Pb de virus

fleurdelys -  
 Utilisateur anonyme -
bonjour
jai ete contaminé par un virus et je narrive pa a lenlever
g norton antivirus mais il a ete desactiver et je narrive pas a le reinstaller
voici le log de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 17:19:25, on 10/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\magali\Mes documents\Ma musique\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

jespere ke vous pourrez maider

74 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Infection par un malware complexe entraîne une désinfection difficile sur Windows XP, avec des indices de Trojan.DNSChanger et Trojan.Downloader dans les rapports HijackThis et SmitfraudFix. Plusieurs mesures préconisées incluent démarrer en mode sans échec, relancer SmitfraudFix et HijackThis, puis sauvegarder et publier les rapports avant de redémarrer en mode normal correctement. Des outils comme Pocket Killbox et des suppressions manuelles des clés de démarrage, liées à yaemu.exe et aux serveurs DNS personnalisés, s'accompagnent d'une réinitialisation des paramètres réseau. En parallèle, la vérification des journaux et la suppression des restes dans les System Restore et les entrées de démarrage nécessitent plusieurs passes pour éviter une réinfection future.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. fleudelys
     
    merci de maider
    voila

    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]
    "UnSpyPC" = ""C:\Program Files\UnSpyPC\UnSpyPC.exe"" [file not found]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
    "wininet.dll" = "mscornet.exe" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
    "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
    "WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
    "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
    "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
    "Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]
    "NAV Agent" = "C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" ["Symantec Corporation"]
    "WFXSwtch" = "C:\PROGRA~1\NORTON~1\DelFax\WFXSWTCH.exe" [null data]
    "WinFaxAppPortStarter" = "wfxsnt40.exe" [MS]
    "yaemu.exe" = "C:\WINDOWS\system32\yaemu.exe" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
    "{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    INFECTION WARNING! "System" = "cszhz.exe" [null data]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Lobel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Startup items in "Lobel" & "All Users" startup folders:
    -------------------------------------------------------

    C:\Documents and Settings\Lobel\Menu Démarrer\Programmes\Démarrage
    "Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

    Enabled Scheduled Tasks:
    ------------------------

    "Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
    "Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe /dat:C:\Program Files\Norton SystemWorks\swplugin.nsi /NSWCMD:OBCSchedule" ["Symantec Corporation"]
    "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKCU\Software\Microsoft\Internet Explorer\Extensions\
    {1462651F-F4BA-4C76-A001-C4284D0FE16E}\
    "ButtonText" = "Wanadoo"
    "Exec" = "http://www.wanadoo.fr" [file not found]

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {36ECAF82-3300-8F84-092E-AFF36D6C7040}\
    "ButtonText" = "Run WinHTTrack"
    "MenuText" = "Launch WinHTTrack"
    "CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messager Wanadoo"
    "MenuText" = "Messager Wanadoo"
    "Exec" = "C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" ["France Telecom"]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    Norton Unerase Protection, NProtectService, "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
    Service Norton AntiVirus Auto-Protect, navapsvc, "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    DelFax Ports\Driver = "WFXMNT40.DLL" [MS]
    hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
    Ports DelrinaFax (qualité photo)\Driver = "WFXMNTHQ.DLL" [MS]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 17 seconds, including 4 seconds for message boxes)
    0
  2. Utilisateur anonyme
     
    Re moi,

    Ton antivirus te detecte un certain hclean?

    *
    Telecharge ceci
    http://cjoint.com/?mksAlUS0sY

    Lance Hcsrch.bat

    Il va generer un rapport
    copie/colle le sur le forum

    a+
    0
  3. fleurdelys
     
    jarrive pas a faire aller mon antivirus, j'ai essaye de le reinstaller ms il se desactive automatiquement.

    voila le rapport

    Rapport fait à 18:30:22,39 le 10/12/2005
    Executé à partir de C:\Documents and Settings\mag\Bureau
    OS: Microsoft Windows XP [version 5.1.2600]

    *********************************************

    Vérification HKLM\...\...\...\...\ruins

    *********************************************

    Fichiers détectés :

    *********************************************

    Recherche des processus aleatoires
    d'après les modèles : cs***.exe, dm***.exe, ya***.exe

    C:\WINDOWS\System32

    *********************************************

    Recherche presence hclean32.exe...

    non trouvé...

    encor merci...
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    re,

    Télécharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe

    :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
    http://pageperso.aol.fr/balltrap34/killbox.htm

    - - -----------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61

    O17 - HKLM\System\CS1\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61

    O17 - HKLM\System\CS2\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61
    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Déconnecte toi d'internet c'est important

    puis vérifie ceci:
    demarrer > connection > clic droit sur ta connection > propriétés
    gestion de reseau
    assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"
    valide avec ok

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    1- Double-clic sur KillBox.exe (Pocket Killbox)

    - coche: delete on reboot
    - Dans "Full Path of File to Delete"
    copie et colle:

    C:\WINDOWS\system32\yaemu.exe

    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer clique sur YES
    -Si le pc ne redemarre pas tout seul, redemarre le par toi meme

    Reposte un hijack this + silent runner

    a+

    0
  6. fleurdelys
     
    re

    g executer ad-aware et spybot en mode sans echec
    ensuite g executer hijack et la la ligne "04-HKLM....yaemu.exe" avai disparu
    g fixer les autres comme tu ma dis

    apres g chercher le fichier "yaemu.exe" ms il a ete effacer de pc.
    g quand mm executer killbox et o redemarrage g encor eu l'apparition d une pub (due o virus)

    g executer msconfig et dans demarrage g decocher le lancement de "yaemu.exe" et un autre truc "UNSpyPC"
    g encor redemarrer et g tjrs le pb

    jespere ke c un peu pres clair lol

    voila le log

    Logfile of HijackThis v1.99.1
    Scan saved at 20:42:21, on 10/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\NORTON~1\DelFax\WFXSWTCH.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\magali\Mes documents\Ma musique\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\DelFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
    "wininet.dll" = "mscornet.exe" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
    "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
    "WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
    "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
    "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
    "Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]
    "NAV Agent" = "C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" ["Symantec Corporation"]
    "WFXSwtch" = "C:\PROGRA~1\NORTON~1\DelFax\WFXSWTCH.exe" [null data]
    "WinFaxAppPortStarter" = "wfxsnt40.exe" [MS]
    "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
    "{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    INFECTION WARNING! "System" = "cszgb.exe" [null data]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Lobel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Startup items in "Lobel" & "All Users" startup folders:
    -------------------------------------------------------

    C:\Documents and Settings\Lobel\Menu Démarrer\Programmes\Démarrage
    "Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

    Enabled Scheduled Tasks:
    ------------------------

    "Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
    "Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe /dat:C:\Program Files\Norton SystemWorks\swplugin.nsi /NSWCMD:OBCSchedule" ["Symantec Corporation"]
    "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKCU\Software\Microsoft\Internet Explorer\Extensions\
    {1462651F-F4BA-4C76-A001-C4284D0FE16E}\
    "ButtonText" = "Wanadoo"
    "Exec" = "http://www.wanadoo.fr" [file not found]

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messager Wanadoo"
    "MenuText" = "Messager Wanadoo"
    "Exec" = "C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" ["France Telecom"]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    Norton Unerase Protection, NProtectService, "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
    Service Norton AntiVirus Auto-Protect, navapsvc, "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
    Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe" ["Symantec Corporation"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    DelFax Ports\Driver = "WFXMNT40.DLL" [MS]
    hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
    Ports DelrinaFax (qualité photo)\Driver = "WFXMNTHQ.DLL" [MS]
    0
  7. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonsoir Fleurdelys, Bonsoir Msiter Régis59 ;-))

    Pour avancer le travail de Mister Régis59, que je salue au passage !,

    Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------

    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :
    C:\WINDOWS\system32\wdfmgr.exe
    Clik send et colle le rapport stp

    Bon courage.

    A+
    0
  8. fleurdelys
     
    bonsoir merci de maider

    Antivirus Version Update Result
    AntiVir 6.33.0.61 12.09.2005 no virus found
    Avast 4.6.695.0 12.10.2005 no virus found
    AVG 718 12.08.2005 no virus found
    Avira 6.33.0.61 12.09.2005 no virus found
    BitDefender 7.2 12.10.2005 no virus found
    CAT-QuickHeal 8.00 12.09.2005 no virus found
    ClamAV devel-20051108 12.09.2005 no virus found
    DrWeb 4.33 12.10.2005 no virus found
    eTrust-Iris 7.1.194.0 12.09.2005 no virus found
    eTrust-Vet 11.9.1.0 12.09.2005 no virus found
    Fortinet 2.54.0.0 12.10.2005 no virus found
    F-Prot 3.16c 12.09.2005 no virus found
    Ikarus 0.2.59.0 12.10.2005 no virus found
    Kaspersky 4.0.2.24 12.10.2005 no virus found
    McAfee 4647 12.09.2005 no virus found
    NOD32v2 1.1317 12.09.2005 no virus found
    Norman 5.70.10 12.09.2005 no virus found
    Panda 8.02.00 12.10.2005 no virus found
    Sophos 4.00.0 12.10.2005 no virus found
    Symantec 8.0 12.10.2005 no virus found
    TheHacker 5.9.1.052 12.09.2005 no virus found
    VBA32 3.10.5 12.10.2005 no virus found

    voila apparemment c pas un virus
    0
  9. incognito02 Messages postés 3487 Statut Contributeur 138
     
    On continu ! ;-)

    idem avec ce fichier :
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    Norton ne fonctionne toujours pas ?

    A+
    0
  10. fleurdelys
     
    tjrs rien :-(

    Antivirus Version Update Result
    AntiVir 6.33.0.61 12.09.2005 no virus found
    Avast 4.6.695.0 12.10.2005 no virus found
    AVG 718 12.08.2005 no virus found
    Avira 6.33.0.61 12.09.2005 no virus found
    BitDefender 7.2 12.10.2005 no virus found
    CAT-QuickHeal 8.00 12.09.2005 no virus found
    ClamAV devel-20051108 12.09.2005 no virus found
    DrWeb 4.33 12.10.2005 no virus found
    eTrust-Iris 7.1.194.0 12.09.2005 no virus found
    eTrust-Vet 11.9.1.0 12.09.2005 no virus found
    Fortinet 2.54.0.0 12.10.2005 no virus found
    F-Prot 3.16c 12.09.2005 no virus found
    Ikarus 0.2.59.0 12.10.2005 no virus found
    Kaspersky 4.0.2.24 12.10.2005 no virus found
    McAfee 4647 12.09.2005 no virus found
    NOD32v2 1.1317 12.09.2005 no virus found
    Norman 5.70.10 12.09.2005 no virus found
    Panda 8.02.00 12.10.2005 no virus found
    Sophos 4.00.0 12.10.2005 no virus found
    Symantec 8.0 12.10.2005 no virus found
    TheHacker 5.9.1.052 12.09.2005 no virus found
    VBA32 3.10.5 12.10.2005 no virus found

    non norton ne marche pas j'ai fini par le desinstaler
    0
  11. Utilisateur anonyme
     
    salut

    merci d avoir pris le relai

    un fichier me semble suspect:
    Télécharge ceci: (merci a S!RI pour ce petit programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    a+
    0
  12. fleurdelys
     
    voila le rapport de bitdefender

    C:\RECYCLER\NPROTECT\00090619.exe
    Infecté par: Trojan.DNSChanger.R

    C:\RECYCLER\NPROTECT\00090619.exe
    Echec de la désinfection

    C:\RECYCLER\NPROTECT\00090619.exe
    Supprimé

    C:\RECYCLER\NPROTECT\00090644.exe
    Infecté par: Trojan.DNSChanger.R

    C:\RECYCLER\NPROTECT\00090644.exe
    Echec de la désinfection

    C:\RECYCLER\NPROTECT\00090644.exe
    Supprimé

    C:\RECYCLER\NPROTECT\00090645.exe
    Infecté par: Trojan.DNSChanger.R

    C:\RECYCLER\NPROTECT\00090645.exe
    Echec de la désinfection

    C:\RECYCLER\NPROTECT\00090645.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011413.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011413.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011413.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011423.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011423.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011423.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011428.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011428.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011428.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011442.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011442.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011442.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011630.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011630.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011630.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011636.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011636.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011636.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011731.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011731.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011731.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011750.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011750.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011750.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011758.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011758.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011758.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011767.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011767.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011767.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011799.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011799.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011799.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011801.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011801.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011801.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011809.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011809.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011809.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011823.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011823.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011823.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011982.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011982.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011982.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011983.sys
    Suspecté de: Trojan.Downloader.Msys.A

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011983.sys
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011983.sys
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011984.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011984.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011984.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012009.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012009.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012009.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012011.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012011.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012011.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012012.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012012.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012012.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012525.exe
    Infecté par: Trojan.Downloader.FFZ

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012525.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012525.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012533.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012533.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012533.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012534.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012534.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012534.exe
    Supprimé

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012535.exe
    Infecté par: Trojan.DNSChanger.R

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012535.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012535.exe
    Supprimé

    C:\WINDOWS\system32\mscornet.exe
    Infecté par: BehavesLike:Win32.ExplorerHijack

    C:\WINDOWS\system32\mscornet.exe
    Echec de la désinfection

    C:\WINDOWS\system32\mscornet.exe
    Supprimé

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    et celui de Smitfraudfix

    Rapport fait à 23:12:10,56 le 10/12/2005
    Executé à partir de C:\Documents and Settings\magali\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

    C:\WINDOWS\system32\ncompat.tlb PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\magali\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    grd merci a vs deux
    biz
    0
  13. incognito02 Messages postés 3487 Statut Contributeur 138
     
    On s'accroche !

    Démarre en mode sans échec (tapoter sur F8 dés le demarrage de windows
    Relance le programme Smitfraud,
    Cette fois choisir l’option 2, répondre oui a tous ;
    Sauvegarder le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

    ---
    Nobody is perfect, mais j'essaye .....
    0
  14. fleurdelys
     
    voila

    Rapport fait à 23:23:46,57 le 10/12/2005
    Executé à partir de C:\Documents and Settings\magali\Bureau\virus\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\ncompat.tlb supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
    0
  15. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Ouf !

    Où en sont tes soucis ?

    A+

    0
  16. fleurdelys
     
    rien de nouveau qd j'ai redemarrer en mode normal ya encor une pub qui c'est afficher dans le bureau :-(

    g rechercher ds mon registre pour voir si il y avait ancor des traces de "yaemu" ou de "unspypc", ki je pence st les responsable, ms rien g tout suppr.

    en attendant 1 rep
    merci
    0
  17. Utilisateur anonyme
     
    Tu peux remettre un silent runner?

    a+
    0
  18. fleurdelys
     
    voila .

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
    "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
    "WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
    "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
    "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
    "Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]
    "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
    0
  19. Utilisateur anonyme
     
    Tu peux analyser cela?

    C:\WINDOWS\system32\idemlog.exe

    a+
    0
  • 1
  • 2
  • 3
  • 4