Impossible d'ouvrir page d'acceuil

Johny88 -  
 Johny88 -
bonjour j'ai un probleme avec ma page d'acceuil internet explorer chaque fois que je l'ouvre mon pragramme antivirus me signal que le pc est infecté par le cheval de troie QHOSTS-17 et la page se ferme...

Voici :

Logfile of HijackThis v1.99.1
Scan saved at 8:34:14, on 9/09/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John.BERT\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.182.88/?qq=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.182.88/?qq=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.182.88/?qq=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.182.88/?qq=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://69.50.182.88/?qq=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {3E8A49D4-3FDA-5A28-4622-0D4A28FBCF93} - TorontoMail.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MagicBHO Class - {AC212FB9-3883-461E-A559-37A4F6100FB0} - C:\WINDOWS\system32\iacad.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D6AC9FF-81ED-43F2-A55A-5AE8F50566C6}: NameServer = 195.95.218.50,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE35E4F6-1E4E-426B-9FA5-3BDD305CF0AC}: NameServer = 195.95.218.50 85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CEDB45-744B-487B-8966-7D7635D54872}: NameServer = 195.95.218.50,85.255.112.8
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Qq un peut-il m'aider merci

19 réponses

  1. Utilisateur anonyme
     
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.182.88/?qq=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.182.88/?qq=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.182.88/?qq=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.182.88/?qq=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://69.50.182.88/?qq=

    R3 - URLSearchHook: (no name) - {3E8A49D4-3FDA-5A28-4622-0D4A28FBCF93} - TorontoMail.dll (file missing)

    O2 - BHO: MagicBHO Class - {AC212FB9-3883-461E-A559-37A4F6100FB0} - C:\WINDOWS\system32\iacad.dll

    O15 - Trusted Zone: www.archiviosex.net
    O15 - Trusted Zone: www.redfunny.com
    O15 - Trusted Zone: www.skymasters.biz

    O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab

    et remet un hijack this ensuite

    a+
    0
  2. Johny88
     
    voila j'ai fai se qui été indiquer voici le nouveau log:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:15:55, on 9/09/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\nvsvc32.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\John.BERT\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7D6AC9FF-81ED-43F2-A55A-5AE8F50566C6}: NameServer = 69.50.168.179,85.255.112.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BE35E4F6-1E4E-426B-9FA5-3BDD305CF0AC}: NameServer = 69.50.168.179 85.255.112.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CEDB45-744B-487B-8966-7D7635D54872}: NameServer = 69.50.168.179,85.255.112.22
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    maintenant que doi je faire ??? merciiii
    0
  3. Utilisateur anonyme
     
    dis moi tes soucis en sont ou

    a+
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Johny88
     
    ils en sont tjs au meme ca n'a rien changer :s le cheval de troie vien tjs mais il est neutraliser par l'antivirus pui en un message d'erreur concernant internet explorer et voila après la page se ferme
    0
  6. Johny88
     
    salut,

    voila le raport:

    BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
    Scan report generated at: Sat, Sep 10, 2005 - 16:55:32

    Scan path: A:\;C:\;D:\;E:\;F:\;

    Statistics
    Time00:11:26
    Files80396
    Folders1737
    Boot Sectors7
    Archives1288
    Packed Files4472

    Results
    Identified Viruses 2
    Infected Files 2
    Suspect Files 0
    Warnings0
    Disinfected0
    Deleted Files2

    Engines Info
    Virus Definitions205306
    Engine buildAVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
    Scan plugins13
    Archive plugins39
    Unpack plugins4
    E-mail plugins6
    System plugins1

    Scan Settings
    First ActionDisinfect
    Second ActionDelete
    HeuristicsYes
    Enable WarningsYes
    Scanned
    Extensionsexe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
    Exclude Extensions
    Scan EmailsYes
    Scan ArchivesYes
    Scan PackedYes
    Scan FilesYes
    Scan BootYes

    Scanned File Status
    C:\WINDOWS\Downloaded Program Files\gdnBE10.exeInfected with:
    Trojan.Dialer.GlobalAcces
    C:\WINDOWS\Downloaded Program Files\gdnBE10.exeDisinfection failed
    C:\WINDOWS\Downloaded Program Files\gdnBE10.exeDeleted
    C:\WINDOWS\loadnew.exeInfected with: Trojan.Downloader.Harnig.2
    C:\WINDOWS\loadnew.exeDisinfection failed
    C:\WINDOWS\loadnew.exeDeleted
    0
  7. Utilisateur anonyme
     
    salut
    ou en sontt es soucis, precises les

    a+
    0
  8. Johny88
     
    Salut, ils en sont tjs au meme ca n'as rien fai merci
    0
  9. Utilisateur anonyme
     
    Precises les moi, j ai pas une boule de christal !
    0
  10. Johny88
     
    oui exuse moi c quand j'ouvre ma page d'accueil d'internet explorer mon anti virus (mc afee) me signal que le fichier hclean32.exe est infecté par le cheval de troie Qhosts-17 et qu'il suprimé par cette anti-virus pui window me di qu'il doi fermer internet explorer parce qu'il a rencontrer un probleme...voila
    0
  11. Utilisateur anonyme
     
    re,
    descative mac affee
    ouvre internet explorer
    regarde si ca marche
    reactive le et ressai

    a+
    0
  12. Utilisateur anonyme
     
    ben fo savoir,
    tu me dis, mac affee me detecte qqchose et me ferme le programme
    si tu le desactive, il peut pas te l afficher !!
    0
  13. Johny88
     
    quand je le desactive il me di plus que le pc est infecté par le cheval de troie mais le message d'erreur de window qui me di qu'internet explorer a rencontrer un probleme vien tjs et il me di " ne pas envoyer ou envoyer le rapport " et après ca ferme...;)
    0
  14. Utilisateur anonyme
     
    par le cheval de troie

    Tu connais son nom et/ou son emplacement?

    a+
    0
  15. Johny88
     
    oui...C:\WINDOWS\System32\hclean32.exe ca c me fichier infecté et le nom du cheval de troie c QHOSTS-17 voila...
    0
  16. Johny88
     
    ...lolll...voila se que ca donne:

    "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSKAGENTEXE" = "C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" ["McAfee Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
    "MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
    "VSOCheckTask" = ""C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
    "VirusScan Online" = ""C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["McAfee, Inc."]
    "MSKAGENTEXE" = "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" ["McAfee Inc."]
    "MSKDetectorExe" = "C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup" ["McAfee, Inc."]
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
    "MMTray" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" ["Musicmatch, Inc."]
    "Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs Inc."]
    "yaemu.exe" = "C:\WINDOWS\System32\yaemu.exe" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Mes téléphones"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    INFECTION WARNING! "System" = "cshjz.exe" [null data]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\John.BERT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

    Enabled Scheduled Tasks:
    ------------------------

    "Recherche de mises à jour sur McAfee.com (BERT-John)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
    -> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {85D1F590-48F4-11D9-9669-0800200C9A66}\
    "MenuText" = "Uninstall BitDefender Online Scanner v8"
    "Exec" = "%windir%\bdoscandel.exe" [null data]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    HOSTS file
    ----------

    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
    HIJACK WARNING! "DataBasePath" = "C:\WINDOWS\nsdb"

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    McAfee SpamKiller Server, MskService, "C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe" ["McAfee Inc."]
    McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
    McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["McAfee, Inc"]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
    TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 21 seconds, including 8 seconds for message boxes)

    stpp
    0