[Virus] Help (Résultat Scan HijackThis 1.99)
Pharaoh
-
Pharaoh -
Pharaoh -
Bonjour à la toute la communauté. C'est très simple, l'ordi est infesté de spywares, et IE se noie dans une flopée de pop-ups. Voila le hijackthislog :
Logfile of HijackThis v1.99.1
Scan saved at 14:52:55, on 15/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\msnet32.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: (no name) - {432D8C41-8586-11D8-997D-00C026232EB9} - C:\WINDOWS\2_0_2BrowserHelper2.dll (file missing)
O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll
O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge"&
Logfile of HijackThis v1.99.1
Scan saved at 14:52:55, on 15/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\msnet32.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjchcmrfuiywbrsdh.com/UBeFpb5ESa9JLCxi4kc1dafGov4MheCIkxWnHFdFjOdNCN1GYgFaUFNgC0QDzA4h.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: (no name) - {432D8C41-8586-11D8-997D-00C026232EB9} - C:\WINDOWS\2_0_2BrowserHelper2.dll (file missing)
O2 - BHO: (no name) - {4D3FB49C-BEF6-A7B2-7971-E1A02EE804C4} - C:\WINDOWS\System32\pspcmjwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: (no name) - {916E2C63-FD7A-24F7-4883-DB57A82AC6D4} - C:\WINDOWS\System32\wurckzhj.dll (file missing)
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O2 - BHO: (no name) - {9A07BD91-A601-94ED-E7D9-CC1A8067FCD3} - C:\WINDOWS\System32\hqtpwipn.dll
O2 - BHO: (no name) - {9E3EB43C-5D0F-B6DF-4576-6D9A0D7EE7E9} - C:\WINDOWS\System32\dqgclfts.dll
O2 - BHO: (no name) - {E410CD3E-E532-990F-62FB-4C7E1F371232} - C:\DOCUME~2\PHARAO~1.X00\APPLIC~1\INSIDE~1\show joy.exe
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKLM\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKLM\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKLM\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKLM\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Debt+Consolidation">Debt Consolidation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Business">Home Business</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Internet+Marketing">Internet Marketing</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Cards">Business Cards</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Working+From+Home">Work From Home</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Incorporation">Incorporation</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opp.</a>..
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Web+Site+Design">Web Site Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Investing+Money">Investing Money</a>,
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_main.gif" width="1" height="450"></td>
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Sports+Betting">Sports Betting</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a>,
O4 - HKLM\..\Run: [ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a><] c:\WINDOWS\System32\ <h1><a href="http://search.lop.com/search/search.cgi?src=homepage&s=Travel">Travel Services</a></h1>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Distance+Learning">Distance Learning</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Schools">Business Schools</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer+Training">Computer Training</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Pharmacy+Online">Pharmacy Online</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Birthday+Gift">Birthday Gift</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Improvement">Home Improvement</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Interior+Design">Interior Design</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Home+Theater">Home theater</a>...<br>
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Human+Resource">Human Resource</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Legal+Services">Legal Services</a>,
O4 - HKLM\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Advertising">Online Advertising</a>...<br>
O4 - HKLM\..\Run: [ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="] c:\WINDOWS\System32\ <td width="777" background="http://image.lop.com/images/new_images/bg_bottom.gif" align="center" valign="top" height="55">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_left.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="t] c:\WINDOWS\System32\ <td background="http://image.lop.com/images/new_images/bg_bottom_links.gif" style="padding-top: 4" align="center" valign="top">
O4 - HKLM\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_bottom_links_right.gif" width="36" height="30"></td>
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O4 - HKCU\..\Run: [ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:] c:\WINDOWS\System32\ .normaltext_verdana {font-family: verdana, arial, helvetica, sans-serif; font-size: 11px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:] c:\WINDOWS\System32\ .verdana_10 {font-family: verdana, arial, helvetica, sans-serif; font-size: 10px; color: #363636; margin:0px}
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img.gif" width="172" height="79"><map name="FPMap0"><area alt="Make Startpage" coords="334, 39, 465, 63" shape="rect" href="startpage.html"><area alt="Advertise" coords="472, 39, 565, 63" shape="rect" href="/advertise.html"></map><img border="0" src="http://image.lop.com/images/new_images/header.jpg" width="605" height="79" usemap="#FPMap0"></td>
O4 - HKCU\..\Run: [ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.g] c:\WINDOWS\System32\ <td width="777" valign="top" align="left" background="http://image.lop.com/images/new_images/bg_main.gif">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/top_left_img_grey.gif" width="172" height="6"></p>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/arr_fav.gif" width="4" height="6"> <b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Casino">Online Casino</a></b><br>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2">] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/dots_fav.gif" width="154" height="1" vspace="2"><br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Online+Dating">Online Dating</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Weight+Loss">Weight Loss</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Inkjet+Cartridge">Inkjet Cartridge</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Cash+Advance">Cash Advance</a></b>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Business+Opportunity">Business Opportunity</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Domain+Hosting">Domain Hosting</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Credit+Cards">Credit Cards</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> ] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Long+Distance">Long Distance</a></b> <br>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a>] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Discount+Travel">Discount Travel</a></b>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="605" height="423" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> <] c:\WINDOWS\System32\ <td width="9" rowspan="3" background="http://image.lop.com/images/new_images/bg_leftshad.gif" height="423"> </td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#1111] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" width="464" bgcolor="#FFC834" style="border-collapse: collapse" bordercolor="#111111">
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/spacer.gif" width="1" height="1"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_topr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumbe] c:\WINDOWS\System32\ <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
O4 - HKCU\..\Run: [ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:<] c:\WINDOWS\System32\ <p class="verdana_10">Search our database of the Internet. Enter your search phrase here:</td>
O4 - HKCU\..\Run: [ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"><] c:\WINDOWS\System32\ <input type="text" name="s" size="32" style="font-family: courier, monospace; border: 1px solid #545454; margin-top: 2; margin-bottom: 2; background-color: #FFFFFF; padding-left:4; padding-right:4; padding-top:1; padding-bottom:1"></td>
O4 - HKCU\..\Run: [ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a><] c:\WINDOWS\System32\ <INPUT type=image border="0" src="http://image.lop.com/images/new_images/but_search.gif" width="80" height="22"></a></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botl.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"><] c:\WINDOWS\System32\ <img border="0" src="http://image.lop.com/images/new_images/round_search_botr.gif" width="7" height="7"></td>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a><] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Entertainment">Entertainment</a></h1>
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Computer Games">Computer Games</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Instant+Messaging">Instant Messaging</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Adult+Education">Adult Education</a>,
O4 - HKCU\..\Run: [ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge">Printer Cartridge<] c:\WINDOWS\System32\ <a href="http://search.lop.com/search/search.cgi?src=homepage&s=Printer+Cartridge"&
A voir également:
- [Virus] Help (Résultat Scan HijackThis 1.99)
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Scan qr code pc - Guide
- Resultat foot - Télécharger - Vie quotidienne
- Virus mcafee - Accueil - Piratage
- Sfc scan - Guide
46 réponses
Y a des fois j'ai internet qui marche carément pas, mais c'est peut -être pas lié. J'ai des erreurs LSA Shell au démarage (avec compte à rebours), et un message d'erreur à l'ouverture de la session XP (0x00000BB). Voila le dernier log :
Logfile of HijackThis v1.99.1
Scan saved at 14:46:51, on 29/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Windows Security Protocol] win32sprot.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:46:51, on 29/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Windows Security Protocol] win32sprot.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
salut
Télécharge ce prog:
http://cjoint.com/?bDoSfqKyPv
dezippe le sur le bureau et double clic sur rtksrchtest.bat
le bloc note va s'ouvrir, copie et colle le contenu ici.
(si le contenu de bloc note est vide, c'est qu'il ne detecte rien)
a+
Télécharge ce prog:
http://cjoint.com/?bDoSfqKyPv
dezippe le sur le bureau et double clic sur rtksrchtest.bat
le bloc note va s'ouvrir, copie et colle le contenu ici.
(si le contenu de bloc note est vide, c'est qu'il ne detecte rien)
a+
Bon j'ai viré ce msnet avec hijack... et voila moe31 :
C:\WINDOWS\System32\download.dat Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\download.dat
C:\WINDOWS\System32\dskcheck.exe
********************************************
C:\WINDOWS\System32\eraseme_?????.exe Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\result.txt
C:\WINDOWS\System32\TFTP1308
C:\WINDOWS\System32\TFTP1880
C:\WINDOWS\System32\TFTP360
C:\WINDOWS\System32\eraseme_03188.exe
C:\WINDOWS\System32\eraseme_83537.exe
********************************************
C:\WINDOWS\System32\TFTP???? Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\TFTP2792
********************************************
C:\WINDOWS\System32\i Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\TFTP2792
********************************************
C:\WINDOWS\System32\download.dat Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\download.dat
C:\WINDOWS\System32\dskcheck.exe
********************************************
C:\WINDOWS\System32\eraseme_?????.exe Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\result.txt
C:\WINDOWS\System32\TFTP1308
C:\WINDOWS\System32\TFTP1880
C:\WINDOWS\System32\TFTP360
C:\WINDOWS\System32\eraseme_03188.exe
C:\WINDOWS\System32\eraseme_83537.exe
********************************************
C:\WINDOWS\System32\TFTP???? Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\TFTP2792
********************************************
C:\WINDOWS\System32\i Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\TFTP2792
********************************************
Salut
Imprime, ou enregistre la manip dans un fichier txt (bloc notes, par exemple) pour etre sur ne rien oublier et de tout faire dans l'ordre.
Avant de commencer quoi que ce soit, il est important que tu fasses ceci:
Déconnecte toi d'internet et ferme tout les programmes en cours.
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O4 - HKLM\..\RunServices: [Windows Security Protocol] win32sprot.exe
valider en cliquant sur le bouton [Fix checked]
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Redémarre en mode sans échec
Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
/!\ Ne pas oublier une fois le nettoyage terminé de faire l'inverse pour recacher les fichiers.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Recherche et supprime ces fichiers ou dossiers:
Supprimer les fichiers en suivant le chemin des fichiers infectés, et pas par la fonction "Rechercher"
supprime:
C:\WINDOWS\System32\win32sprot.exe
C:\WINDOWS\System32\download.dat
C:\WINDOWS\System32\dskcheck.exe
C:\WINDOWS\System32\TFTP1308
C:\WINDOWS\System32\TFTP1880
C:\WINDOWS\System32\TFTP360
C:\WINDOWS\System32\TFTP2792
C:\WINDOWS\System32\eraseme_03188.exe
C:\WINDOWS\System32\eraseme_83537.exe
C:\WINDOWS\System32\i
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Ensuite:
Dans le menu Demarrer>Executer >tape: Services.msc
recherche le service avec cette orthographe exacte:
Microsoft Network Service
Double clic dessus et clic sur [arreter] puis dans :
type de demarrage --> sélectionne désactivé.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Ensuite, tres important:
:: Supprimer les fichiers temporaires, susceptibles de contenir des virus ou spywares ::
Vider tout le contenu des dossiers Temp :
ils se trouvent ici:
* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Temp
* C:\Windows\Temp
Vider le contenu du dossier Prefetch :
il se trouve ici:
* C:\WINDOWS\Prefetch <= supprimer tout ce qui se trouve à l'intérieur, sauf le fichier layout.ini
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Redemarre normalement le pc et reposte un rapport hijackthis+un rapport rtksrchtest.bat
a+
Imprime, ou enregistre la manip dans un fichier txt (bloc notes, par exemple) pour etre sur ne rien oublier et de tout faire dans l'ordre.
Avant de commencer quoi que ce soit, il est important que tu fasses ceci:
Déconnecte toi d'internet et ferme tout les programmes en cours.
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:
O2 - BHO: XBTP00001 - {65327046-DDDB-419e-B297-50C6D6FAB793} - C:\PROGRA~1\SUPERB~1.1\SUPER-~1.DLL
O2 - BHO: SiteActivation.SiteActivationBHO - {918BC41A-9563-4522-B8CA-37AE5C51633A} - C:\PROGRA~1\SUPERB~1.1\SITEAC~1.DLL
O4 - HKLM\..\RunServices: [Windows Security Protocol] win32sprot.exe
valider en cliquant sur le bouton [Fix checked]
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Redémarre en mode sans échec
Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider
/!\ Ne pas oublier une fois le nettoyage terminé de faire l'inverse pour recacher les fichiers.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Recherche et supprime ces fichiers ou dossiers:
Supprimer les fichiers en suivant le chemin des fichiers infectés, et pas par la fonction "Rechercher"
supprime:
C:\WINDOWS\System32\win32sprot.exe
C:\WINDOWS\System32\download.dat
C:\WINDOWS\System32\dskcheck.exe
C:\WINDOWS\System32\TFTP1308
C:\WINDOWS\System32\TFTP1880
C:\WINDOWS\System32\TFTP360
C:\WINDOWS\System32\TFTP2792
C:\WINDOWS\System32\eraseme_03188.exe
C:\WINDOWS\System32\eraseme_83537.exe
C:\WINDOWS\System32\i
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Ensuite:
Dans le menu Demarrer>Executer >tape: Services.msc
recherche le service avec cette orthographe exacte:
Microsoft Network Service
Double clic dessus et clic sur [arreter] puis dans :
type de demarrage --> sélectionne désactivé.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Ensuite, tres important:
:: Supprimer les fichiers temporaires, susceptibles de contenir des virus ou spywares ::
Vider tout le contenu des dossiers Temp :
ils se trouvent ici:
* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Temp
* C:\Windows\Temp
Vider le contenu du dossier Prefetch :
il se trouve ici:
* C:\WINDOWS\Prefetch <= supprimer tout ce qui se trouve à l'intérieur, sauf le fichier layout.ini
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Redemarre normalement le pc et reposte un rapport hijackthis+un rapport rtksrchtest.bat
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J'ai pas trouvé de win32sprot.exe, mais le reste de la manip à l'ai de s'être correctement passé... Au démarage, j'ai encore un LSA Shell (si je clique dessus, c'est parti pour 60 secondes avant reboot...)
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\WINDOWS\System32
29/01/2006 17:12 67 o
1 fichier(s) 67 octets
0 R‚p(s) 2008121344 octets libres
puis ca :
C:\WINDOWS\System32\eraseme_?????.exe Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\eraseme_25054.exe
********************************************
C:\WINDOWS\System32\TFTP???? Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\sme.exe
C:\WINDOWS\System32\TFTP244
C:\WINDOWS\System32\mswinpad.exe
********************************************
C:\WINDOWS\System32\o Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\sme.exe
C:\WINDOWS\System32\TFTP244
C:\WINDOWS\System32\mswinpad.exe
********************************************
et le hijack :
Logfile of HijackThis v1.99.1
Scan saved at 17:18:08, on 29/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\WINDOWS\System32
29/01/2006 17:12 67 o
1 fichier(s) 67 octets
0 R‚p(s) 2008121344 octets libres
puis ca :
C:\WINDOWS\System32\eraseme_?????.exe Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\eraseme_25054.exe
********************************************
C:\WINDOWS\System32\TFTP???? Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\sme.exe
C:\WINDOWS\System32\TFTP244
C:\WINDOWS\System32\mswinpad.exe
********************************************
C:\WINDOWS\System32\o Présent
!!! Attention, les fichiers qui suivent ne sont pas tous infect‚s !!!
C:\WINDOWS\System32\sme.exe
C:\WINDOWS\System32\TFTP244
C:\WINDOWS\System32\mswinpad.exe
********************************************
et le hijack :
Logfile of HijackThis v1.99.1
Scan saved at 17:18:08, on 29/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
on va essayer autre chose:
Lance hijackthis, clic sur [Open the misc tools section]
A coté du bouton [Générate startuplist log]
coche les 2 cases
puis clic sur [Générate startuplist log]
copie et colle le long rapport ici.
Lance hijackthis, clic sur [Open the misc tools section]
A coté du bouton [Générate startuplist log]
coche les 2 cases
puis clic sur [Générate startuplist log]
copie et colle le long rapport ici.
ouaip... long ^^
StartupList report, 29/01/2006, 17:29:30
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\Démarrage]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Lexmark 2200 Series = "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1 = C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{D86FED38-74E9-437E-B0D8-47BF94A35B7B}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe
[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
[{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] *
StubPath = rundll32 iesetup.dll,IEAccessUserInst
[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=
SCRNSAVE.EXE=C:\WINDOWS\MATRIX~1.SCR
drivers=
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\dec.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.
Registry check failed!
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Démarrage du programme de réglages.job
Symantec NetDetect.job
Planificateur pour la collecte de données PCHealth.job
Rappel d'expiration de la désinstallation.job
95BC814E93AB5392.job
A445D68591BA5135.job
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[{00000055-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/fhg.CAB
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\MACROMED\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
[WScanCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\webscan.dll
CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
[{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38619.5966435185
[{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
a347bus: System32\DRIVERS\a347bus.sys (system)
a347scsi: System32\Drivers\a347scsi.sys (system)
General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)
USB ADSL WAN Adapter: System32\DRIVERS\adiusbaw.sys (manual start)
Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)
Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart)
Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)
Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asapiW2k: \??\C:\WINDOWS\System32\DRIVERS\asapiW2k.sys (autostart)
Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start)
Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system)
Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
C-Dilla: \??\C:\WINDOWS\System32\drivers\CDANT.SYS (manual start)
C-DillaSrv: C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (autostart)
Décodeur sous-titre fermé: System32\DRIVERS\CCDECODE.sys (manual start)
Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system)
Service d'indexation: C:\WINDOWS\System32\cisvc.exe (manual start)
Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start)
Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
d347bus: System32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote de disque: System32\DRIVERS\disk.sys (system)
Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)
Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)
Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Journal des événements: %SystemRoot%\system32\services.exe (autostart)
Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Carte réseau virtuelle FreeBox USB: System32\DRIVERS\fbxusb32.sys (manual start)
Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start)
Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system)
Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start)
Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start)
Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system)
Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start)
Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start)
Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start)
Pilote IPSEC: System32\DRIVERS\ipsec.sys (system)
Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start)
Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system)
Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system)
Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)
Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Lucent Technologies Soft Modem: System32\DRIVERS\LTSM.sys (manual start)
LVBulk Service: System32\DRIVERS\LVBulk.sys (manual start)
Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system)
Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start)
Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)
Word Process: "C:\WINDOWS\mswinpad.exe" (disabled)
Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start)
Codec NABTS/FEC VBI: System32\DRIVERS\NABTSFEC.sys (manual start)
Connection TV/vidéo Microsoft: System32\DRIVERS\NdisIP.sys (manual start)
Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start)
NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start)
Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start)
Interface NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system)
DDE réseau: %SystemRoot%\system32\netdde.exe (manual start)
DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start)
Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start)
Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NetBIOS Protection: system32\DRIVERS\netpt.sys (system)
Microsoft Network Service: "C:\WINDOWS\msnet32.exe" (disabled)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote d'interface NT APM/hérité: System32\DRIVERS\NtApm.sys (manual start)
Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start)
Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start)
Pilote de bus PCI: System32\DRIVERS\pci.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Performance True Type Fonts: C:\WINDOWS\System32\perfont.exe (disabled)
Logitech ClickSmart 310(PID_0900_V): System32\DRIVERS\LV551AV.sys (manual start)
Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)
Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)
Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system)
Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start)
Parallèle direct: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Pilote de redirecteur de périphérique Terminal Server: System32\DRIVERS\rdpdr.sys (manual start)
Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)
Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system)
Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start)
Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)
Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start)
Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start)
Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
USB Filter Driver: System32\DRIVERS\ser2pl.sys (manual start)
Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start)
Pilote de port série: System32\DRIVERS\serial.sys (system)
Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Détrameur décalage BDA: System32\DRIVERS\SLIP.sys (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)
Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)
Pilote de filtre de restauration système: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start)
Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{B1D01F77-71DA-4E94-8DD8-14823694665A} (manual start)
Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)
Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)
Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system)
Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system)
Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start)
Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Onduleur: %SystemRoot%\System32\ups.exe (manual start)
Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start)
Pilote de concentrateur standard USB Microsoft: System32\DRIVERS\usbhub.sys (manual start)
Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start)
Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start)
Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start)
Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Filtre de bus AGP VIA: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Contrôleur audio VIA AC'97 (WDM): system32\drivers\ac97via.sys (manual start)
Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)
Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start)
Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Win32Sr: "C:\WINDOWS\win32ssr.exe" (disabled)
Microsoft Windows HelpFile: "C:\WINDOWS\services.exe" (disabled)
Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Codec Teletext standard: System32\DRIVERS\WSTCODEC.SYS (manual start)
Mises à jour automatiques: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 35 132 bytes
Report generated in 0,571 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 29/01/2006, 17:29:30
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\Démarrage]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Lexmark 2200 Series = "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1 = C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{D86FED38-74E9-437E-B0D8-47BF94A35B7B}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe
[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
[{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] *
StubPath = rundll32 iesetup.dll,IEAccessUserInst
[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=
SCRNSAVE.EXE=C:\WINDOWS\MATRIX~1.SCR
drivers=
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\dec.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.
Registry check failed!
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Démarrage du programme de réglages.job
Symantec NetDetect.job
Planificateur pour la collecte de données PCHealth.job
Rappel d'expiration de la désinstallation.job
95BC814E93AB5392.job
A445D68591BA5135.job
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[{00000055-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/fhg.CAB
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\MACROMED\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
[WScanCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\webscan.dll
CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
[{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38619.5966435185
[{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
a347bus: System32\DRIVERS\a347bus.sys (system)
a347scsi: System32\Drivers\a347scsi.sys (system)
General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)
USB ADSL WAN Adapter: System32\DRIVERS\adiusbaw.sys (manual start)
Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)
Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart)
Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)
Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asapiW2k: \??\C:\WINDOWS\System32\DRIVERS\asapiW2k.sys (autostart)
Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start)
Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system)
Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
C-Dilla: \??\C:\WINDOWS\System32\drivers\CDANT.SYS (manual start)
C-DillaSrv: C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (autostart)
Décodeur sous-titre fermé: System32\DRIVERS\CCDECODE.sys (manual start)
Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system)
Service d'indexation: C:\WINDOWS\System32\cisvc.exe (manual start)
Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start)
Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
d347bus: System32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote de disque: System32\DRIVERS\disk.sys (system)
Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)
Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)
Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Journal des événements: %SystemRoot%\system32\services.exe (autostart)
Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Carte réseau virtuelle FreeBox USB: System32\DRIVERS\fbxusb32.sys (manual start)
Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start)
Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system)
Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start)
Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start)
Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system)
Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start)
Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start)
Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start)
Pilote IPSEC: System32\DRIVERS\ipsec.sys (system)
Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start)
Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system)
Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system)
Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)
Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Lucent Technologies Soft Modem: System32\DRIVERS\LTSM.sys (manual start)
LVBulk Service: System32\DRIVERS\LVBulk.sys (manual start)
Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system)
Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start)
Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)
Word Process: "C:\WINDOWS\mswinpad.exe" (disabled)
Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start)
Codec NABTS/FEC VBI: System32\DRIVERS\NABTSFEC.sys (manual start)
Connection TV/vidéo Microsoft: System32\DRIVERS\NdisIP.sys (manual start)
Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start)
NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start)
Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start)
Interface NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system)
DDE réseau: %SystemRoot%\system32\netdde.exe (manual start)
DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start)
Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start)
Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NetBIOS Protection: system32\DRIVERS\netpt.sys (system)
Microsoft Network Service: "C:\WINDOWS\msnet32.exe" (disabled)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote d'interface NT APM/hérité: System32\DRIVERS\NtApm.sys (manual start)
Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start)
Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start)
Pilote de bus PCI: System32\DRIVERS\pci.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Performance True Type Fonts: C:\WINDOWS\System32\perfont.exe (disabled)
Logitech ClickSmart 310(PID_0900_V): System32\DRIVERS\LV551AV.sys (manual start)
Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)
Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)
Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system)
Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start)
Parallèle direct: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Pilote de redirecteur de périphérique Terminal Server: System32\DRIVERS\rdpdr.sys (manual start)
Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)
Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system)
Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start)
Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)
Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start)
Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start)
Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
USB Filter Driver: System32\DRIVERS\ser2pl.sys (manual start)
Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start)
Pilote de port série: System32\DRIVERS\serial.sys (system)
Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Détrameur décalage BDA: System32\DRIVERS\SLIP.sys (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)
Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)
Pilote de filtre de restauration système: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start)
Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{B1D01F77-71DA-4E94-8DD8-14823694665A} (manual start)
Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)
Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)
Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system)
Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system)
Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start)
Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Onduleur: %SystemRoot%\System32\ups.exe (manual start)
Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start)
Pilote de concentrateur standard USB Microsoft: System32\DRIVERS\usbhub.sys (manual start)
Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start)
Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start)
Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start)
Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Filtre de bus AGP VIA: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Contrôleur audio VIA AC'97 (WDM): system32\drivers\ac97via.sys (manual start)
Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)
Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start)
Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Win32Sr: "C:\WINDOWS\win32ssr.exe" (disabled)
Microsoft Windows HelpFile: "C:\WINDOWS\services.exe" (disabled)
Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Codec Teletext standard: System32\DRIVERS\WSTCODEC.SYS (manual start)
Mises à jour automatiques: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 35 132 bytes
Report generated in 0,571 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Dis moi si ces fichiers existent dans ton pc:
(rend visible les fichiers cachés et systeme avant)
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\SVKP.sys
(rend visible les fichiers cachés et systeme avant)
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\SVKP.sys
tu peux le faire analyser ici:
http://www.virustotal.com/xhtml/virustotal_en.html
et poster le rapport
a+
http://www.virustotal.com/xhtml/virustotal_en.html
et poster le rapport
a+
Ca a l'air clean...
Antivirus Version Update Result
AntiVir 6.33.0.81 01.28.2006 no virus found
Avast 4.6.695.0 01.29.2006 no virus found
AVG 718 01.27.2006 no virus found
Avira 6.33.0.81 01.27.2006 no virus found
BitDefender 7.2 01.29.2006 no virus found
CAT-QuickHeal 8.00 01.27.2006 no virus found
ClamAV devel-20051123 01.29.2006 no virus found
DrWeb 4.33 01.29.2006 no virus found
eTrust-InoculateIT 23.71.63 01.29.2006 no virus found
eTrust-Vet 12.4.2058 01.27.2006 no virus found
Ewido 3.5 01.29.2006 no virus found
Fortinet 2.54.0.0 01.29.2006 no virus found
F-Prot 3.16c 01.28.2006 no virus found
Ikarus 0.2.59.0 01.27.2006 no virus found
Kaspersky 4.0.2.24 01.29.2006 no virus found
McAfee 4684 01.27.2006 no virus found
NOD32v2 1.1386 01.29.2006 no virus found
Norman 5.70.10 01.27.2006 no virus found
Panda 9.0.0.4 01.29.2006 no virus found
Sophos 4.02.0 01.29.2006 no virus found
Symantec 8.0 01.29.2006 no virus found
TheHacker 5.9.3.083 01.29.2006 no virus found
UNA 1.83 01.27.2006 no virus found
VBA32 3.10.5 01.28.2006 Virtool.SVKProtector
Antivirus Version Update Result
AntiVir 6.33.0.81 01.28.2006 no virus found
Avast 4.6.695.0 01.29.2006 no virus found
AVG 718 01.27.2006 no virus found
Avira 6.33.0.81 01.27.2006 no virus found
BitDefender 7.2 01.29.2006 no virus found
CAT-QuickHeal 8.00 01.27.2006 no virus found
ClamAV devel-20051123 01.29.2006 no virus found
DrWeb 4.33 01.29.2006 no virus found
eTrust-InoculateIT 23.71.63 01.29.2006 no virus found
eTrust-Vet 12.4.2058 01.27.2006 no virus found
Ewido 3.5 01.29.2006 no virus found
Fortinet 2.54.0.0 01.29.2006 no virus found
F-Prot 3.16c 01.28.2006 no virus found
Ikarus 0.2.59.0 01.27.2006 no virus found
Kaspersky 4.0.2.24 01.29.2006 no virus found
McAfee 4684 01.27.2006 no virus found
NOD32v2 1.1386 01.29.2006 no virus found
Norman 5.70.10 01.27.2006 no virus found
Panda 9.0.0.4 01.29.2006 no virus found
Sophos 4.02.0 01.29.2006 no virus found
Symantec 8.0 01.29.2006 no virus found
TheHacker 5.9.3.083 01.29.2006 no virus found
UNA 1.83 01.27.2006 no virus found
VBA32 3.10.5 01.28.2006 Virtool.SVKProtector
bizarre, tu as essayé une fois sur le site de virus total, quand tu clic sur parcourir au lieu de rechercher le fichier tu copie et colle directement son chemin complet dans la boite de dialogue et tu valide.
C:\WINDOWS\System32\sme.exe
Fais un scan ici aussi:
http://webscanner.kaspersky.fr/
et poste le résultat.
a+
C:\WINDOWS\System32\sme.exe
Fais un scan ici aussi:
http://webscanner.kaspersky.fr/
et poste le résultat.
a+
jai rien fait encore, voila le kaspersky
lundi 30 janvier 2006 02:29:01
Système d'exploitation : Microsoft Windows XP Professional, (Build 2600)
Version de Kaspersky On-line Scanner: 5.0.78.0
Dernière mise à jour de la base antivirus Kaspersky : 29/01/2006
Enregistrements dans la base antivirus Kaspersky : 163203
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie. vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
Q:\
R:\
Statistiques de l'analyse
Total d'objets analysés : 91953
Nombre de virus trouvés 6
Nombre d'objets infectés 10
Nombre d'objets suspects 0
Durée de l'analyse 02:03:01
Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\SYSTEM32\o Infecté: Trojan-Downloader.BAT.Ftp.ab ignoré
C:\WINDOWS\SYSTEM32\oqlcsvpr.exe Infecté: Trojan-Proxy.Win32.Agent.l ignoré
C:\WINDOWS\SYSTEM32\fauzoohl.exe Infecté: Trojan-Proxy.Win32.Agent.l ignoré
C:\WINDOWS\SYSTEM32\dcom_12.dll Infecté: Trojan.Win32.Agent.nl ignoré
C:\WINDOWS\bbb.exe Infecté: Trojan-Downloader.Win32.Small.cg ignoré
C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\X0SRL1GX\upAYB[1].int Infecté: Trojan-Downloader.Win32.Swizzor.dv ignoré
C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\O56B4HYJ\upAYB[1].int Infecté: Trojan-Downloader.Win32.Swizzor.dv ignoré
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\backups\backup-20060122-170303-246.dll Infecté: Trojan-Downloader.Win32.Swizzor.bo ignoré
C:\Documents and Settings\Angélique\Application Data\Inside Time Play\show joy.exe Infecté: Trojan-Downloader.Win32.Swizzor.bo ignoré
C:\Documents and Settings\Angélique\Application Data\Inside Time Play\Soap enc.exe Infecté: Trojan-Downloader.Win32.Swizzor.bo ignoré
Analyse terminée.
lundi 30 janvier 2006 02:29:01
Système d'exploitation : Microsoft Windows XP Professional, (Build 2600)
Version de Kaspersky On-line Scanner: 5.0.78.0
Dernière mise à jour de la base antivirus Kaspersky : 29/01/2006
Enregistrements dans la base antivirus Kaspersky : 163203
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie. vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
Q:\
R:\
Statistiques de l'analyse
Total d'objets analysés : 91953
Nombre de virus trouvés 6
Nombre d'objets infectés 10
Nombre d'objets suspects 0
Durée de l'analyse 02:03:01
Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\SYSTEM32\o Infecté: Trojan-Downloader.BAT.Ftp.ab ignoré
C:\WINDOWS\SYSTEM32\oqlcsvpr.exe Infecté: Trojan-Proxy.Win32.Agent.l ignoré
C:\WINDOWS\SYSTEM32\fauzoohl.exe Infecté: Trojan-Proxy.Win32.Agent.l ignoré
C:\WINDOWS\SYSTEM32\dcom_12.dll Infecté: Trojan.Win32.Agent.nl ignoré
C:\WINDOWS\bbb.exe Infecté: Trojan-Downloader.Win32.Small.cg ignoré
C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\X0SRL1GX\upAYB[1].int Infecté: Trojan-Downloader.Win32.Swizzor.dv ignoré
C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\O56B4HYJ\upAYB[1].int Infecté: Trojan-Downloader.Win32.Swizzor.dv ignoré
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\backups\backup-20060122-170303-246.dll Infecté: Trojan-Downloader.Win32.Swizzor.bo ignoré
C:\Documents and Settings\Angélique\Application Data\Inside Time Play\show joy.exe Infecté: Trojan-Downloader.Win32.Swizzor.bo ignoré
C:\Documents and Settings\Angélique\Application Data\Inside Time Play\Soap enc.exe Infecté: Trojan-Downloader.Win32.Swizzor.bo ignoré
Analyse terminée.
Salut
Telecharge: Pocket Killbox ici:
http://www.killbox.net/downloads/KillBox.exe
ouvre le bloc note et copie et colle la liste des fichiers à supprimer ci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver facilement (sur le bureau par exemple).
1/ lance killbox.exe, clic sur Tools> Delete temp files> puis clic sur "delete selected temp files"
ensuite:
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer, clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot" puis clic sur "ALL FILES"
6/ Dans le menu du haut clic sur File, puis sur paste from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur OUI
Redemarre le pc et refais un scan av de contrôle.
Telecharge aussi lopxp ici:
http://pageperso.aol.fr/balltrap34/lopxp.zip
Dezippe le, lance le et poste le rapport
a+
Telecharge: Pocket Killbox ici:
http://www.killbox.net/downloads/KillBox.exe
ouvre le bloc note et copie et colle la liste des fichiers à supprimer ci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver facilement (sur le bureau par exemple).
C:\WINDOWS\bbb.exe C:\WINDOWS\mswinpad.exe C:\WINDOWS\win32ssr.exe C:\WINDOWS\System32\eraseme_25054.exe C:\WINDOWS\System32\TFTP244 C:\WINDOWS\SYSTEM32\o C:\WINDOWS\SYSTEM32\oqlcsvpr.exe C:\WINDOWS\System32\perfont.exe C:\WINDOWS\SYSTEM32\fauzoohl.exe C:\WINDOWS\SYSTEM32\dcom_12.dll
1/ lance killbox.exe, clic sur Tools> Delete temp files> puis clic sur "delete selected temp files"
ensuite:
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer, clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot" puis clic sur "ALL FILES"
6/ Dans le menu du haut clic sur File, puis sur paste from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur OUI
Redemarre le pc et refais un scan av de contrôle.
Telecharge aussi lopxp ici:
http://pageperso.aol.fr/balltrap34/lopxp.zip
Dezippe le, lance le et poste le rapport
a+
Salut, voila le lopxp, suivi du Hijack qui, a l'air propore :
Rapport fait à 19:01:20,56 le 31/01/2006
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Default User\Application Data
21/08/2002 12:03 62 desktop.ini
21/08/2002 12:03 <REP> Microsoft
21/08/2002 12:03 <REP> ..
21/08/2002 12:03 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\All Users\Application Data
05/05/2005 12:14 <REP> InstallShield
12/11/2004 19:54 <REP> AVG7
12/11/2004 19:53 <REP> Grisoft
02/06/2004 19:45 <REP> FaxCtr
05/05/2004 20:11 <REP> Spybot - Search & Destroy
14/12/2003 17:24 <REP> QuickTime
01/12/2003 21:26 <REP> nView_Profiles
21/08/2002 12:24 <REP> SYMANTEC
21/08/2002 12:03 62 desktop.ini
21/08/2002 12:03 <REP> Microsoft
21/08/2002 12:03 <REP> .
21/08/2002 12:03 <REP> ..
1 fichier(s) 62 octets
11 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Pharaoh\Application Data
21/08/2002 12:24 <REP> Microsoft
21/08/2002 12:24 <REP> ..
21/08/2002 12:24 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Papa\Application Data
16/01/2005 01:24 <REP> FUJIFILM
21/12/2004 11:15 <REP> Ahead
12/11/2004 23:31 <REP> AVG7
08/08/2004 11:20 <REP> FaxCtr
17/04/2004 10:50 <REP> Macromedia
30/07/2003 23:59 <REP> Real
28/01/2003 16:35 <REP> Help
24/08/2002 12:08 <REP> Identities
24/08/2002 12:08 62 desktop.ini
24/08/2002 12:08 <REP> ..
24/08/2002 12:08 <REP> .
24/08/2002 12:08 <REP> Microsoft
1 fichier(s) 62 octets
11 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Invit‚\Application Data
21/09/2002 14:57 <REP> Identities
21/09/2002 14:57 62 desktop.ini
21/09/2002 14:57 <REP> Microsoft
21/09/2002 14:57 <REP> ..
21/09/2002 14:57 <REP> .
1 fichier(s) 62 octets
4 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Pharaoh.X001530650\Application Data
22/01/2006 19:28 <REP> Lavasoft
16/12/2005 22:09 <REP> vlc
30/04/2005 14:30 <REP> Verbatim Software
12/11/2004 19:54 <REP> AVG7
30/07/2004 10:19 <REP> NeroVision
03/06/2004 12:34 <REP> FaxCtr
03/02/2004 20:43 <REP> Ahead
02/11/2003 17:15 <REP> Macromedia
29/07/2003 14:44 <REP> InstallShield Installation Information
27/07/2003 23:14 <REP> Real
07/12/2002 23:41 <REP> Help
02/11/2002 22:36 <REP> Identities
02/11/2002 22:35 62 desktop.ini
02/11/2002 22:35 <REP> ..
02/11/2002 22:35 <REP> .
02/11/2002 22:35 <REP> Microsoft
1 fichier(s) 62 octets
15 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Ang‚lique\Application Data
30/12/2005 16:10 150888 GDIPFONTCACHEV1.DAT
28/12/2005 09:59 <REP> Inside Time Play
22/12/2005 12:06 <REP> vlc
21/11/2004 09:34 <REP> AVG7
15/07/2004 11:54 <REP> FaxCtr
05/06/2004 10:25 <REP> Macromedia
14/09/2003 12:48 <REP> Help
13/09/2003 00:17 <REP> Real
23/12/2002 10:14 <REP> Identities
23/12/2002 10:14 62 desktop.ini
23/12/2002 10:14 <REP> Microsoft
23/12/2002 10:14 <REP> .
23/12/2002 10:14 <REP> ..
2 fichier(s) 150950 octets
11 R‚p(s) 1767866368 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\WINDOWS\TASKS
09/01/2006 19:59 278 A445D68591BA5135.job
09/01/2006 01:00 274 95BC814E93AB5392.job
01/06/2004 18:49 6 SA.DAT
21/08/2002 12:53 258 Rappel d'expiration de la d‚sinstallation.job
09/04/2002 20:50 384 Planificateur pour la collecte de donn‚es PCHealth.job
18/03/2002 18:26 414 Symantec NetDetect.job
01/01/1980 00:00 65 DESKTOP.INI
01/01/1980 00:00 <REP> ..
01/01/1980 00:00 <REP> .
01/01/1980 00:00 502 D‚marrage du programme de r‚glages.job
8 fichier(s) 2ÿ181 octets
2 R‚p(s) 1ÿ767ÿ866ÿ368 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport ****************
Logfile of HijackThis v1.99.1
Scan saved at 19:03:13, on 31/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Rapport fait à 19:01:20,56 le 31/01/2006
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Default User\Application Data
21/08/2002 12:03 62 desktop.ini
21/08/2002 12:03 <REP> Microsoft
21/08/2002 12:03 <REP> ..
21/08/2002 12:03 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\All Users\Application Data
05/05/2005 12:14 <REP> InstallShield
12/11/2004 19:54 <REP> AVG7
12/11/2004 19:53 <REP> Grisoft
02/06/2004 19:45 <REP> FaxCtr
05/05/2004 20:11 <REP> Spybot - Search & Destroy
14/12/2003 17:24 <REP> QuickTime
01/12/2003 21:26 <REP> nView_Profiles
21/08/2002 12:24 <REP> SYMANTEC
21/08/2002 12:03 62 desktop.ini
21/08/2002 12:03 <REP> Microsoft
21/08/2002 12:03 <REP> .
21/08/2002 12:03 <REP> ..
1 fichier(s) 62 octets
11 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Pharaoh\Application Data
21/08/2002 12:24 <REP> Microsoft
21/08/2002 12:24 <REP> ..
21/08/2002 12:24 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Papa\Application Data
16/01/2005 01:24 <REP> FUJIFILM
21/12/2004 11:15 <REP> Ahead
12/11/2004 23:31 <REP> AVG7
08/08/2004 11:20 <REP> FaxCtr
17/04/2004 10:50 <REP> Macromedia
30/07/2003 23:59 <REP> Real
28/01/2003 16:35 <REP> Help
24/08/2002 12:08 <REP> Identities
24/08/2002 12:08 62 desktop.ini
24/08/2002 12:08 <REP> ..
24/08/2002 12:08 <REP> .
24/08/2002 12:08 <REP> Microsoft
1 fichier(s) 62 octets
11 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Invit‚\Application Data
21/09/2002 14:57 <REP> Identities
21/09/2002 14:57 62 desktop.ini
21/09/2002 14:57 <REP> Microsoft
21/09/2002 14:57 <REP> ..
21/09/2002 14:57 <REP> .
1 fichier(s) 62 octets
4 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Pharaoh.X001530650\Application Data
22/01/2006 19:28 <REP> Lavasoft
16/12/2005 22:09 <REP> vlc
30/04/2005 14:30 <REP> Verbatim Software
12/11/2004 19:54 <REP> AVG7
30/07/2004 10:19 <REP> NeroVision
03/06/2004 12:34 <REP> FaxCtr
03/02/2004 20:43 <REP> Ahead
02/11/2003 17:15 <REP> Macromedia
29/07/2003 14:44 <REP> InstallShield Installation Information
27/07/2003 23:14 <REP> Real
07/12/2002 23:41 <REP> Help
02/11/2002 22:36 <REP> Identities
02/11/2002 22:35 62 desktop.ini
02/11/2002 22:35 <REP> ..
02/11/2002 22:35 <REP> .
02/11/2002 22:35 <REP> Microsoft
1 fichier(s) 62 octets
15 R‚p(s) 1767866368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\Documents and Settings\Ang‚lique\Application Data
30/12/2005 16:10 150888 GDIPFONTCACHEV1.DAT
28/12/2005 09:59 <REP> Inside Time Play
22/12/2005 12:06 <REP> vlc
21/11/2004 09:34 <REP> AVG7
15/07/2004 11:54 <REP> FaxCtr
05/06/2004 10:25 <REP> Macromedia
14/09/2003 12:48 <REP> Help
13/09/2003 00:17 <REP> Real
23/12/2002 10:14 <REP> Identities
23/12/2002 10:14 62 desktop.ini
23/12/2002 10:14 <REP> Microsoft
23/12/2002 10:14 <REP> .
23/12/2002 10:14 <REP> ..
2 fichier(s) 150950 octets
11 R‚p(s) 1767866368 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 111A-18EE
R‚pertoire de C:\WINDOWS\TASKS
09/01/2006 19:59 278 A445D68591BA5135.job
09/01/2006 01:00 274 95BC814E93AB5392.job
01/06/2004 18:49 6 SA.DAT
21/08/2002 12:53 258 Rappel d'expiration de la d‚sinstallation.job
09/04/2002 20:50 384 Planificateur pour la collecte de donn‚es PCHealth.job
18/03/2002 18:26 414 Symantec NetDetect.job
01/01/1980 00:00 65 DESKTOP.INI
01/01/1980 00:00 <REP> ..
01/01/1980 00:00 <REP> .
01/01/1980 00:00 502 D‚marrage du programme de r‚glages.job
8 fichier(s) 2ÿ181 octets
2 R‚p(s) 1ÿ767ÿ866ÿ368 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport ****************
Logfile of HijackThis v1.99.1
Scan saved at 19:03:13, on 31/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Salut Pharaoh
Il reste encore une bricole à supprimer.
Redemarre en mode sans echec.
Supprime ce dossier et tout ce qu'il contient:
C:\Documents and Settings\Angélique\Application Data\Inside Time Play
Ensuite va dans demarrer>executer et tape cdm
Dans la fenêtre qui s'ouvre tape ou copie et colle ceci:
Del %Windir%\Tasks\A445D68591BA5135.job
et valide avec la touche Entrée
refait pareil avec:
Del %Windir%\Tasks\95BC814E93AB5392.job
Redemarre le pc et refais un scan antivirus de contrôle.
a++
Il reste encore une bricole à supprimer.
Redemarre en mode sans echec.
Supprime ce dossier et tout ce qu'il contient:
C:\Documents and Settings\Angélique\Application Data\Inside Time Play
Ensuite va dans demarrer>executer et tape cdm
Dans la fenêtre qui s'ouvre tape ou copie et colle ceci:
Del %Windir%\Tasks\A445D68591BA5135.job
et valide avec la touche Entrée
refait pareil avec:
Del %Windir%\Tasks\95BC814E93AB5392.job
Redemarre le pc et refais un scan antivirus de contrôle.
a++
Arf... :/ chui allé dans le cmd, jais un copier/coller, il me donne un impossible de trouver C:\Windows\Tasks\A445....job pour les deux trucs...
Logfile of HijackThis v1.99.1
Scan saved at 23:35:02, on 31/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 23:35:02, on 31/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Pharaoh.X001530650\Bureau\PC Clean\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Pharaoh.X001530650\Menu Démarrer\Programmes\HP DeskJet Série 840C v2.1"
O9 - Extra button: Kangaroo - {06A18DC1-FE86-11d3-B9AF-0000B4C32B4D} - http://knowledge-assistant.com/webka/toolbar/tbie.asp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .goa: C:\Program Files\Internet Explorer\Plugins\nppmpax.dll
O12 - Plugin for .goac: C:\Program Files\Internet Explorer\Plugins\npchatg.dll
O12 - Plugin for .gob: C:\Program Files\Internet Explorer\\Plugins\nppmp2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
