal pour cette manip)
2- ouvre le bloc notes et copie la liste en gras ci-dessous
3- Selectionne "Delete on Reboot"
4- reviens sur le bloc-notes et surligne toute la liste, puis clic droit dessus et clic sur copier
5- reviens sur killbox, et dans le menu du haut clic sur tool, puis sur paste from clipboard
5- clic sur le rond rouge
6- une fenetre va apparaitre pour confirmation clic sur OUI
7- une seconde fenetre te demande si tu veux redemarrer clic sur OUI
liste
C:\WINDOWS\system32\winstyle3.dll
C:\WINDOWS\system32\adsldpbc.dll
le pc devrait redemarrer tout seul, si tu recois un message d'erreur de killbox, redemarre manuellement
ensuite refais un scan de controle avec bitdefender et reposte un hijack
a+
Je suis arrivée à faire la première étape (fix.reg)
Mais avec Killbox, je n'arrive pas: les chemins des deux fichiers ne semblent pas vouloir se coller là. J'ai pourtant suivi les instructions (les tiennes et celles de l'aide) Mais quand je fais «paste from clipboard» rien ne se passe (rien n'apparaît dans la petite fenêtre) J'ai essayer de cliquer ensuite sur le rond rouge mais il me dit évidemment que je n'ai pas spécifié de fichier.
Est-ce normal? Est-ce que je passe à la suite du programme?
(scan + hijack)
Merci!
Mais avec Killbox, je n'arrive pas: les chemins des deux fichiers ne semblent pas vouloir se coller là. J'ai pourtant suivi les instructions (les tiennes et celles de l'aide) Mais quand je fais «paste from clipboard» rien ne se passe (rien n'apparaît dans la petite fenêtre) J'ai essayer de cliquer ensuite sur le rond rouge mais il me dit évidemment que je n'ai pas spécifié de fichier.
Est-ce normal? Est-ce que je passe à la suite du programme?
(scan + hijack)
Merci!
Utilisateur anonyme
8 août 2005 à 12:18
8 août 2005 à 12:18
ben, redemarre normallement et essaye de supprimer :
C:\WINDOWS\system32\winstyle3.dll
C:\WINDOWS\system32\adsldpbc.dll
je pense que celui là n'est pas présent winstyle3.dll, mais bon, verifie quand meme
a+
C:\WINDOWS\system32\winstyle3.dll
C:\WINDOWS\system32\adsldpbc.dll
je pense que celui là n'est pas présent winstyle3.dll, mais bon, verifie quand meme
a+
Bonjour Moe31
Merci encore pour tes précieuses indications
Pour winstyle3.dll tu as raison, il n'y est pas.
Pour adsldpbc.dll il ne veut pas le supprimer même quand je le renomme.
J'ai pu effacer celui que j'avais précédemment renommé mais il en réapparaît un tout neuf aussitôt et là je ne peux effacer ni la version renommée (adsldpbc._dll) ni le fichier qui est réapparu (acces refusé)
Entre temps, j'ai refait un scan Bitdefender qui n'a rien trouvé cette fois.
Est-ce qu'il y aurait autre chose à essayer, cher expert?
Merci encore pour tes précieuses indications
Pour winstyle3.dll tu as raison, il n'y est pas.
Pour adsldpbc.dll il ne veut pas le supprimer même quand je le renomme.
J'ai pu effacer celui que j'avais précédemment renommé mais il en réapparaît un tout neuf aussitôt et là je ne peux effacer ni la version renommée (adsldpbc._dll) ni le fichier qui est réapparu (acces refusé)
Entre temps, j'ai refait un scan Bitdefender qui n'a rien trouvé cette fois.
Est-ce qu'il y aurait autre chose à essayer, cher expert?
Utilisateur anonyme
8 août 2005 à 17:23
8 août 2005 à 17:23
salut
dans system32 il existe un fichier dont le nom et pratiquement le meme:
adsldpc.dll <- celui là est ok
adsldpbc.dll <- le mauvais (il y a une lettre d'écart)
tu es sure qu'il ne s'agit pas du 1er que tu essayes de supprimer ?
dans system32 il existe un fichier dont le nom et pratiquement le meme:
adsldpc.dll <- celui là est ok
adsldpbc.dll <- le mauvais (il y a une lettre d'écart)
tu es sure qu'il ne s'agit pas du 1er que tu essayes de supprimer ?
Merci pour ta patience infinie et ta grande intuition avec les ignorants et les sans génie! Je me sens pas mal cruche, là.
J'ai adsldpc.dll et adsldp.dll, mais pas de adsldpbc.dll
Alors si je passe à la suite du programme, histoire de vérifier que c'est beau et de ne pas abuser plus longtemps que nécessaire de ton amabilité,
Logfile of HijackThis v1.99.1
Scan saved at 11:37:28, on 2005-08-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hi jak tis\Galyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nouvelles.sympatico.msn.ca/Accueil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {405132A4-5DD1-4BA8-A181-95C8D435093A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D34C0E8B-FCDE-47A9-9825-A02A6AE2AD25}: NameServer = 206.47.244.135 198.235.216.115
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Y a-t-il encore des problèmes?
En tout cas il n'y a pas de manifestations apparentes à l'usage...
J'ai adsldpc.dll et adsldp.dll, mais pas de adsldpbc.dll
Alors si je passe à la suite du programme, histoire de vérifier que c'est beau et de ne pas abuser plus longtemps que nécessaire de ton amabilité,
Logfile of HijackThis v1.99.1
Scan saved at 11:37:28, on 2005-08-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hi jak tis\Galyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nouvelles.sympatico.msn.ca/Accueil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {405132A4-5DD1-4BA8-A181-95C8D435093A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D34C0E8B-FCDE-47A9-9825-A02A6AE2AD25}: NameServer = 206.47.244.135 198.235.216.115
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Y a-t-il encore des problèmes?
En tout cas il n'y a pas de manifestations apparentes à l'usage...
Utilisateur anonyme
8 août 2005 à 17:51
8 août 2005 à 17:51
t'inquiète pas pour ca, lol
c'est en cherchant un fichier que je l'ai vue par hasard et ca ma fait penser à ton post.
ces saletés prennent souvent un nom tres ressemblant à un fichier sain et c'est souvent dur de faire la différence.
il reste ces lignes à supprimer avec hijackthis:
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
ensuite tu peux faire un scan chez panda ou ailleurs (le lien doit etre dans un post précedent).
tiens nous au courant
a+
c'est en cherchant un fichier que je l'ai vue par hasard et ca ma fait penser à ton post.
ces saletés prennent souvent un nom tres ressemblant à un fichier sain et c'est souvent dur de faire la différence.
il reste ces lignes à supprimer avec hijackthis:
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
ensuite tu peux faire un scan chez panda ou ailleurs (le lien doit etre dans un post précedent).
tiens nous au courant
a+
Bonjour Moe31
J'ai supprimé les deux lignes.
Je n'arrive pas à me connecter chez panda alors je suis allée faire un scan secuser
Il a trouvé et détruit une douzaine de fichiers tous avec le même virus identifié (TROJ DLOADER.VX). Mais il n'y avait pas de rapport à la fin du scan, je n'ai donc pas les informations exactes concernant les fichiers supprimés. Sauf qu'il a été incapable de corriger ou de supprimer ce fichier (can not acces):
C:\WINDOWS\q9028231_disk.dll
Je sais pas si ça peut ajouter quelque chose mais j'ai été sur virusscan.joti.org avec ça et voici le rapport concernant ce fichier.
File: q9028231_disk.dll
Status: INFECTED/MALWARE
MD5 8438d2e7216117ff0fba929c03882dbd
Packers detected: -
Scanner results
AntiVir Found TR/Dldr.Delf.LH.6
ArcaVir Found Trojan.Downloader.Delf.Lh
Avast Found nothing
AVG Antivirus Found Downloader.Generic.BVB
BitDefender Found nothing
ClamAV Found Trojan.Downloader.Delf-132
Dr.Web Found Trojan.DownLoader.3776
F-Prot Antivirus Found W32/Downloader.ETB
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.lh
NOD32 Found Win32/TrojanDownloader.Delf.NBH
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan-Downloader.Win32.Delf.lh
Pourrais-tu me guider encore un peu avec ça?
J'ai supprimé les deux lignes.
Je n'arrive pas à me connecter chez panda alors je suis allée faire un scan secuser
Il a trouvé et détruit une douzaine de fichiers tous avec le même virus identifié (TROJ DLOADER.VX). Mais il n'y avait pas de rapport à la fin du scan, je n'ai donc pas les informations exactes concernant les fichiers supprimés. Sauf qu'il a été incapable de corriger ou de supprimer ce fichier (can not acces):
C:\WINDOWS\q9028231_disk.dll
Je sais pas si ça peut ajouter quelque chose mais j'ai été sur virusscan.joti.org avec ça et voici le rapport concernant ce fichier.
File: q9028231_disk.dll
Status: INFECTED/MALWARE
MD5 8438d2e7216117ff0fba929c03882dbd
Packers detected: -
Scanner results
AntiVir Found TR/Dldr.Delf.LH.6
ArcaVir Found Trojan.Downloader.Delf.Lh
Avast Found nothing
AVG Antivirus Found Downloader.Generic.BVB
BitDefender Found nothing
ClamAV Found Trojan.Downloader.Delf-132
Dr.Web Found Trojan.DownLoader.3776
F-Prot Antivirus Found W32/Downloader.ETB
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.lh
NOD32 Found Win32/TrojanDownloader.Delf.NBH
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan-Downloader.Win32.Delf.lh
Pourrais-tu me guider encore un peu avec ça?
Utilisateur anonyme
8 août 2005 à 23:53
8 août 2005 à 23:53
il me semble que tu as eu dejà à faire à un fichier ressemblant au tout debut de ton post
telecharge aussi silentrunners ici:
http://www.silentrunners.org/Silent%20Runners.vbs
poste son rapport en meme temps qu'un hijack
je dois arreter pour ce soir, je repasse demain pour la suite
a++
telecharge aussi silentrunners ici:
http://www.silentrunners.org/Silent%20Runners.vbs
poste son rapport en meme temps qu'un hijack
je dois arreter pour ce soir, je repasse demain pour la suite
a++
Bonjour Moe31,
je crois bien que mes problèmes reviennent tous... Je ne peux plus accéder à ma session (je suis sur celle de ma fille) et il me semble que ce que j'avais réussi à supprimer est revenu (winstyle3.dll)
Voici quand même les rapports:
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [file not found]
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet" [file not found]
"csrss" = (value not set)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["Alcatel Bell"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Freedom" = "C:\Program Files\Zero Knowledge\Freedom\Freedom.exe" ["Zero-Knowledge Systems Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Motive SmartBridge" = "C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"MMTray" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" ["Musicmatch, Inc."]
"mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."]
"csrss" = (value not set)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}\(Default) = "PopKill Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\pkR.dll" ["Zero-Knowledge Systems Inc."]
{405132A4-5DD1-4BA8-A181-95C8D435093A}\(Default) = "C:\WINDOWS\adsldpbc.dll" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\adsldpbc.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{56071E0D-C61B-11D3-B41C-00E02927A304}\(Default) = "ZKBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll" ["Zero-Knowledge Systems Inc."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PCTools.com"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{B212D577-05B7-4963-911E-4A8588160DFA}\(Default) = "C:\WINDOWS\system32\winstyle3.dll" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\winstyle3.dll" [file not found]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{6AC3806F-8B39-4746-9C38-6B01CB7331FF}" = "Memory monitor"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\q28279473_disk.dll" [file not found]
INFECTION WARNING! "{B212D577-05B7-4963-911E-4A8588160DFA}" = "style 2"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\winstyle3.dll" [file not found]
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "load" = "C:\WINDOWS\system32\hczsfcc\csrss.exe" [file not found]
INFECTION WARNING! "run" = "C:\WINDOWS\system32\hczsfcc\csrss.exe" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! style32\DLLName = "C:\WINDOWS\system32\winstyle3.dll" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\léonie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmarque.scr" [MS]
Startup items in "léonie" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\léonie\Menu Démarrer\Programmes\Démarrage
"MyWebSearch Email Plugin" -> shortcut to: "C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE" [file not found]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Assistant Internet" -> shortcut to: "C:\Program Files\Assistant Internet\bin\matcli.exe -boot" ["Motive Communications, Inc."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
DvpApi, dvpapi, ""C:\Program Files\Fichiers communs\Command Software\dvpapi.exe"" ["Command Software Systems, Inc."]
Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 199 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 56 seconds.
---------- (total run time: 322 seconds)
Logfile of HijackThis v1.99.1
Scan saved at 05:26:08, on 2005-08-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hi jak tis\Galyle.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\hczsfcc\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\hczsfcc\csrss.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: C:\WINDOWS\system32\winstyle3.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\system32\winstyle3.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\system32\winstyle3.dll (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Est-ce que je dois me laisser aller au découragement, m'arracher les cheveux et pleurer toutes les larmes de mon corps ou y a-t-il quelque chose de plus utile à faire, dis moi? Merci!
En attendant, je relis les messages précédents pour y trouver un peu d'inspiration...
je crois bien que mes problèmes reviennent tous... Je ne peux plus accéder à ma session (je suis sur celle de ma fille) et il me semble que ce que j'avais réussi à supprimer est revenu (winstyle3.dll)
Voici quand même les rapports:
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [file not found]
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet" [file not found]
"csrss" = (value not set)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["Alcatel Bell"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Freedom" = "C:\Program Files\Zero Knowledge\Freedom\Freedom.exe" ["Zero-Knowledge Systems Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Motive SmartBridge" = "C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"MMTray" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" ["Musicmatch, Inc."]
"mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."]
"csrss" = (value not set)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}\(Default) = "PopKill Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\pkR.dll" ["Zero-Knowledge Systems Inc."]
{405132A4-5DD1-4BA8-A181-95C8D435093A}\(Default) = "C:\WINDOWS\adsldpbc.dll" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\adsldpbc.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{56071E0D-C61B-11D3-B41C-00E02927A304}\(Default) = "ZKBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll" ["Zero-Knowledge Systems Inc."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PCTools.com"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{B212D577-05B7-4963-911E-4A8588160DFA}\(Default) = "C:\WINDOWS\system32\winstyle3.dll" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\winstyle3.dll" [file not found]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{6AC3806F-8B39-4746-9C38-6B01CB7331FF}" = "Memory monitor"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\q28279473_disk.dll" [file not found]
INFECTION WARNING! "{B212D577-05B7-4963-911E-4A8588160DFA}" = "style 2"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\winstyle3.dll" [file not found]
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "load" = "C:\WINDOWS\system32\hczsfcc\csrss.exe" [file not found]
INFECTION WARNING! "run" = "C:\WINDOWS\system32\hczsfcc\csrss.exe" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! style32\DLLName = "C:\WINDOWS\system32\winstyle3.dll" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\léonie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmarque.scr" [MS]
Startup items in "léonie" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\léonie\Menu Démarrer\Programmes\Démarrage
"MyWebSearch Email Plugin" -> shortcut to: "C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE" [file not found]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Assistant Internet" -> shortcut to: "C:\Program Files\Assistant Internet\bin\matcli.exe -boot" ["Motive Communications, Inc."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
DvpApi, dvpapi, ""C:\Program Files\Fichiers communs\Command Software\dvpapi.exe"" ["Command Software Systems, Inc."]
Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 199 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 56 seconds.
---------- (total run time: 322 seconds)
Logfile of HijackThis v1.99.1
Scan saved at 05:26:08, on 2005-08-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hi jak tis\Galyle.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\hczsfcc\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\hczsfcc\csrss.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: C:\WINDOWS\system32\winstyle3.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\system32\winstyle3.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\system32\winstyle3.dll (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Est-ce que je dois me laisser aller au découragement, m'arracher les cheveux et pleurer toutes les larmes de mon corps ou y a-t-il quelque chose de plus utile à faire, dis moi? Merci!
En attendant, je relis les messages précédents pour y trouver un peu d'inspiration...
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 août 2005 à 12:04
10 août 2005 à 12:04
salut deja desinstal ceci dans ajout suppr de programme si il ny est pas suppr le dossier
C:\PROGRA~1\MYWEBS~1
rtelecharge ceci
Kill Box :
(ici) http://www.florensac-chasse-trap.com/ section virus
la fait ceci
Ouvre le bloc note et copius colle ceci
C:\WINDOWS\q28279473_disk.dll
C:\WINDOWS\system32\winstyle3.dll
C:\WINDOWS\system32\hczsfcc\csrss.exe
Ensuite selectionne la liste a l aide de la souris et tu clik sur copier
repasse sur la killbox
coche delete and reboot
clik sur file et ensuite sur paste from clipboard
et ensuite clik sur la croix rouge et blanche
et repond oui
et telecharge ceci
Registry Search Tool
http://www.billsway.com/vbspage/
decompresse le et tape
q28279473_disk.dll
et copie colle le resultat dans le bloc note et donne le nous
et fait de meme avec
winstyle3.dll
hczsfcc
C:\PROGRA~1\MYWEBS~1
rtelecharge ceci
Kill Box :
(ici) http://www.florensac-chasse-trap.com/ section virus
la fait ceci
Ouvre le bloc note et copius colle ceci
C:\WINDOWS\q28279473_disk.dll
C:\WINDOWS\system32\winstyle3.dll
C:\WINDOWS\system32\hczsfcc\csrss.exe
Ensuite selectionne la liste a l aide de la souris et tu clik sur copier
repasse sur la killbox
coche delete and reboot
clik sur file et ensuite sur paste from clipboard
et ensuite clik sur la croix rouge et blanche
et repond oui
et telecharge ceci
Registry Search Tool
http://www.billsway.com/vbspage/
decompresse le et tape
q28279473_disk.dll
et copie colle le resultat dans le bloc note et donne le nous
et fait de meme avec
winstyle3.dll
hczsfcc
C'est très gentil de m'aider balltrap34, (pendant qu'il me reste des cheveux)
Avant d'avoir ton message, j'ai été effacer une nouvelle fois le winstyle3.dll en le renommant comme moe31 m'avait fait faire une première fois (message 26).
J'ai aussi été faire un nouveau scan sur bitfender: voici ce que ça a donné,
BitDefender Online Scanner
Scan report generated at: Wed, Aug 10, 2005 - 06:45:18
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:42:30
Files
200908
Folders
5642
Boot Sectors
3
Archives
1626
Packed Files
32227
Results
Identified Viruses
1
Infected Files
2
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
1
Engines Info
Virus Definitions
199081
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\U4V3BGCN\adsldpbc[1].dll
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\U4V3BGCN\adsldpbc[1].dll
Disinfection failed
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\U4V3BGCN\adsldpbc[1].dll
Deleted
C:\WINDOWS\adsldpbc.dll
Infected with: BehavesLike:Trojan.TrustedZone
C:\WINDOWS\adsldpbc.dll
Disinfection failed
C:\WINDOWS\adsldpbc.dll
Delete failed
Puis j'ai pris ta réponse et j'ai fait ce qu'il y était dit.
Avec la Kill Box, quand je fais ce qui est décrit, j'obtiens un message à l'effet que je n'ai pas spécifié de fichier. (j'ai réessayer deux fois)
Pour la suite avec registry search tool, voici les résultats:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "q28279473_disk.dll" 2005-08-10 07:16:14
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}]
@="C:\\WINDOWS\\q28279473_disk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}\InprocServer32]
@="C:\\WINDOWS\\q28279473_disk.dll"
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "winstyle3.dll" 2005-08-10 07:20:04
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}]
@="C:\\WINDOWS\\system32\\winstyle3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}\InprocServer32]
@="C:\\WINDOWS\\system32\\winstyle3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style32]
"DLLName"="C:\\WINDOWS\\system32\\winstyle3.dll"
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\\WINDOWS\\system32\\winstyle3.dll"
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "hczsfcc" 2005-08-10 07:22:03
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"c"="C:\\WINDOWS\\system32\\hczsfcc\\csrss.exe"
Est-ce qu'il y a moyen de régler quelque chose là dedans (pour moi, c'est très chinois tout ça)?
Merci et à bientôt!
Avant d'avoir ton message, j'ai été effacer une nouvelle fois le winstyle3.dll en le renommant comme moe31 m'avait fait faire une première fois (message 26).
J'ai aussi été faire un nouveau scan sur bitfender: voici ce que ça a donné,
BitDefender Online Scanner
Scan report generated at: Wed, Aug 10, 2005 - 06:45:18
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:42:30
Files
200908
Folders
5642
Boot Sectors
3
Archives
1626
Packed Files
32227
Results
Identified Viruses
1
Infected Files
2
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
1
Engines Info
Virus Definitions
199081
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\U4V3BGCN\adsldpbc[1].dll
Infected with: BehavesLike:Trojan.TrustedZone
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\U4V3BGCN\adsldpbc[1].dll
Disinfection failed
C:\Documents and Settings\lydiane\Local Settings\Temporary Internet Files\Content.IE5\U4V3BGCN\adsldpbc[1].dll
Deleted
C:\WINDOWS\adsldpbc.dll
Infected with: BehavesLike:Trojan.TrustedZone
C:\WINDOWS\adsldpbc.dll
Disinfection failed
C:\WINDOWS\adsldpbc.dll
Delete failed
Puis j'ai pris ta réponse et j'ai fait ce qu'il y était dit.
Avec la Kill Box, quand je fais ce qui est décrit, j'obtiens un message à l'effet que je n'ai pas spécifié de fichier. (j'ai réessayer deux fois)
Pour la suite avec registry search tool, voici les résultats:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "q28279473_disk.dll" 2005-08-10 07:16:14
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}]
@="C:\\WINDOWS\\q28279473_disk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}\InprocServer32]
@="C:\\WINDOWS\\q28279473_disk.dll"
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "winstyle3.dll" 2005-08-10 07:20:04
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}]
@="C:\\WINDOWS\\system32\\winstyle3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}\InprocServer32]
@="C:\\WINDOWS\\system32\\winstyle3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style32]
"DLLName"="C:\\WINDOWS\\system32\\winstyle3.dll"
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\\WINDOWS\\system32\\winstyle3.dll"
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "hczsfcc" 2005-08-10 07:22:03
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"c"="C:\\WINDOWS\\system32\\hczsfcc\\csrss.exe"
Est-ce qu'il y a moyen de régler quelque chose là dedans (pour moi, c'est très chinois tout ça)?
Merci et à bientôt!
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 août 2005 à 13:59
10 août 2005 à 13:59
renomme cette dll et suppr la
C:\WINDOWS\adsldpbc.dll
ensuite ouvre le bloc note et copie colle ceci
mais avant rend toi sur ces clef
en cliquant sur demarrer/executer et tape regedit
et clik droit dessus et exporter dans un dossier ont c est jamais
donc copie colle ceci dans le bloc note
pas les etoiles
*********
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style32]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"=-
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"c"=-
***********
enregistre le sur ton bureau avec le nom ef.reg
et dans type met tous fichiers
la double clik dessus et confirme redemarre et regarde si il le trouve toujours
C:\WINDOWS\adsldpbc.dll
ensuite ouvre le bloc note et copie colle ceci
mais avant rend toi sur ces clef
en cliquant sur demarrer/executer et tape regedit
et clik droit dessus et exporter dans un dossier ont c est jamais
donc copie colle ceci dans le bloc note
pas les etoiles
*********
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style32]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"=-
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"c"=-
***********
enregistre le sur ton bureau avec le nom ef.reg
et dans type met tous fichiers
la double clik dessus et confirme redemarre et regarde si il le trouve toujours
Voilà,
j'ai fait ce que dit. Que veux-tu dire par «regarde si il le trouve toujours»?
J'ai regardé, après le redémarrage si C:\WINDOWS\adsldpbc.dll était encore là, il n'y est pas. Est-ce que je dois vérifier autre chose et comment s'il te plaît?
Merci pour ta patience, je ne comprend pas toujours ce que je fais... heureusement que vos indications sont claires!
j'ai fait ce que dit. Que veux-tu dire par «regarde si il le trouve toujours»?
J'ai regardé, après le redémarrage si C:\WINDOWS\adsldpbc.dll était encore là, il n'y est pas. Est-ce que je dois vérifier autre chose et comment s'il te plaît?
Merci pour ta patience, je ne comprend pas toujours ce que je fais... heureusement que vos indications sont claires!
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 août 2005 à 14:44
10 août 2005 à 14:44
re un petit scan ici
Scan bit defender
http://www.bitdefender.fr
clik sur scan on line a gauche et suis la procedure
et un nouveau silent runner
Scan bit defender
http://www.bitdefender.fr
clik sur scan on line a gauche et suis la procedure
et un nouveau silent runner
Bitdefender ne trouve rien cette fois.
Voici pour Silent runner
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"csrss" = (empty string)
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["Alcatel Bell"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Freedom" = "C:\Program Files\Zero Knowledge\Freedom\Freedom.exe" ["Zero-Knowledge Systems Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Motive SmartBridge" = "C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"MMTray" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" ["Musicmatch, Inc."]
"mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."]
"csrss" = (value not set)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}\(Default) = "PopKill Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\pkR.dll" ["Zero-Knowledge Systems Inc."]
{405132A4-5DD1-4BA8-A181-95C8D435093A}\(Default) = "C:\WINDOWS\adsldpbc.dll" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\adsldpbc.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{56071E0D-C61B-11D3-B41C-00E02927A304}\(Default) = "ZKBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll" ["Zero-Knowledge Systems Inc."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PCTools.com"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Isabelle Crepeau\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp"
Startup items in "Isabelle Crepeau" & "All Users" startup folders:
------------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Assistant Internet" -> shortcut to: "C:\Program Files\Assistant Internet\bin\matcli.exe -boot" ["Motive Communications, Inc."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
DvpApi, dvpapi, ""C:\Program Files\Fichiers communs\Command Software\dvpapi.exe"" ["Command Software Systems, Inc."]
Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 142 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 25 seconds.
---------- (total run time: 214 seconds)
Est-ce que c'est bon, ça?
Voici pour Silent runner
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"csrss" = (empty string)
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["Alcatel Bell"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Freedom" = "C:\Program Files\Zero Knowledge\Freedom\Freedom.exe" ["Zero-Knowledge Systems Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Motive SmartBridge" = "C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"MMTray" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" ["Musicmatch, Inc."]
"mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."]
"csrss" = (value not set)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}\(Default) = "PopKill Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\pkR.dll" ["Zero-Knowledge Systems Inc."]
{405132A4-5DD1-4BA8-A181-95C8D435093A}\(Default) = "C:\WINDOWS\adsldpbc.dll" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\adsldpbc.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{56071E0D-C61B-11D3-B41C-00E02927A304}\(Default) = "ZKBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll" ["Zero-Knowledge Systems Inc."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PCTools.com"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Isabelle Crepeau\Application Data\Microsoft\Internet Explorer\Papier peint de Internet Explorer.bmp"
Startup items in "Isabelle Crepeau" & "All Users" startup folders:
------------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Assistant Internet" -> shortcut to: "C:\Program Files\Assistant Internet\bin\matcli.exe -boot" ["Motive Communications, Inc."]
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
DvpApi, dvpapi, ""C:\Program Files\Fichiers communs\Command Software\dvpapi.exe"" ["Command Software Systems, Inc."]
Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 142 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 25 seconds.
---------- (total run time: 214 seconds)
Est-ce que c'est bon, ça?
Utilisateur anonyme
10 août 2005 à 22:17
10 août 2005 à 22:17
salut
reposte un hijack aussi
a+
reposte un hijack aussi
a+
Désolée de mettre tant de temps à répondre, je travaille beaucoup à l'extérieur ces jours-ci et nous ne vivons pas à la même heure (je suis au Québec). Merci d'être encore là!
Logfile of HijackThis v1.99.1
Scan saved at 11:31:42, on 2005-08-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hi jak tis\Galyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nouvelles.sympatico.msn.ca/Accueil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B212D577-05B7-4963-911E-4A8588160DFA} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D34C0E8B-FCDE-47A9-9825-A02A6AE2AD25}: NameServer = 206.47.244.135 198.235.216.115
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Ya-il un verdict?
Logfile of HijackThis v1.99.1
Scan saved at 11:31:42, on 2005-08-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Assistant Internet\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hi jak tis\Galyle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nouvelles.sympatico.msn.ca/Accueil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B212D577-05B7-4963-911E-4A8588160DFA} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ASSIST~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\Assistant Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D34C0E8B-FCDE-47A9-9825-A02A6AE2AD25}: NameServer = 206.47.244.135 198.235.216.115
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Ya-il un verdict?
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
11 août 2005 à 14:58
11 août 2005 à 14:58
oui stp un nouvel hijack
Utilisateur anonyme
11 août 2005 à 17:55
11 août 2005 à 17:55
salut
Si tu as gardé Registry Search Tool, lance une recherche sur ces 3 clés
0976BE78-EA53-4DD6-91E6-E6175940032B
11111111-2222-3333-4444-555555555555
405132A4-5DD1-4BA8-A181-95C8D435093A
et poste le resultat de chacunes
a+
Si tu as gardé Registry Search Tool, lance une recherche sur ces 3 clés
0976BE78-EA53-4DD6-91E6-E6175940032B
11111111-2222-3333-4444-555555555555
405132A4-5DD1-4BA8-A181-95C8D435093A
et poste le resultat de chacunes
a+
Bonjour Olivier, ça va?
Voilà ce que ça dit:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "0976BE78-EA53-4DD6-91E6-E6175940032B" 2005-08-11 11:57:42
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}\iexplore]
*******
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "11111111-2222-3333-4444-555555555555" 2005-08-11 12:00:53
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-2222-3333-4444-555555555555}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-2222-3333-4444-555555555555}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-2222-3333-4444-555555555555}\iexplore]
********
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "405132A4-5DD1-4BA8-A181-95C8D435093A" 2005-08-11 12:02:48
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{405132A4-5DD1-4BA8-A181-95C8D435093A}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{405132A4-5DD1-4BA8-A181-95C8D435093A}\iexplore]
Est-ce que tu vois quoi faire?
Voilà ce que ça dit:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "0976BE78-EA53-4DD6-91E6-E6175940032B" 2005-08-11 11:57:42
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}\iexplore]
*******
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "11111111-2222-3333-4444-555555555555" 2005-08-11 12:00:53
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-2222-3333-4444-555555555555}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-2222-3333-4444-555555555555}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-2222-3333-4444-555555555555}\iexplore]
********
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "405132A4-5DD1-4BA8-A181-95C8D435093A" 2005-08-11 12:02:48
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{405132A4-5DD1-4BA8-A181-95C8D435093A}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{405132A4-5DD1-4BA8-A181-95C8D435093A}\iexplore]
Est-ce que tu vois quoi faire?
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
11 août 2005 à 18:05
11 août 2005 à 18:05
je vois le the timer activer et si tu le desactive pas pour faire les manip cela ne marche pas
Utilisateur anonyme
11 août 2005 à 18:20
11 août 2005 à 18:20
salut
balltrap à raison, desactive le tea timer de spybot le temps des manips
ensuite:
demarre en mode sans echecs, lance hijackthis et supprime:
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll (file missing)
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
puis:
ouvre le bloc note et fais un copier coller de ce qui est en gras ci-dessous:
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"csrss"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-2222-3333-4444-555555555555}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"csrss"=-
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-2222-3333-4444-555555555555}]
Puis enregistrer sous et dans:
Nom du fichier, met galfix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur galfix.reg et accepte de fusionner
redemarre le pc et dis nous si C:\WINDOWS\adsldpbc.dll est présent ou pas
a+
balltrap à raison, desactive le tea timer de spybot le temps des manips
ensuite:
demarre en mode sans echecs, lance hijackthis et supprime:
O2 - BHO: (no name) - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - (no file)
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll (file missing)
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/fr/controls/emcconfig.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
puis:
ouvre le bloc note et fais un copier coller de ce qui est en gras ci-dessous:
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"csrss"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-2222-3333-4444-555555555555}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"csrss"=-
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{405132A4-5DD1-4BA8-A181-95C8D435093A}]
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0976BE78-EA53-4DD6-91E6-E6175940032B}]
[-HKEY_USERS\S-1-5-21-1078081533-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-2222-3333-4444-555555555555}]
Puis enregistrer sous et dans:
Nom du fichier, met galfix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur galfix.reg et accepte de fusionner
redemarre le pc et dis nous si C:\WINDOWS\adsldpbc.dll est présent ou pas
a+