Win32.adware-gen

Patrice -
Patrice - 16 janv. 2006 à 21:00

Bonjour,

Je viens également de découvrir, via Avast que je suis infecté par "win32.adware-gen".

Ayant parcourru le forum, j'ai vu que +sieurs messages en traitaient déjà mais qu'il valait mieux poster son propre message, ce que je fais.

Je suis sous XP et Avast à trouvé pour le moment ces 2 fichiers infectés et placés en quarantaine :

- A0002423.exe dans : C:\System Volume Information\-restore{2B12FACB-0235-45B2-B29E-125F408969}\RP50;

- Uninstall.exe dans : C:\Program Files\ShopperReports

Merci aussi de me dire quelles sont les conséquences de "win32.adware-gen".
De +, je ne suis pas sûr que ShopperReports soit sain. (???) Qu'est-ce que c'est ?

J'ai aussi fais un Hijackthis et voilà le rapport (perso, je n'y comprends pas grand chose).

Logfile of HijackThis v1.99.1
Scan saved at 14:27:52, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Patrice\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=040c&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=040c&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=040c&s=search&ap=b204
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\MINITEL\Watch.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117795191545
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E143A3C-9205-44DB-9EFA-AD1FF59D8355}: NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Prevx Update Service (UpdaterPrevx) - Prevx - C:\Documents and Settings\All Users\Application Data\Prevx\PXSetup.exe

Merci de votre aide.

Patrice.

Afficher la suite

A voir également:

Win32.adware-gen
Adware cleaner - Télécharger - Antivirus & Antimalwares
Adware - Guide
Win32:pup-gen ✓ - Forum Virus
Win32:malware-gen - Forum Virus
Puadimanager win32/offercore ✓ - Forum Virus

3 réponses

Réponse 1 / 3

Kristopher Messages postés 3752 Statut Contributeur 106

Salut,

- A0002423.exe dans : C:\System Volume Information\-restore{2B12FACB-0235-45B2-B29E-125F408969}\RP50;

Pour éliminer ceci :
Clique droit sur Poste de travail, Propriétés, onglet Restauration du système, tu coches Désactiver la Restauration du système sur tous les lecteurs, Appliquer, Oui.
Ensuite, tu décoches Désactiver la Restauration du système sur tous les lecteurs, Appliquer, OK.

- Uninstall.exe dans : C:\Program Files\ShopperReports

Désinstalle via Ajout/suppression des programmes du panneau de configuration, le programme suivant (si tu le trouve) :
ShopperReports

- Supprime le fichier en gras :
C:\Program Files\ShopperReports

- Relance un scan HijackThis et coche les lignes ci-dessous :
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)

-> Télécharge CounterSpy sur :

http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31393.html

- Mets le programme à jour, scannes en mode Full System (par défaut) et supprime ce qu'il trouve (+ vide la quarantaine si il y a des fichiers).

- Ensuite, tu vas dans System Tools -> My PC Checkup -> Start -> Tu sélectionnes tout -> Continue (ça équivaut à la vaccination de Spybot mais en + balaise).

Bonne chance.

++

Patrice

Merci Kristopher!

Je suis tes recommandations et te tiens informé.

Est-ce que je dois faire "Fix Checked" après avoir relancé un scan HijackThis et coché :
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)

@ +,

Patrice.

Réponse 2 / 3

ben13010 Messages postés 3369 Statut Contributeur 387

salut

supprime tous le dossier shopper c'est un spyware

http://www.scanspyware.net/info/ShopperReports.htm

ensuite pour le spy trouve dans A0002423.exe dans : C:\System Volume Information\-restore{2B12FACB-0235-45B2-B29E-125F408969}\RP50;

il est inactif tans que tu ne fais pas de restauration systeme

Réponse 3 / 3

Kristopher Messages postés 3752 Statut Contributeur 106

Bonjour Patrice,

Est-ce que je dois faire "Fix Checked" après avoir relancé un scan HijackThis et coché...
Oui bien sûr :)

Fais toutes les manip. du poste < 1 > et remet un log HijackThis.

Bon courage.

++

Patrice

Kristopher,

Je viens de finir le scan de Counterspy qui est prêt à supprimer les spywares trouvés. Par contre, avant de ne les supprimer il voulait faire une restauration du système (qui avait été désactivée).

Dois-je continuer ou restaurer auparavant ? Dois-je refaire un point de restauration du système ensuite?

Merci de ta réponse.

Je te poste le rapport Hijackthis ensuite.

@ +

Patrice

Au cas où Kristopher ne serait plus là, quelqu'un du site pourrait-il répondre à ma dernière question afin que je puisses continuer le processus engagé ?

Merci à tous & à toutes.

Kristopher Messages postés 3752 Statut Contributeur 106

Salut,

Copie/colle le rapport de CounterSpy stp.

++

Patrice > Kristopher Messages postés 3752 Statut Contributeur

Slaut Kristopher,

Ne sachant pas si tu étais encore là ou non, j'ai lancé les actions de CounterSpy sans avoir refait une Restauration du Système.

Voici le rapport de counterSpy :

Spyware Scan Details
Start Date: 16/01/2006 17:04:36
End Date: 16/01/2006 17:39:09
Total Time: 34 mins 33 secs

Detected spyware

Hotbar Adware more information...
Details: Hotbar is promoted as an application that adds graphical skins to Internet Explorer toolbars and outlook/ Outlook Express, and also adds its own toolbar. It monitors all URLs you visit to add link buttons to its toolbar dependent on the site you are
Status: Quarantined

Infected files detected
c:\documents and settings\patrice\application data\shopperreports\shprrprt.log
c:\documents and settings\patrice\application data\shopperreports\shprrprt_1134569227.log
c:\documents and settings\patrice\application data\shopperreports\cs\config.xml
c:\documents and settings\patrice\application data\shopperreports\cs\db\aliases.dbs
c:\documents and settings\patrice\application data\shopperreports\cs\db\sites.dbs
c:\documents and settings\patrice\application data\shopperreports\cs\dwld\whitelist.xip
c:\documents and settings\patrice\application data\shopperreports\cs\persist.dbs
c:\documents and settings\patrice\application data\shopperreports\cs\report\ag_shopperreports.xml
c:\documents and settings\patrice\application data\shopperreports\cs\report\ag_shopperreports.xml.db
c:\documents and settings\patrice\application data\shopperreports\cs\report\send_shopperreports.xml
c:\documents and settings\patrice\application data\shopperreports\cs\report\send_shopperreports.xml.db
c:\documents and settings\patrice\application data\shopperreports\cs\res2\whitelist.dbs

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19}\InprocServer32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19}\InprocServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19}\ProgID RprtsPSClient.PSExecuter.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19}\TypeLib {B5901229-25CC-43C9-B604-3BB6AC2B48A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19}\VersionIndependentProgID RprtsPSClient.PSExecuter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19} RprtsPSExecuter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}\InprocServer32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}\ProgID ShprRprts.HbAx.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}\ToolboxBitmap32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll, 102
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}\VersionIndependentProgID ShprRprts.HbAx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD} HbAx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\InprocServer32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\InprocServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\ProgID ShprRprts.HbInfoBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\VersionIndependentProgID ShprRprts.HbInfoBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} ShopperReports – Price Comparison
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0}\InprocServer32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0}\ProgID ShprRprts.IEButtonA.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0}\VersionIndependentProgID ShprRprts.IEButtonA
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0} IEButtonA
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}\InprocServer32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}\ProgID ShprRprts.IEButton.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}\TypeLib {CA295D63-514A-4ed0-9B5F-640890F2366B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}\VersionIndependentProgID ShprRprts.IEButton
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC} IEButton
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169} Default Visible Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169} ButtonText ShopperReports - Compare product prices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169} HotIcon C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll,204
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169} Icon C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll,203
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169} CLSID {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169} ClsidExtension {580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\ProgID ShprRprts.HbCommBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\VersionIndependentProgID ShprRprts.HbCommBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} ShopperReports – Price Comparison
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395}\TypeLib {C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395} IHbIEPane
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}\TypeLib {C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159} IRegisterableObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}\TypeLib {C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} IBrwsAdapter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} Default Visible Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} ButtonText ShopperReports - Compare travel rates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} HotIcon C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll,202
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} Icon C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll,201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} CLSID {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} ClsidExtension {454b4812-e572-4703-a1bb-63490809eac0}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} ShopperReports – Price Comparison
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1\CLSID {0774F696-D801-4C18-81A7-A3A32B8BEF19}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1 RprtsPSExecuter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RprtsPSClient.PSExecuter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CLSID {0774F696-D801-4C18-81A7-A3A32B8BEF19}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CurVer RprtsPSClient.PSExecuter.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RprtsPSClient.PSExecuter RprtsPSExecuter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbAx.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbAx.1\CLSID {1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbAx.1 HbAx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbAx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbAx\CLSID {1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbAx\CurVer ShprRprts.HbAx.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbAx HbAx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbCommBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbCommBand.1\CLSID {A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbCommBand.1 ShopperReports – Price Comparison
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbCommBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbCommBand\CLSID {A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbCommBand\CurVer ShprRprts.HbCommBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbCommBand ShopperReports – Price Comparison
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbInfoBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbInfoBand.1\CLSID {2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbInfoBand.1 ShopperReports – Price Comparison
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbInfoBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbInfoBand\CLSID {2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbInfoBand\CurVer ShprRprts.HbInfoBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.HbInfoBand ShopperReports – Price Comparison
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButton.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButton.1\CLSID {580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButton.1 IEButton
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButton
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButton\CLSID {580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButton\CurVer ShprRprts.IEButton.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButton IEButton
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButtonA.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButtonA.1\CLSID {454B4812-E572-4703-A1BB-63490809EAC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButtonA.1 IEButtonA
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButtonA
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButtonA\CLSID {454B4812-E572-4703-A1BB-63490809EAC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButtonA\CurVer ShprRprts.IEButtonA.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.IEButtonA IEButtonA
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1\CLSID {2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1 ShprRprts
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.SmrtShprCtl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CLSID {2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CurVer ShprRprts.SmrtShprCtl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShprRprts.SmrtShprCtl ShprRprts
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2}\1.0\0\win32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2}\1.0\HELPDIR C:\Program Files\ShopperReports\Bin\1.0.8.0\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2}\1.0 SmrtShpr 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2}\1.0\0\win32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5}\1.0\0\win32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll\3
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5}\1.0\HELPDIR C:\Program Files\ShopperReports\Bin\1.0.8.0\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5}\1.0 PSClient 1.0 Type Library
HKEY_CURRENT_USER\Software\ShopperReports
HKEY_CURRENT_USER\Software\ShopperReports\ShopperReports\PostInstaller UID FF818416FF28744D92C0A923A9C64EE6243EAAD9
HKEY_CURRENT_USER\Software\ShopperReports\ShopperReports\PostInstaller instlr_idFlag 1
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA} IHbSkinsManager
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF} IHbStats
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87} IDynamicProp
HKEY_CLASSES_ROOT\Interface\{5D9C84E7-FA45-49E2-A0B8-B6B5E9A4F6BE}
HKEY_CLASSES_ROOT\Interface\{5D9C84E7-FA45-49E2-A0B8-B6B5E9A4F6BE}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5D9C84E7-FA45-49E2-A0B8-B6B5E9A4F6BE}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5D9C84E7-FA45-49E2-A0B8-B6B5E9A4F6BE}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_CLASSES_ROOT\Interface\{5D9C84E7-FA45-49E2-A0B8-B6B5E9A4F6BE}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{5D9C84E7-FA45-49E2-A0B8-B6B5E9A4F6BE} IHbAx
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\TypeLib {C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} IRgstrblCntnr
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464} IHbLicense
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD} IHbLfg2
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404} IHbMapiAddrBook
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226} IHbHttpClient
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B} IHbXip
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\0\win32 C:\Program Files\HbTools\Bin\4.6.2.0\HbtCoreSrv.dll
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\HELPDIR C:\Program Files\HbTools\Bin\4.6.2.0\
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0 HbCoreSrv 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}
HKEY_CLASSES_ROOT\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}\1.0\0\win32 C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll\4
HKEY_CLASSES_ROOT\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}\1.0\HELPDIR C:\Program Files\ShopperReports\Bin\1.0.8.0\
HKEY_CLASSES_ROOT\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}\1.0 HbExternalLib
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools\HbTools\PI\3.2 PID00
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools\Hotbar\Install StartInstall 36456703
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} Hotbar Information Window
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller instcklm/instdata/affid 0
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller instcklm/instdata/bannerid 24095933017022
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller instcklm/instdata/directInstall False
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller instcklm/instdata/iid d39213fea92b4bb8bd03d052a8c72285C189B2D6
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller instcklm/instdata/instPartner hbtools
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller instcklm/instdata/requestor Banner
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller instcklm/instdata/sp2user True
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller CID 15D24E001005F344B9888CEBDB2C03E67D554571
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports\ShopperReports\PostInstaller cntry_flag 1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {E77EDA01-3C56-4a96-8D08-02B42891C169}

Trojan.KillReg Trojan more information...
Status: Quarantined

Infected files detected
C:\WINDOWS\autoclk.exe

247RealMedia.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@247realmedia[1].txt

ATDMT.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@atdmt[2].txt

Bluestreak.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@bluestreak[1].txt

CGI-Bin Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@cgi-bin[2].txt

DoubleClick Cookie more information...
Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising.
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@doubleclick[1].txt

Hitbox.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@hitbox[1].txt

Cok.AssasinTrojan2.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@statcounter[1].txt

Radar Spy 1.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@tradedoubler[1].txt
c:\documents and settings\patrice\cookies\patrice@yourmedia[1].txt

ValueClick.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@valueclick[1].txt

Weborama Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@weborama[2].txt

Ajan 1.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\patrice\cookies\patrice@xiti[1].txt

Je re-lance Hjt.

A +

Patrice > Kristopher Messages postés 3752 Statut Contributeur

Ci-joint le dernier rapport de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 18:46:54, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Patrice\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\MINITEL\Watch.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117795191545
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E143A3C-9205-44DB-9EFA-AD1FF59D8355}: NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Prevx Update Service (UpdaterPrevx) - Prevx - C:\Documents and Settings\All Users\Application Data\Prevx\PXSetup.exe

Dans l'attente de savoir si cela va mieux ou s'il y a encore des choses anormales sur mon PC.

A +,

Patrice.

Discussions similaires

win32:malware-gen bloqué par avast

Win32:Adware-gen [Adw]

Problème avec "PUADIManager:Win32/OfferCore

Que fait le virus LPI Win32 Pup-Gen

Win64 malware gen

Win32.adware-gen

3 réponses

Votre réponse

Discussions similaires

Newsletters