Détruire clicker.fr - Hijackthis
arnaulito
Messages postés
2
Statut
Membre
-
Kristopher Messages postés 3752 Statut Contributeur -
Kristopher Messages postés 3752 Statut Contributeur -
Bonjour à tous,
Je pensais que ca n'arrivait qu'aux autres mais j'ai chopper un cheval de troie "clicker.fr" détecter par avg dans mon dossier system32.
En lisant qqs echanges sur le forum, j'ai installé hijackthis mais je suis incapable de savoir quels sont les fichiers à supprimer et la marche à suivre.
Quelqu'un peut il me sortir la tête de l'eau ?
voici le log :
Logfile of HijackThis v1.99.1
Scan saved at 11:26:26, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {10B1023E-443A-9A18-38E1-8017E32C870D} - qwe.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{0BAE695D-737A-4BDA-842B-0243BF8EAACA}.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{0BAE695D-737A-4BDA-842B-0243BF8EAACA}.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [init32] progmen.exe
O4 - HKLM\..\Run: [Shaitan1678] MSTCPDLL.exe
O4 - HKLM\..\Run: [bjhji.exe] C:\WINDOWS\system32\bjhji.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [backd] SysSupport.exe
O4 - HKCU\..\Run: [msag] ftbar.exe
O4 - HKCU\..\Run: [prgsys0984] 34763.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{99827E76-CF9F-4D2B-BE6D-E7877B6599DE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1FF77D1-957C-42BB-AA95-328612C0F9C4}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
merci à vous
Je pensais que ca n'arrivait qu'aux autres mais j'ai chopper un cheval de troie "clicker.fr" détecter par avg dans mon dossier system32.
En lisant qqs echanges sur le forum, j'ai installé hijackthis mais je suis incapable de savoir quels sont les fichiers à supprimer et la marche à suivre.
Quelqu'un peut il me sortir la tête de l'eau ?
voici le log :
Logfile of HijackThis v1.99.1
Scan saved at 11:26:26, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {10B1023E-443A-9A18-38E1-8017E32C870D} - qwe.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{0BAE695D-737A-4BDA-842B-0243BF8EAACA}.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{0BAE695D-737A-4BDA-842B-0243BF8EAACA}.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [init32] progmen.exe
O4 - HKLM\..\Run: [Shaitan1678] MSTCPDLL.exe
O4 - HKLM\..\Run: [bjhji.exe] C:\WINDOWS\system32\bjhji.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [backd] SysSupport.exe
O4 - HKCU\..\Run: [msag] ftbar.exe
O4 - HKCU\..\Run: [prgsys0984] 34763.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{99827E76-CF9F-4D2B-BE6D-E7877B6599DE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1FF77D1-957C-42BB-AA95-328612C0F9C4}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
merci à vous
A voir également:
- Détruire clicker.fr - Hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Comment détruire un virus informatique - Guide
- Hijackthis log analyzer - Forum Virus
- Rapport Hijackthis ✓ - Forum Virus
- Entraide Hijackthis ✓ - Forum Virus
2 réponses
Salut,
Tu es énormément infecté.
On va déjà réparer ton protocole internet.
Imprime ces instructions pour être tranquille :
Télécharge Fixwareout à partir d'un des deux sites sur ton bureau :
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lance le fix : clique sur "Next" -> "Install" et assure toi que "Run fixit" est activé puis clique sur "Finish".
Le fix va alors commencer - suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Quand ton système aura redémarré, suis les invites des messages. Ensuite, lance HijackThis, puis clique sur “Do a system scan only” et coche ces lignes puis clique sur "Fix checked":
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{99827E76-CF9F-4D2B-BE6D-E7877B6599DE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1FF77D1-957C-42BB-AA95-328612C0F9C4}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
À la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.
Au final, copie/colle le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis.
Courage, Kristopher
Tu es énormément infecté.
On va déjà réparer ton protocole internet.
Imprime ces instructions pour être tranquille :
Télécharge Fixwareout à partir d'un des deux sites sur ton bureau :
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lance le fix : clique sur "Next" -> "Install" et assure toi que "Run fixit" est activé puis clique sur "Finish".
Le fix va alors commencer - suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Quand ton système aura redémarré, suis les invites des messages. Ensuite, lance HijackThis, puis clique sur “Do a system scan only” et coche ces lignes puis clique sur "Fix checked":
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{99827E76-CF9F-4D2B-BE6D-E7877B6599DE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1FF77D1-957C-42BB-AA95-328612C0F9C4}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD7AF97-4A00-47C6-B4CB-42E0D2F2DCAE}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.20 85.255.112.81
À la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.
Au final, copie/colle le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis.
Courage, Kristopher
j'ai fais plusieurs passes du fix et du hijack mais le probleme demeure.
je vous joins les reports. si quelqu'un a une idée je suis preneur.
Merci pour votre aide
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01BE5DC46628-756A-EB24-559B-64341FF5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A870FBBA73CA-265A-AFE4-3334-A6CA0B16{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3EB23393D369-8D2B-8674-234F-D23668E4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1D0756496ED6-E298-EB74-3A76-A4EC33A8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}33CAFD014639-DE39-5344-8767-3F68573B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D188B401B58C-4668-1254-4284-BDC6D907{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\lrimd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmirl.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSCKP.EXE
* csr.exe C:\WINDOWS\System32\CSFXB.EXE
* csr.exe C:\WINDOWS\System32\CSJLG.EXE
* csr.exe C:\WINDOWS\System32\CSUYM.EXE
* csr.exe C:\WINDOWS\System32\CSYKD.EXE
»»»»» Misc files
* thequicklink C:\WINDOWS\System32\ZLFDZ.DLL
* thequicklink C:\WINDOWS\System32\{0BAE6~1.DLL
* thequicklink C:\WINDOWS\System32\{200B1~1.DLL
* thequicklink C:\WINDOWS\System32\{773E0~1.DLL
* thequicklink C:\WINDOWS\System32\{94878~1.DLL
* thequicklink C:\WINDOWS\System32\{FCC45~1.DLL
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSCKP.EXE 51 233 2006-07-15
C:\WINDOWS\SYSTEM32\CSFXB.EXE 51 256 2006-06-30
C:\WINDOWS\SYSTEM32\CSJLG.EXE 51 239 2006-07-15
C:\WINDOWS\SYSTEM32\CSUYM.EXE 51 214 2006-07-08
C:\WINDOWS\SYSTEM32\CSYKD.EXE 51 239 2006-07-15
C:\WINDOWS\SYSTEM32\DMIRL.EXE 62 027 2005-03-01
C:\WINDOWS\SYSTEM32\DMOGO.EXE 61 999 2005-03-01
C:\WINDOWS\SYSTEM32\DMVWA.EXE 44 055 2005-03-01
C:\WINDOWS\SYSTEM32\DMXME.EXE 62 027 2005-03-01
C:\WINDOWS\SYSTEM32\DMYHR.EXE 61 999 2005-03-01
Other suspects
Directory of C:\WINDOWS\system32
{200B1E68-5477-49A9-BD28-B4234D3E4ABA}.dll
{94878461-E825-4CEB-9BDB-248A66A42CDC}.dll
{773E003A-BC0C-40DF-B956-D591DCE2B019}.dll
{FCC459B5-DCA8-43CC-9530-E2C8FE1AB774}.dll
{0BAE695D-737A-4BDA-842B-0243BF8EAACA}.dll
{709D6CDB-4824-4521-8664-C85B104B881D}.exe
{B37586F3-7678-4435-93ED-936410DFAC33}.exe
{8A33CE4A-67A3-47BE-892E-6DE6946570D1}.exe
{4E86632D-F432-4768-B2D8-963D39332BE3}.exe
{61B0AC6A-4333-4EFA-A562-AC37ABBF078A}.exe
{51D1D085-114C-4732-B84A-955DD9D60922}.exe
{FDFA29BB-356A-42A5-8B54-62736D316AB7}.exe
{844585A4-BB3C-41AD-B4A7-FEE9D445E2D9}.exe
{367CBD49-9DE2-4C08-8C99-AD370EC7A026}.exe
{007695FD-9E98-4F24-8DF2-4D20CCD22C94}.exe
{C9B6B4A7-E15F-4BC2-8003-E311864C9884}.exe
{E7DD6F6E-E158-4950-A124-089F438E05C6}.exe
{2645664C-4C9E-43A7-824C-C245F0EA0B6D}.exe
{FF5AF74E-7129-473F-89F6-78376AFA45B9}.exe
{C3BDCA3B-4063-4A15-8FB2-8F428D5ED36F}.exe
{0FD0FDB9-202E-4808-887D-157859E5532D}.exe
{4E858DBA-9EEF-40C1-9E69-BE4ED0811D66}.exe
{6A2628A3-0C53-4422-B38C-6F08F0264181}.exe
{D405720D-499A-48F3-A7EC-B4D86B537748}.exe
{9D29FB81-7BF5-4C4C-9F9B-579FB5D17C44}.exe
{D7B96043-C2F9-4F4E-A2C5-BC72CFC4C556}.exe
{431B2D68-3AA4-43C2-8689-27D2552AA6BF}.exe
{4DD7C780-0F63-4927-91BB-5FFC40BBAC19}.exe
{CA2D02B3-3CA7-4166-A2F3-9C012E1C13E0}.exe
{95B5E0CA-CCF7-4176-90F3-8CC06B063BA2}.exe
{E30D9FD7-5090-4A47-BE74-ED09BCA7A914}.exe
{8D41DE8F-830C-4CF2-9043-C18050BD6271}.exe
{9CE21292-1797-4A1C-BCB7-DE5D7D6E5C0C}.exe
{597CED64-8DF8-495A-81BE-18EB7989C746}.exe
{952582C5-A14D-436C-87C3-5B54A0B867EF}.exe
{14A6B478-332F-4A13-A542-D0D53466B37E}.exe
{B3109A52-5894-42F9-B241-8644AF7F2EEB}.exe
{ABF1DADA-074E-4A40-9885-B185EDBF4631}.exe
{1ADDD6C3-D3AB-4A6B-A110-ED99D6E92DAD}.exe
{C55D6096-EE79-4507-8E36-93ABE5C4CB2A}.exe
{F33554AC-7D98-46F0-9EC5-062A444E6637}.exe
{A6EDB3B9-624E-43BF-BC1C-FB05986B530B}.exe
{EAFCB668-17DC-44AF-8B70-3AE1B6A2DAF3}.exe
{A5911A29-9B6F-44ED-B4FE-E80BE19CAC30}.exe
{5CBD8434-8308-4C83-864C-DB70202FC738}.exe
{F3E98996-D11C-438A-8188-F27D323EB6D3}.exe
{B4C7A066-3B28-4D82-B0F9-EFB2E0725CEA}.exe
{99E7AACF-781C-4615-BC1F-CE3ED4C54CD7}.exe
{E027F7A2-6B30-40C0-90C3-612D78C4DCD1}.exe
{79277BC5-AE68-4123-8F79-68EA5C2834E8}.exe
{7335D753-EF55-484B-BE95-85B89F6A7C95}.exe
{CF86312F-B7ED-4EE9-8146-3A816C5C46F2}.exe
{38A8B6C2-27F5-4AE3-A6EF-9DB60397F20A}.exe
{E9007640-1E96-406D-9331-E00437D2B52F}.exe
{7494B2D9-EA4E-4879-86CD-2113D7BDFEA7}.exe
{40D82430-1580-4CEB-9EDD-BBDF69FA3FC8}.exe
{C247177D-0F6D-4BEE-B742-3444EEE70783}.exe
{5F01559B-1DA8-4095-8B2D-40DD8CAD1F38}.exe
{461068DF-A1F8-4B5A-B06B-A441537999D3}.exe
{246C1701-3643-4547-9C6D-D6B168A37531}.exe
{03E9DFBF-8F8D-4D4C-82AF-C4AD3DB62BE0}.exe
{794523F9-2CBE-49BF-8689-73A103689708}.exe
{738B941E-C7F0-45EF-92D7-DE07073E9104}.exe
{EA3A528F-4C74-43B9-9D26-D1DCFB2B6692}.exe
{C9ED7B1F-6635-4A5B-812B-0F55668191D5}.exe
{48ECFDA6-D277-4D1B-B7A6-2A72ED30B2CF}.exe
{F43E75CA-0942-4350-899F-104D93F09E66}.exe
{7D4D19AF-6DE6-4D80-9758-4DD16FA22375}.exe
{F8F6E49D-E1F9-421C-A51F-4A1EE738EABE}.exe
{0D23473B-F797-4372-87F8-99A71BA46059}.exe
{DD1BDA33-7B87-4AC9-82E7-48A52AA79EAC}.exe
{0D097908-29AC-4D3E-A0B7-894DD8DBB705}.exe
{CCBB1AB0-D9B3-438F-B123-CA7192D90E84}.exe
{15FCC2A1-EC2C-4B57-A315-69CF4166606F}.exe
{CCAD701B-7DAD-4014-8A74-43524F128D8B}.exe
{E1318096-6D3C-406E-90CA-B7A17101BF2A}.exe
{2DBF2E20-8DC6-4BDB-901D-4E2A8DBA5244}.exe
{827B3612-CDC3-4AC8-9FCD-9E3494371617}.exe
{549F6911-EB26-41DD-A270-91828648BFE3}.exe
{9114E177-650F-42F7-8D23-A8293D5B0A12}.exe
{2BDC9213-AD06-4EF9-A4BF-819818D6EC42}.exe
{1F3D2298-C4CA-444A-8B98-6281C3259DA8}.exe
{70575F73-3E87-460E-851F-C25882835085}.exe
{5014BE20-169C-43B8-8151-9CD15AD5CAF8}.exe
{3A18043F-A71F-4E39-AF57-07C208A3390F}.exe
{9C5B6201-FD78-48B0-B8A1-CB8F16E3149D}.exe
{BAF01EF9-9522-4688-B8A4-4D1716456523}.exe
{293CB74D-ED1A-434D-AA06-83F75443B3F2}.exe
{737ADDAD-66DF-4A37-9303-220F530BCC65}.exe
{D7634143-C6FA-4542-B3B0-0B2361EFB8B1}.exe
{ACC1A79D-C25D-4418-B51E-437B38801EED}.exe
{9042C4A4-F37C-4D2F-B0CA-13C8772C4849}.exe
{BBBAC3F4-3854-4AAD-87F0-055DAA4809D6}.exe
{E13538DB-A865-40FE-8FFB-1EC399E42EF3}.exe
{6292CD7D-4F93-4401-A641-6937AC8668B6}.exe
{58C0E5AF-1410-4099-BAA2-CDB5418747FA}.exe
{C2B2D802-11A7-4E9D-8BE4-AABB40C8AA13}.exe
{E14FE7B2-06C4-4B08-85EE-D88142C2EA6C}.exe
{DAC50F8A-6B03-4984-B0A7-A8AC918DE345}.exe
{3BEDAF1F-0341-41F9-A554-B9AC2247A812}.exe
{5F7A18A0-545C-48E2-AC15-7F7CFE242B1F}.exe
{838F4A84-B931-4622-AA70-3A89C51BCFA2}.exe
{F88B7929-2489-4D4E-B3CC-C1BFD31FD711}.exe
{3A066FCF-E2D2-4B4C-8502-4288D69363C8}.exe
{5E4059B2-3BED-46C9-A4DB-7CACE2C256ED}.exe
{823ADF93-7B51-44A0-B609-124EED92BC50}.exe
{263D1EB8-1E12-45FE-9BDD-3FAC36F0AC2C}.exe
{B102A067-5FB8-4641-9129-80B904F095CF}.exe
{718FC9AD-3635-43CC-AC17-12E632826824}.exe
{B745730C-E49D-47BC-AE7C-9EF6EF2DBF94}.exe
{794D0747-DEAC-4B26-93B6-B600C94C9FD2}.exe
{F192D32E-1C84-47AD-A7E3-E7004235980A}.exe
{DA5ACB50-CCB2-4045-A6EA-E2590784D7B5}.exe
{0652521C-4C92-448D-9C44-FEC19F5CD789}.exe
{0C4CE8ED-6A64-44A9-8E5E-FD7B04C6809D}.exe
{CE62826B-708E-4D95-B1B1-3BE3DB4314F2}.exe
{8B376FB3-F297-4DD9-AAE6-56DD20708BA4}.exe
{05832585-ACDF-42D5-BEFA-8797F17C8544}.exe
{1B82D4B1-14CF-4D4F-9288-813B7A2C9894}.exe
{222A638B-3BF7-45B2-939A-A2D905ADE5F8}.exe
{903FC077-E9FA-421E-BE97-8238EE703BC1}.exe
{916F1A9B-AD2D-495E-86B4-08E4E4A4E59C}.exe
{2DCEB567-E557-42A3-901E-FE302685B991}.exe
{09ECC794-B7B1-415B-BED0-AF320167D76E}.exe
{BC2EC128-2B88-4E4E-9580-0F9FA3452F45}.exe
{7F430425-CE52-4329-8835-F777CA693AEB}.exe
{FD2E21F8-C2DC-41FC-A5AF-47152A17B217}.exe
{6678CEF7-64BF-4CE1-8626-0D68DA21C45E}.exe
{BD19FBDE-A390-46A7-8AAA-471EBEF99F98}.exe
{FC9C7AC7-EBB2-4334-BCBD-DAEB706A2E35}.exe
{CDB573C1-B599-4A9C-9B31-C9EE8C104370}.exe
{CBF69883-F62F-46A6-ABA5-10B276486A1A}.exe
{DD681ED4-12E5-4B01-804A-D5EF09B59C15}.exe
Rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 14:42:54, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {10B1023E-443A-9A18-38E1-8017E32C870D} - qwe.dll (file missing)
R3 - URLSearchHook: (no name) - {1F4DA08D-7C05-8B8B-8F3E-556AB58835AB} - systemdll.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [init32] progmen.exe
O4 - HKLM\..\Run: [Shaitan1678] MSTCPDLL.exe
O4 - HKLM\..\Run: [MON76234] gabber.exe
O4 - HKLM\..\Run: [clamav] InpriseMon.exe
O4 - HKLM\..\Run: [akeir.exe] C:\WINDOWS\system32\akeir.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [backd] SysSupport.exe
O4 - HKCU\..\Run: [msag] ftbar.exe
O4 - HKCU\..\Run: [prgsys0984] 34763.exe
O4 - HKCU\..\Run: [InpriseMon] jopplerg.exe
O4 - HKCU\..\Run: [systemdll] Preliminary.exe
O4 - HKCU\..\Run: [jopplerg] prcmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe