Trojan TR/click.526
mektub
-
Utilisateur anonyme -
Utilisateur anonyme -
salut à tous, il y a même pas une semaine je l'avais déjà, et voilà que je suis de nouveau obligé de vous demander de l'aide...
j'ai déjà passé un coup de: adaware, spybot et a²free, et virer ce qu'ils ont trouvé.
j'ai lancé bitdefender, panda et kaspersky online, et kaspersky a detecté ceci:
Scan Statistics:
Total number of scanned objects: 21029
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 2087 sec
Infected Object Name - Virus Name
C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000047.exe Infected: Trojan.Win32.DNSChanger.u
C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000130.exe Infected: Trojan.Win32.DNSChanger.u
C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000152.exe Infected: Trojan.Win32.DNSChanger.u
C:\WINDOWS\system32\ole32vbs.exe Infected: Trojan.Win32.Favadd.aj
Scan process completed.
Voilà, anti vir, mon antivirus ne detecte que le TR/click.526
je peux vous envoyer un log hifhjackthis ?
en esperant que quelqu'un est dispo.... ?
A+
_
mektub
j'ai déjà passé un coup de: adaware, spybot et a²free, et virer ce qu'ils ont trouvé.
j'ai lancé bitdefender, panda et kaspersky online, et kaspersky a detecté ceci:
Scan Statistics:
Total number of scanned objects: 21029
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 2087 sec
Infected Object Name - Virus Name
C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000047.exe Infected: Trojan.Win32.DNSChanger.u
C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000130.exe Infected: Trojan.Win32.DNSChanger.u
C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP4\A0000152.exe Infected: Trojan.Win32.DNSChanger.u
C:\WINDOWS\system32\ole32vbs.exe Infected: Trojan.Win32.Favadd.aj
Scan process completed.
Voilà, anti vir, mon antivirus ne detecte que le TR/click.526
je peux vous envoyer un log hifhjackthis ?
en esperant que quelqu'un est dispo.... ?
A+
_
mektub
A voir également:
- Trojan TR/click.526
- Visual click avis - Forum Javascript
- By click downloader avis - Forum Enregistrement / Traitement audio
- By click downloader ne fonctionne plus - Forum Enregistrement / Traitement audio
- Click&clean - Télécharger - Nettoyage
- Trojan sms-par google ✓ - Forum Virus
73 réponses
Logfile of HijackThis v1.99.1
Scan saved at 18:33:19, on 14/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WINAMP\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\emule\emule.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Utils\Foxmail\Foxmail.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Utils\highjackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStart
O4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 69.50.168.140 85.255.112.21
O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Scan saved at 18:33:19, on 14/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WINAMP\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\emule\emule.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Utils\Foxmail\Foxmail.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Utils\highjackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStart
O4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 69.50.168.140 85.255.112.21
O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"SpybotSD TeaTimer" = "C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]
"hwiper.exe" = "C:\WINDOWS\system32\hwiper.exe" [null data]
"dmmpr.exe" = "C:\WINDOWS\system32\dmmpr.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csxov.exe" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
PromtMenu\(Default) = "{179A4540-F689-11d3-BEDC-00E0290CDC2F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PROMT5\PROMT\prmshell.dll" ["PROject MT, Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
"CoolMon Executable" -> shortcut to: "C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe" [null data]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"{69D348CC-2CB5-4251-8CC4-EA4ADD95409E}_TITANIUM_Administrateur" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{69D348CC-2CB5-4251-8CC4-EA4ADD95409E}_TITANIUM_Administrateur"" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"ButtonText" = "Traduction"
"MenuText" = "Traduire"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]
{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Personnaliser les options de traduction"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"ButtonText" = "Traduction"
"MenuText" = "Traduire"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]
{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Personnaliser les options de traduction"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ADSLAutoconnect, ADSLAutoconnect, ""C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z" [null data]
AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 40 seconds, including 9 seconds for message boxes)
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"SpybotSD TeaTimer" = "C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]
"hwiper.exe" = "C:\WINDOWS\system32\hwiper.exe" [null data]
"dmmpr.exe" = "C:\WINDOWS\system32\dmmpr.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csxov.exe" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
PromtMenu\(Default) = "{179A4540-F689-11d3-BEDC-00E0290CDC2F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PROMT5\PROMT\prmshell.dll" ["PROject MT, Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
"CoolMon Executable" -> shortcut to: "C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe" [null data]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"{69D348CC-2CB5-4251-8CC4-EA4ADD95409E}_TITANIUM_Administrateur" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{69D348CC-2CB5-4251-8CC4-EA4ADD95409E}_TITANIUM_Administrateur"" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"ButtonText" = "Traduction"
"MenuText" = "Traduire"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]
{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Personnaliser les options de traduction"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"ButtonText" = "Traduction"
"MenuText" = "Traduire"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]
{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Personnaliser les options de traduction"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ADSLAutoconnect, ADSLAutoconnect, ""C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z" [null data]
AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 40 seconds, including 9 seconds for message boxes)
Rapport fait à 18:34:47,68 le 14/09/2005
Executé à partir de C:\Utils\hc
OS: Microsoft Windows XP [version 5.1.2600]
Recherche registre ...
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SiSUSBRG REG_SZ C:\WINDOWS\SiSUSBrg.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
SpeedTouch USB Diagnostics REG_SZ "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AVGCtrl REG_SZ C:\Program Files\AVPersonal\AVGNT.EXE /min
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
WinampAgent REG_SZ "C:\Program Files\WINAMP\winampa.exe"
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
PROMT Integrator REG_SZ "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
system REG_SZ
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
"1dedoc"=hex:d1,2e,00,00,a1,dd,90,9b,80,bf,3a,fb,9c,eb,12,00,00,00
"repiwh"=hex:ba,6b,00,00,b7,ac,86,87,aa,91,2d,d2,e7,c2,12,00,00,00
"domdnb"=hex:97,35,00,00,6c,98,5e,a9,b3,46,00,31,da,21,12,00,00,00
"orcimlh"=hex:31,36,00,00,0c,00,3b,37,21,1e,65,92,43,74,73,13,00,00,00
"23tsniow"=hex:60,37,00,00,42,52,6c,63,66,69,56,5f,5b,18,3d,28,14,00,00,00
"7"=hex:92,51,00,00,6f,94,5e,af,42,b9,05,3a,df,2a,12,00,00,00
"8"=hex:92,51,00,00,61,9d,53,52,b4,4b,05,3a,df,2a,12,00,00,00
"9"=hex:92,51,00,00,6f,63,5a,56,40,b9,c4,0d,22,d7,12,13,00,00,00
"10"=hex:93,0b,00,00,6e,97,59,ae,4d,b8,04,35,de,25,12,00,00,00
"11"=hex:93,0b,00,00,60,9c,52,ad,b7,4a,04,35,de,25,12,00,00,00
"12"=hex:c4,0b,00,00,b9,ad,94,80,92,8b,f6,3f,fc,e1,cc,13,00,00,00
"rpmmd"=hex:8b,73,00,00,7a,65,5d,56,48,04,35,ce,25,11,00,00,00
"13"=hex:0c,78,00,00,e1,1e,d0,d1,c4,c3,ff,bc,51,ac,12,00,00,00
"14"=hex:40,78,00,00,37,33,01,00,1a,19,ab,68,6d,78,12,00,00,00
"15"=hex:40,78,00,00,3d,31,08,04,16,0f,6a,a3,70,65,40,13,00,00,00
"16"=hex:4b,5e,00,00,26,5f,11,16,05,00,bc,7d,16,6d,12,00,00,00
"17"=hex:4b,5e,00,00,38,24,0a,15,0f,12,bc,7d,16,6d,12,00,00,00
"18"=hex:4b,5e,00,00,26,2a,1d,19,1b,00,7f,b4,65,1e,55,13,00,00,00
C:\WINDOWS\System32\loadctr32.exe Présent !
Recherche presence hclean32.exe...
non trouvé...
Executé à partir de C:\Utils\hc
OS: Microsoft Windows XP [version 5.1.2600]
Recherche registre ...
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SiSUSBRG REG_SZ C:\WINDOWS\SiSUSBrg.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
SpeedTouch USB Diagnostics REG_SZ "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AVGCtrl REG_SZ C:\Program Files\AVPersonal\AVGNT.EXE /min
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
WinampAgent REG_SZ "C:\Program Files\WINAMP\winampa.exe"
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
PROMT Integrator REG_SZ "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
system REG_SZ
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
"1dedoc"=hex:d1,2e,00,00,a1,dd,90,9b,80,bf,3a,fb,9c,eb,12,00,00,00
"repiwh"=hex:ba,6b,00,00,b7,ac,86,87,aa,91,2d,d2,e7,c2,12,00,00,00
"domdnb"=hex:97,35,00,00,6c,98,5e,a9,b3,46,00,31,da,21,12,00,00,00
"orcimlh"=hex:31,36,00,00,0c,00,3b,37,21,1e,65,92,43,74,73,13,00,00,00
"23tsniow"=hex:60,37,00,00,42,52,6c,63,66,69,56,5f,5b,18,3d,28,14,00,00,00
"7"=hex:92,51,00,00,6f,94,5e,af,42,b9,05,3a,df,2a,12,00,00,00
"8"=hex:92,51,00,00,61,9d,53,52,b4,4b,05,3a,df,2a,12,00,00,00
"9"=hex:92,51,00,00,6f,63,5a,56,40,b9,c4,0d,22,d7,12,13,00,00,00
"10"=hex:93,0b,00,00,6e,97,59,ae,4d,b8,04,35,de,25,12,00,00,00
"11"=hex:93,0b,00,00,60,9c,52,ad,b7,4a,04,35,de,25,12,00,00,00
"12"=hex:c4,0b,00,00,b9,ad,94,80,92,8b,f6,3f,fc,e1,cc,13,00,00,00
"rpmmd"=hex:8b,73,00,00,7a,65,5d,56,48,04,35,ce,25,11,00,00,00
"13"=hex:0c,78,00,00,e1,1e,d0,d1,c4,c3,ff,bc,51,ac,12,00,00,00
"14"=hex:40,78,00,00,37,33,01,00,1a,19,ab,68,6d,78,12,00,00,00
"15"=hex:40,78,00,00,3d,31,08,04,16,0f,6a,a3,70,65,40,13,00,00,00
"16"=hex:4b,5e,00,00,26,5f,11,16,05,00,bc,7d,16,6d,12,00,00,00
"17"=hex:4b,5e,00,00,38,24,0a,15,0f,12,bc,7d,16,6d,12,00,00,00
"18"=hex:4b,5e,00,00,26,2a,1d,19,1b,00,7f,b4,65,1e,55,13,00,00,00
C:\WINDOWS\System32\loadctr32.exe Présent !
Recherche presence hclean32.exe...
non trouvé...
suite à ça:
Infected Object Name - Virus Name
C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP1\A0000017.exe Infected: Trojan.Win32.Small.fr
C:\WINDOWS\system32\hwiper.exe Infected: Trojan.Win32.Small.fr
C:\WINDOWS\system32\ole32vbs.exe Infected: Trojan.Win32.Favadd.aj
j'ai re-vérifier s'il y a la présence de C:\WINDOWS\system32\hwiper.exe
et je ne le trouve pas (fichiers et dossiers cachés rendus visibles)
Infected Object Name - Virus Name
C:\System Volume Information\_restore{8F4D6AC3-A153-42C7-85FF-5C24A76AC1E3}\RP1\A0000017.exe Infected: Trojan.Win32.Small.fr
C:\WINDOWS\system32\hwiper.exe Infected: Trojan.Win32.Small.fr
C:\WINDOWS\system32\ole32vbs.exe Infected: Trojan.Win32.Favadd.aj
j'ai re-vérifier s'il y a la présence de C:\WINDOWS\system32\hwiper.exe
et je ne le trouve pas (fichiers et dossiers cachés rendus visibles)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Imprime, ou enregistre la manip dans le bloc note pour etre sur ne rien oublier et de tout faire dans l'ordre
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
l'aide détaillé de la manip est téléchargeable ici:
http://get.yourfile.net/qn53063.zip
ou en video ici:
http://pageperso.aol.fr/balltrap34/killbox.htm
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Ferme toutes les fenetres de tous les programmes en cours
Si tu as spybot:
Désactive le temps de la manip, le Tea timer de spybot
lance spybot >> mode avancé >> outils >> résident
Décoche la case résident "tea timer"
referme spybot
(n'oublie pas de le remettre après la manip)
Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:
O17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 69.50.168.140 85.255.112.21
valider en cliquant sur [fix checked]
/!\ si ces lignes n'apparaissent pas, il faut te connecter avant de lancer hijackthis
puis vérifie ceci:
demarrer > connection > clic droit sur ta connection > propriétés
gestion de reseau
assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"
valide avec ok
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Déconnecte toi d'internet c'est important
ouvre le bloc note et copie et colle ceci à l'interieur:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersion\ruins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"Disabled"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hwiper.exe"=-
"dmmpr.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\WareOut]
Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur fix.reg et accepte de fusionner
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
ouvre le bloc note et copie et colle la liste ci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver facilement (sur le bureau par exemple).
C:\WINDOWS\System32\loadctr32.exe
C:\WINDOWS\System32\msexnpbi.exe
C:\WINDOWS\SYSTEM32\rdsndin.exe
C:\WINDOWS\SYSTEM32\ntfsnlpa.exe
C:\WINDOWS\SYSTEM32\dllhstgp.exe
C:\WINDOWS\System32\coded1.exe
C:\WINDOWS\System32\hwiper.exe
C:\WINDOWS\System32\bndmod.exe
C:\WINDOWS\System32\hlmicro.exe
C:\WINDOWS\System32\woinst32.exe
C:\WINDOWS\System32\dmmpr.exe
C:\WINDOWS\System32\csxov.exe
C:\WINDOWS\system32\ole32vbs.exe
C:\WINDOWS\system32\hclean32.exe
1/ lance killbox.exe
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer, clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot"
6/ Dans le menu du haut clic sur File, puis sur paste from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur OUI
Si le pc ne redemarre pas automatiquement ou si killbox t'envois ce message:
"Pending file Rename Operations Registry Data has been Removed by External Process"
ignore le et redemarre le pc normallement
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
redemarre le pc et reposte un hijack, plus un silentrunners
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
l'aide détaillé de la manip est téléchargeable ici:
http://get.yourfile.net/qn53063.zip
ou en video ici:
http://pageperso.aol.fr/balltrap34/killbox.htm
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Ferme toutes les fenetres de tous les programmes en cours
Si tu as spybot:
Désactive le temps de la manip, le Tea timer de spybot
lance spybot >> mode avancé >> outils >> résident
Décoche la case résident "tea timer"
referme spybot
(n'oublie pas de le remettre après la manip)
Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:
O17 - HKLM\System\CCS\Services\Tcpip\..\{49B4AE84-D3C8-40CF-9401-5D32DDB7040B}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{81E9A6D2-4170-4308-AC93-43DDF2943E2C}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADC2DCA5-CA19-4FD4-BC07-1033C52F9C89}: NameServer = 69.50.168.140 85.255.112.21
valider en cliquant sur [fix checked]
/!\ si ces lignes n'apparaissent pas, il faut te connecter avant de lancer hijackthis
puis vérifie ceci:
demarrer > connection > clic droit sur ta connection > propriétés
gestion de reseau
assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"
valide avec ok
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Déconnecte toi d'internet c'est important
ouvre le bloc note et copie et colle ceci à l'interieur:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersion\ruins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"Disabled"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hwiper.exe"=-
"dmmpr.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\WareOut]
Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur fix.reg et accepte de fusionner
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
ouvre le bloc note et copie et colle la liste ci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver facilement (sur le bureau par exemple).
C:\WINDOWS\System32\loadctr32.exe
C:\WINDOWS\System32\msexnpbi.exe
C:\WINDOWS\SYSTEM32\rdsndin.exe
C:\WINDOWS\SYSTEM32\ntfsnlpa.exe
C:\WINDOWS\SYSTEM32\dllhstgp.exe
C:\WINDOWS\System32\coded1.exe
C:\WINDOWS\System32\hwiper.exe
C:\WINDOWS\System32\bndmod.exe
C:\WINDOWS\System32\hlmicro.exe
C:\WINDOWS\System32\woinst32.exe
C:\WINDOWS\System32\dmmpr.exe
C:\WINDOWS\System32\csxov.exe
C:\WINDOWS\system32\ole32vbs.exe
C:\WINDOWS\system32\hclean32.exe
1/ lance killbox.exe
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer, clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot"
6/ Dans le menu du haut clic sur File, puis sur paste from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur OUI
Si le pc ne redemarre pas automatiquement ou si killbox t'envois ce message:
"Pending file Rename Operations Registry Data has been Removed by External Process"
ignore le et redemarre le pc normallement
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
redemarre le pc et reposte un hijack, plus un silentrunners
ok, le temps d'imprimer la page, je voulais te demander si je pouvais enlever ça:
minesweeper flags class
et
messenger stats clients class
qui se trouvent dans les "downloaded program files"
minesweeper flags class
et
messenger stats clients class
qui se trouvent dans les "downloaded program files"
voilà le log, sinon dans gestion du reseau, j'ai bien vérifier ce que tu m'as demandé, et c'est tout bon, mais j'ai aussi 2 autres choses de cochées:
- planificateur de paquet Qos
- client pour les reseaux microsoft
je laisse ces 2 lignes cochées ?
************************************************
Logfile of HijackThis v1.99.1
Scan saved at 19:19:02, on 14/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WINAMP\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe
C:\Utils\highjackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
- planificateur de paquet Qos
- client pour les reseaux microsoft
je laisse ces 2 lignes cochées ?
************************************************
Logfile of HijackThis v1.99.1
Scan saved at 19:19:02, on 14/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WINAMP\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe
C:\Utils\highjackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WINAMP\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CoolMon Executable.lnk = C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: ADSLAutoconnect - Unknown owner - C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"SpybotSD TeaTimer" = "C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
PromtMenu\(Default) = "{179A4540-F689-11d3-BEDC-00E0290CDC2F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PROMT5\PROMT\prmshell.dll" ["PROject MT, Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
"CoolMon Executable" -> shortcut to: "C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe" [null data]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"{69D348CC-2CB5-4251-8CC4-EA4ADD95409E}_TITANIUM_Administrateur" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{69D348CC-2CB5-4251-8CC4-EA4ADD95409E}_TITANIUM_Administrateur"" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"ButtonText" = "Traduction"
"MenuText" = "Traduire"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]
{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Personnaliser les options de traduction"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"ButtonText" = "Traduction"
"MenuText" = "Traduire"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]
{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Personnaliser les options de traduction"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ADSLAutoconnect, ADSLAutoconnect, ""C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z" [null data]
AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 29 seconds, including 4 seconds for message boxes)
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"SpybotSD TeaTimer" = "C:\Utils\spy boot\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"eMuleAutoStart" = "D:\emule\emule.exe -AutoStart" ["http://www.emule-project.net"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = ""C:\Program Files\WINAMP\winampa.exe"" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"PROMT Integrator" = ""C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun" ["PROject MT, Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Utils\SPYBOO~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
PromtMenu\(Default) = "{179A4540-F689-11d3-BEDC-00E0290CDC2F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PROMT5\PROMT\prmshell.dll" ["PROject MT, Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
"CoolMon Executable" -> shortcut to: "C:\Utils\coolmon\DaisyManSoftware\CoolMon.exe" [null data]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"{69D348CC-2CB5-4251-8CC4-EA4ADD95409E}_TITANIUM_Administrateur" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{69D348CC-2CB5-4251-8CC4-EA4ADD95409E}_TITANIUM_Administrateur"" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"ButtonText" = "Traduction"
"MenuText" = "Traduire"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]
{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Personnaliser les options de traduction"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{7A2EFD41-E6B3-11D2-89E3-00E0292EE574}\
"ButtonText" = "Traduction"
"MenuText" = "Traduire"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\promtie5.htm" [null data]
{7A2EFD41-E6B3-11D2-89E3-00E0292EE575}\
"MenuText" = "Personnaliser les options de traduction"
"Script" = "C:\Program Files\PROMT5\PROMTIE4\options.htm" [null data]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ADSLAutoconnect, ADSLAutoconnect, ""C:\UTILS\ADSL AUTOCONNECT\ADSL Autoconnect.exe" -z" [null data]
AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 29 seconds, including 4 seconds for message boxes)
Moe, ayet trop tard, j'ai la bague au doigt... donc c'est plutôt ma fin qui approche ;)
Bon courage à toi avec mektub... et les autres !
Biz
Mona
Bon courage à toi avec mektub... et les autres !
Biz
Mona
pour
planificateur de paquet Qos
- client pour les reseaux microsoft
n'y touche pas, laisse comme c'est
ou en sont tes soucis ?
je vois plus rien de suspect
reposte un hc.bat pour voir
a+
planificateur de paquet Qos
- client pour les reseaux microsoft
n'y touche pas, laisse comme c'est
ou en sont tes soucis ?
je vois plus rien de suspect
reposte un hc.bat pour voir
a+
je viens de supprimer les 2 activ x et spybot a detecté du mouvement. il m'a dit que la base de registre est modifié
j'ai re-double cliqué sur le fix.reg que tu m'as fait faire.
ensuite, j'ai eu sur mon disue C (là où il y a windows) un dossier nommé: !submit
Il y avait 3 .exe qui figurait dans la liste des elements à supprimer avec killbox.
j'ai supprimmé le dossier.
...
j'ai re-double cliqué sur le fix.reg que tu m'as fait faire.
ensuite, j'ai eu sur mon disue C (là où il y a windows) un dossier nommé: !submit
Il y avait 3 .exe qui figurait dans la liste des elements à supprimer avec killbox.
j'ai supprimmé le dossier.
...
OS: Microsoft Windows XP [version 5.1.2600]
Recherche registre ...
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SiSUSBRG REG_SZ C:\WINDOWS\SiSUSBrg.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
SpeedTouch USB Diagnostics REG_SZ "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AVGCtrl REG_SZ C:\Program Files\AVPersonal\AVGNT.EXE /min
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
WinampAgent REG_SZ "C:\Program Files\WINAMP\winampa.exe"
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
PROMT Integrator REG_SZ "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
system REG_SZ
Recherche presence hclean32.exe...
non trouvé...
Recherche registre ...
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SiSUSBRG REG_SZ C:\WINDOWS\SiSUSBrg.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
SpeedTouch USB Diagnostics REG_SZ "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AVGCtrl REG_SZ C:\Program Files\AVPersonal\AVGNT.EXE /min
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
WinampAgent REG_SZ "C:\Program Files\WINAMP\winampa.exe"
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
PROMT Integrator REG_SZ "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
system REG_SZ
Recherche presence hclean32.exe...
non trouvé...
je viens d'essayer d'envoyer un mail (avec foxmail) mais ça ne marche pas, tu veux que je t'envoi le message d'erreur, ou je vais dans le forum logiciel ?
le dossier !submit est crée par killbox, pas de soucis, c'est comme une sauvegarde.
faudrait que tu fasse un scan de controle chez kav ou bitdef histoite de voir si tout est ok
c'est quoi l'erreur pour foxmail ?
a+
faudrait que tu fasse un scan de controle chez kav ou bitdef histoite de voir si tout est ok
c'est quoi l'erreur pour foxmail ?
a+
ok le scan est en cours (bitdefender)
sinon, le mess d'erreur: description de la petite fenêtre:
the server reply:
554 <adresse@adresse.com> relay access denied
continue ?
et une case oui et une autre non.
si je fais oui: tout se ferme et j'ai mon mail dans les elements non envoyés
si je fais non: idem
sinon, le mess d'erreur: description de la petite fenêtre:
the server reply:
554 <adresse@adresse.com> relay access denied
continue ?
et une case oui et une autre non.
si je fais oui: tout se ferme et j'ai mon mail dans les elements non envoyés
si je fais non: idem
est ce que tu as bien rentré le parametre smtp pour ton compte et mis celui de ton fai ?
par exemple si tu est chez wanadoo:
il faut rentrer smtp.wanadoo.fr
pour l'instant, c'est le seul truc que j'ai pu trouver...
a+
par exemple si tu est chez wanadoo:
il faut rentrer smtp.wanadoo.fr
pour l'instant, c'est le seul truc que j'ai pu trouver...
a+
