Virus adware et cheval de troie
ReD-1
Messages postés
15
Statut
Membre
-
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Je refais un tour sur ce forum parce que mon pc refais des siennes,
7 ou 8 alertes d'infection de virus ou de cheval de troie apparaissent toutes les 10 minutes, j'aurais aimé savoir ce qu'il se passe..
je laisse le rapport Hijackthis! que je viens de générer à l'instant.
Merci d'avance.
ReD-OnE
Logfile of HijackThis v1.99.1
Scan saved at 05:30:23, on 11/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presa...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VRSRun] "C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
O4 - HKLM\..\Run: [feddi.exe] C:\WINDOWS\system32\feddi.exe
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{17034D0E-6DBF-48D9-884A-166FBF49B6F6}: NameServer = 85.255.114.39,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{3878FC13-D0CB-4D30-92D1-D4275A8FB012}: NameServer = 85.255.114.39,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{488C716E-0C06-47A0-8AA7-B5A8384177F8}: NameServer = 85.255.114.39 85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BB635A-1DBB-449E-8748-E88313BE3107}: NameServer = 85.255.114.39,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.39 85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{17034D0E-6DBF-48D9-884A-166FBF49B6F6}: NameServer = 85.255.114.39,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.39 85.255.112.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
Je refais un tour sur ce forum parce que mon pc refais des siennes,
7 ou 8 alertes d'infection de virus ou de cheval de troie apparaissent toutes les 10 minutes, j'aurais aimé savoir ce qu'il se passe..
je laisse le rapport Hijackthis! que je viens de générer à l'instant.
Merci d'avance.
ReD-OnE
Logfile of HijackThis v1.99.1
Scan saved at 05:30:23, on 11/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presa...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VRSRun] "C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
O4 - HKLM\..\Run: [feddi.exe] C:\WINDOWS\system32\feddi.exe
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{17034D0E-6DBF-48D9-884A-166FBF49B6F6}: NameServer = 85.255.114.39,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{3878FC13-D0CB-4D30-92D1-D4275A8FB012}: NameServer = 85.255.114.39,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{488C716E-0C06-47A0-8AA7-B5A8384177F8}: NameServer = 85.255.114.39 85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BB635A-1DBB-449E-8748-E88313BE3107}: NameServer = 85.255.114.39,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.39 85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{17034D0E-6DBF-48D9-884A-166FBF49B6F6}: NameServer = 85.255.114.39,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.39 85.255.112.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
A voir également:
- Virus adware et cheval de troie
- Adware cleaner - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Adware - Guide
26 réponses
Re Regis,
J'ai deja du faire face a quelques probleme au cours des différentes manip :
Tu m'as demandé de fixé et coché des casses sur hijackthis 2 fois, je l'ai bien fait en mode normal, mais en mode sans échac je ne retrouve plus ces fameuses cases..
Toujours en mode sans échac je ne retrouve plus le dossier BFU pour lancer BRuTe uninstaller je l'ai donc fait en redémarrant normalement.
ensuite dans le bfu.exe, je clique bien sur execute pour que le fix fasse son boulot, mais ça n'arrive pas jusqu'a 100ù ça se bloque au niveau du 95 %.
Je coule un peuaprès ces différents problemes lol
J'ai deja du faire face a quelques probleme au cours des différentes manip :
Tu m'as demandé de fixé et coché des casses sur hijackthis 2 fois, je l'ai bien fait en mode normal, mais en mode sans échac je ne retrouve plus ces fameuses cases..
Toujours en mode sans échac je ne retrouve plus le dossier BFU pour lancer BRuTe uninstaller je l'ai donc fait en redémarrant normalement.
ensuite dans le bfu.exe, je clique bien sur execute pour que le fix fasse son boulot, mais ça n'arrive pas jusqu'a 100ù ça se bloque au niveau du 95 %.
Je coule un peuaprès ces différents problemes lol
Re,
Tu as bien fait de me donner ces details, merci Beaucoup.
Peux tu me redonner un Hijackthis, silent runner, blacklight stp
Je te donnerais une manip a proceder.
A+
Tu as bien fait de me donner ces details, merci Beaucoup.
Peux tu me redonner un Hijackthis, silent runner, blacklight stp
Je te donnerais une manip a proceder.
A+
Bonsoir !!
Voici les rapports :
silent runners :
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"neufbox_reminder" = ""C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r" ["neuf telecom"]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"SiS Windows KeyHook" = "C:\WINDOWS\system32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"Reminder" = ""C:\Windows\Creator\Remind_XP.exe"" ["SoftThinks"]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"VRSRun" = ""C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon" [null data]
"dmgnl.exe" = "C:\WINDOWS\system32\dmgnl.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "c:\Program Files\Sonic RecordNow!\shlext.dll" [null data]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csppy.exe" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]
Startup items in "Compaq_Propriétaire" & "All Users" startup folders:
---------------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Connexion facile à Internet" -> launches: "C:\Program Files\Easy Internet signup\HPSdpApp.exe /remind" ["Hewlett-Packard"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 2 lines
HOSTS file
----------
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 1 domain name to an IP address,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe"" ["Sunbelt Software"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt10\Driver = "hpzlnt10.dll" ["HP"]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 61 seconds, including 3 seconds for message boxes)
L'hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 22:16:15, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NCH Swift Sound\VRS\vrs.exe
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\mIRC\mirc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presa...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VRSRun] "C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{488C716E-0C06-47A0-8AA7-B5A8384177F8}: NameServer = 85.255.114.39 85.255.112.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
et enfin le blacklinght :
07/13/06 22:16:53 [Info]: BlackLight Engine 1.0.42 initialized
07/13/06 22:16:53 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/13/06 22:16:54 [Note]: 7019 4
07/13/06 22:16:54 [Note]: 7005 0
07/13/06 22:16:56 [Note]: 7006 0
07/13/06 22:16:56 [Note]: 7011 1772
07/13/06 22:16:56 [Note]: 7026 0
07/13/06 22:16:56 [Note]: 7026 0
07/13/06 22:17:04 [Note]: FSRAW library version 1.7.1019
07/13/06 22:19:26 [Info]: Hidden file: c:\WINDOWS\system32\csppy.exe
07/13/06 22:19:26 [Note]: 7002 32
07/13/06 22:19:26 [Note]: 7003 1
07/13/06 22:19:26 [Note]: 10002 1
07/13/06 22:19:33 [Info]: Hidden file: c:\WINDOWS\system32\dmgnl.exe
07/13/06 22:19:33 [Note]: 7002 32
07/13/06 22:19:33 [Note]: 7003 1
07/13/06 22:19:33 [Note]: 10002 1
07/13/06 22:19:34 [Info]: Hidden file: c:\WINDOWS\system32\{B395F5B2-25E0-4120-A6DF-B7DC4B34C732}.exe
07/13/06 22:19:34 [Note]: 10002 1
07/13/06 22:19:35 [Info]: Hidden file: c:\WINDOWS\system32\{3DC88C62-1697-48A5-B01B-D3F02ECF28DF}.exe
07/13/06 22:19:35 [Note]: 10002 1
07/13/06 22:19:35 [Info]: Hidden file: c:\WINDOWS\system32\{3E124577-283E-4241-9594-042E98FF1F20}.exe
07/13/06 22:19:35 [Note]: 10002 1
07/13/06 22:19:36 [Info]: Hidden file: c:\WINDOWS\system32\{3E52A9B0-9A4A-446C-A020-60B59E9B5FD7}.exe
07/13/06 22:19:36 [Note]: 10002 1
07/13/06 22:19:36 [Info]: Hidden file: c:\WINDOWS\system32\{40243105-7CDE-4536-A5AE-6B035BDCDB85}.exe
07/13/06 22:19:36 [Note]: 10002 1
07/13/06 22:19:36 [Info]: Hidden file: c:\WINDOWS\system32\{44F845AD-6F24-4A07-8F79-28266DD6539F}.exe
07/13/06 22:19:36 [Note]: 10002 1
07/13/06 22:19:36 [Info]: Hidden file: c:\WINDOWS\system32\{CC6EFF92-2381-47CF-993E-4291496FBBA5}.exe
07/13/06 22:19:36 [Note]: 10002 1
07/13/06 22:19:37 [Info]: Hidden file: c:\WINDOWS\system32\{D1D2DF02-DFEA-4DCF-9995-A47576F83A24}.exe
07/13/06 22:19:37 [Note]: 10002 1
07/13/06 22:19:37 [Info]: Hidden file: c:\WINDOWS\system32\{D465D9DA-9012-49E8-ACD4-DB5ED0BC0F48}.exe
07/13/06 22:19:37 [Note]: 10002 1
07/13/06 22:19:37 [Info]: Hidden file: c:\WINDOWS\system32\{8E6613D0-E0A2-4F22-A398-3B54FA4A3843}.exe
07/13/06 22:19:37 [Note]: 10002 1
07/13/06 22:19:38 [Info]: Hidden file: c:\WINDOWS\system32\{953C92E9-70D3-4FD2-9B12-0E500AEF39C2}.exe
07/13/06 22:19:38 [Note]: 10002 1
07/13/06 22:19:38 [Info]: Hidden file: c:\WINDOWS\system32\{95854D71-26D7-43A1-84EE-FBA96B51B96A}.exe
07/13/06 22:19:38 [Note]: 10002 1
07/13/06 22:19:38 [Info]: Hidden file: c:\WINDOWS\system32\{97B1BD8D-CE07-4E46-9878-22CB13D42F17}.exe
07/13/06 22:19:38 [Note]: 10002 1
07/13/06 22:19:39 [Info]: Hidden file: c:\WINDOWS\system32\{98CB0F62-9738-4E47-A845-6865A8954173}.exe
07/13/06 22:19:39 [Note]: 10002 1
07/13/06 22:19:39 [Info]: Hidden file: c:\WINDOWS\system32\{211CF0DD-34CC-4B98-98E2-D39CB3ADFE86}.exe
07/13/06 22:19:39 [Note]: 10002 1
07/13/06 22:19:39 [Info]: Hidden file: c:\WINDOWS\system32\{2844F3FA-E8AF-4030-A50F-E62F63202987}.exe
07/13/06 22:19:39 [Note]: 10002 1
07/13/06 22:19:39 [Info]: Hidden file: c:\WINDOWS\system32\{28C1CE15-2B5E-45EF-BD88-07EB42BEEA06}.exe
07/13/06 22:19:39 [Note]: 10002 1
07/13/06 22:19:40 [Info]: Hidden file: c:\WINDOWS\system32\{DD057DF5-2858-44E3-83F4-D65A9BA58D9A}.exe
07/13/06 22:19:40 [Note]: 10002 1
07/13/06 22:19:40 [Info]: Hidden file: c:\WINDOWS\system32\{307FF709-5059-4E0B-A01B-B78441CB84B4}.exe
07/13/06 22:19:40 [Note]: 10002 1
07/13/06 22:19:40 [Info]: Hidden file: c:\WINDOWS\system32\{3185C347-D8F5-4536-8271-4E565716C7C0}.exe
07/13/06 22:19:40 [Note]: 10002 1
07/13/06 22:19:41 [Info]: Hidden file: c:\WINDOWS\system32\{32DBC3FE-988F-4979-9BEF-7C93CBC20BC2}.exe
07/13/06 22:19:41 [Note]: 10002 1
07/13/06 22:19:41 [Info]: Hidden file: c:\WINDOWS\system32\{7A7C360E-934E-4BA8-8803-46035E90C678}.exe
07/13/06 22:19:41 [Note]: 10002 1
07/13/06 22:19:41 [Info]: Hidden file: c:\WINDOWS\system32\{7AE7B399-9BC9-462C-B79B-F24C773A229D}.exe
07/13/06 22:19:41 [Note]: 10002 1
07/13/06 22:19:42 [Info]: Hidden file: c:\WINDOWS\system32\{7F44E57A-2DB0-4B01-8FC0-43AE8A988648}.exe
07/13/06 22:19:42 [Note]: 10002 1
07/13/06 22:19:42 [Info]: Hidden file: c:\WINDOWS\system32\{81313BBB-8D41-4545-B394-0F9BD449F1A2}.exe
07/13/06 22:19:42 [Note]: 10002 1
07/13/06 22:19:42 [Info]: Hidden file: c:\WINDOWS\system32\{A35EB8EB-1AEA-4E0D-A8C6-3A98F3B1E744}.exe
07/13/06 22:19:42 [Note]: 10002 1
07/13/06 22:19:43 [Info]: Hidden file: c:\WINDOWS\system32\{AE32E49A-F598-4952-B9D9-A352F67654E2}.exe
07/13/06 22:19:43 [Note]: 10002 1
07/13/06 22:19:43 [Info]: Hidden file: c:\WINDOWS\system32\{EF68FFFA-945F-4874-ADA0-F9A2FBAFD8B7}.exe
07/13/06 22:19:43 [Note]: 10002 1
07/13/06 22:19:43 [Info]: Hidden file: c:\WINDOWS\system32\{F2F15715-F080-4A98-9AA0-5BA310871A94}.exe
07/13/06 22:19:43 [Note]: 10002 1
07/13/06 22:19:44 [Info]: Hidden file: c:\WINDOWS\system32\{B96AB4F7-96A5-4924-9F1E-671009687F4B}.exe
07/13/06 22:19:44 [Note]: 10002 1
07/13/06 22:19:44 [Info]: Hidden file: c:\WINDOWS\system32\{BCB92C2A-27E7-459D-B8BB-3AFF1EC41749}.exe
07/13/06 22:19:44 [Note]: 10002 1
07/13/06 22:19:44 [Info]: Hidden file: c:\WINDOWS\system32\{C0083EA9-8042-4726-82D3-66FFA1A49955}.exe
07/13/06 22:19:44 [Note]: 10002 1
07/13/06 22:19:44 [Info]: Hidden file: c:\WINDOWS\system32\{C17FE2CC-568A-4C63-A529-B634D9702C86}.exe
07/13/06 22:19:44 [Note]: 10002 1
07/13/06 22:19:45 [Info]: Hidden file: c:\WINDOWS\system32\{C3CC1D9F-F804-470E-8E95-EDDBEF175ACF}.exe
07/13/06 22:19:45 [Note]: 10002 1
07/13/06 22:19:45 [Info]: Hidden file: c:\WINDOWS\system32\{C3EF8EFB-9BBA-40B1-AA9F-13FA9610F4E6}.exe
07/13/06 22:19:45 [Note]: 10002 1
07/13/06 22:19:46 [Info]: Hidden file: c:\WINDOWS\system32\{1718B226-609A-4B34-A15B-740A5179220C}.exe
07/13/06 22:19:46 [Note]: 10002 1
07/13/06 22:19:46 [Info]: Hidden file: c:\WINDOWS\system32\{625A7D82-7F7E-4435-8315-97B220AE1177}.exe
07/13/06 22:19:46 [Note]: 10002 1
07/13/06 22:19:46 [Info]: Hidden file: c:\WINDOWS\system32\{63D98958-32BE-456C-86AF-80B03030E942}.exe
07/13/06 22:19:46 [Note]: 10002 1
07/13/06 22:19:47 [Info]: Hidden file: c:\WINDOWS\system32\{67B8C7CA-5AEA-409F-8609-1B800D6C25B2}.exe
07/13/06 22:19:47 [Note]: 10002 1
07/13/06 22:19:47 [Info]: Hidden file: c:\WINDOWS\system32\{68592422-6A26-420C-B201-82837233C95F}.exe
07/13/06 22:19:47 [Note]: 10002 1
07/13/06 22:19:47 [Info]: Hidden file: c:\WINDOWS\system32\{9BE47A8E-8F40-47B2-B6A6-DE70F8CBD0EA}.exe
07/13/06 22:19:47 [Note]: 10002 1
07/13/06 22:19:47 [Info]: Hidden file: c:\WINDOWS\system32\{9DBDD6F8-3CB9-4806-89C2-B7C491A7D3A3}.exe
07/13/06 22:19:47 [Note]: 10002 1
07/13/06 22:19:48 [Info]: Hidden file: c:\WINDOWS\system32\{9F3427F6-B4ED-4EFE-BB8E-B006E2943A5F}.exe
07/13/06 22:19:48 [Note]: 10002 1
07/13/06 22:19:48 [Info]: Hidden file: c:\WINDOWS\system32\{4F45C52C-E7F1-4DCF-8480-F7FE06CC7C86}.exe
07/13/06 22:19:48 [Note]: 10002 1
07/13/06 22:19:48 [Info]: Hidden file: c:\WINDOWS\system32\{5B8B8C93-202B-46EF-91DC-B32BFBC0CE5E}.exe
07/13/06 22:19:48 [Note]: 10002 1
07/13/06 22:19:49 [Info]: Hidden file: c:\WINDOWS\system32\{E4003183-F968-4F31-8DB5-C8C09854B180}.exe
07/13/06 22:19:49 [Note]: 10002 1
07/13/06 22:19:50 [Info]: Hidden file: c:\WINDOWS\system32\{E7431E18-B4C0-43EC-BF58-A887DFFF5178}.exe
07/13/06 22:19:50 [Note]: 10002 1
07/13/06 22:19:50 [Info]: Hidden file: c:\WINDOWS\system32\{834EA7C5-E17E-46E3-A0AF-DDC483FD32C5}.exe
07/13/06 22:19:50 [Note]: 10002 1
07/13/06 22:19:51 [Info]: Hidden file: c:\WINDOWS\system32\{C7AFC794-2968-4655-989D-BC071450BD7F}.exe
07/13/06 22:19:51 [Note]: 10002 1
07/13/06 22:19:51 [Info]: Hidden file: c:\WINDOWS\system32\{C8BCDE47-34F4-485E-A270-202ED6589590}.exe
07/13/06 22:19:51 [Note]: 10002 1
07/13/06 22:19:51 [Info]: Hidden file: c:\WINDOWS\system32\{CA4A6C01-70E5-4B47-BC4D-D66EE6DA597B}.exe
07/13/06 22:19:51 [Note]: 10002 1
07/13/06 22:19:51 [Info]: Hidden file: c:\WINDOWS\system32\{0FBA2524-10BC-4567-B5BB-FAD74DBD5BE5}.exe
07/13/06 22:19:51 [Note]: 10002 1
07/13/06 22:19:52 [Info]: Hidden file: c:\WINDOWS\system32\{F4DA69CD-DA36-4502-87B7-41C9BC462F62}.exe
07/13/06 22:19:52 [Note]: 10002 1
07/13/06 22:19:52 [Info]: Hidden file: c:\WINDOWS\system32\{F85E23EF-8ED6-4C1A-9299-B38508358C47}.exe
07/13/06 22:19:52 [Note]: 10002 1
07/13/06 22:19:52 [Info]: Hidden file: c:\WINDOWS\system32\{FA5C2546-4A6A-4F0C-92EF-8F8F4A6F4B3B}.exe
07/13/06 22:19:52 [Note]: 10002 1
07/13/06 22:19:53 [Info]: Hidden file: c:\WINDOWS\system32\{333B6EB9-F0BD-4422-9055-F9BB18EDF005}.exe
07/13/06 22:19:53 [Note]: 10002 1
07/13/06 22:19:53 [Info]: Hidden file: c:\WINDOWS\system32\{2BB09A55-C15F-48A4-B765-1414471192F5}.exe
07/13/06 22:19:53 [Note]: 10002 1
07/13/06 22:21:41 [Note]: 7007 0
Voila Regis, mais à noter que les alertes de avast! concernant les chevaux de troies et les adwares, ont cessées, je n'ai plus aucune alerte.
Voici les rapports :
silent runners :
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"neufbox_reminder" = ""C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r" ["neuf telecom"]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"SiS Windows KeyHook" = "C:\WINDOWS\system32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"Reminder" = ""C:\Windows\Creator\Remind_XP.exe"" ["SoftThinks"]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"VRSRun" = ""C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon" [null data]
"dmgnl.exe" = "C:\WINDOWS\system32\dmgnl.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "c:\Program Files\Sonic RecordNow!\shlext.dll" [null data]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csppy.exe" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]
Startup items in "Compaq_Propriétaire" & "All Users" startup folders:
---------------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Connexion facile à Internet" -> launches: "C:\Program Files\Easy Internet signup\HPSdpApp.exe /remind" ["Hewlett-Packard"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 2 lines
HOSTS file
----------
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 1 domain name to an IP address,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe"" ["Sunbelt Software"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt10\Driver = "hpzlnt10.dll" ["HP"]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 61 seconds, including 3 seconds for message boxes)
L'hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 22:16:15, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NCH Swift Sound\VRS\vrs.exe
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\mIRC\mirc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presa...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VRSRun] "C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{488C716E-0C06-47A0-8AA7-B5A8384177F8}: NameServer = 85.255.114.39 85.255.112.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
et enfin le blacklinght :
07/13/06 22:16:53 [Info]: BlackLight Engine 1.0.42 initialized
07/13/06 22:16:53 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/13/06 22:16:54 [Note]: 7019 4
07/13/06 22:16:54 [Note]: 7005 0
07/13/06 22:16:56 [Note]: 7006 0
07/13/06 22:16:56 [Note]: 7011 1772
07/13/06 22:16:56 [Note]: 7026 0
07/13/06 22:16:56 [Note]: 7026 0
07/13/06 22:17:04 [Note]: FSRAW library version 1.7.1019
07/13/06 22:19:26 [Info]: Hidden file: c:\WINDOWS\system32\csppy.exe
07/13/06 22:19:26 [Note]: 7002 32
07/13/06 22:19:26 [Note]: 7003 1
07/13/06 22:19:26 [Note]: 10002 1
07/13/06 22:19:33 [Info]: Hidden file: c:\WINDOWS\system32\dmgnl.exe
07/13/06 22:19:33 [Note]: 7002 32
07/13/06 22:19:33 [Note]: 7003 1
07/13/06 22:19:33 [Note]: 10002 1
07/13/06 22:19:34 [Info]: Hidden file: c:\WINDOWS\system32\{B395F5B2-25E0-4120-A6DF-B7DC4B34C732}.exe
07/13/06 22:19:34 [Note]: 10002 1
07/13/06 22:19:35 [Info]: Hidden file: c:\WINDOWS\system32\{3DC88C62-1697-48A5-B01B-D3F02ECF28DF}.exe
07/13/06 22:19:35 [Note]: 10002 1
07/13/06 22:19:35 [Info]: Hidden file: c:\WINDOWS\system32\{3E124577-283E-4241-9594-042E98FF1F20}.exe
07/13/06 22:19:35 [Note]: 10002 1
07/13/06 22:19:36 [Info]: Hidden file: c:\WINDOWS\system32\{3E52A9B0-9A4A-446C-A020-60B59E9B5FD7}.exe
07/13/06 22:19:36 [Note]: 10002 1
07/13/06 22:19:36 [Info]: Hidden file: c:\WINDOWS\system32\{40243105-7CDE-4536-A5AE-6B035BDCDB85}.exe
07/13/06 22:19:36 [Note]: 10002 1
07/13/06 22:19:36 [Info]: Hidden file: c:\WINDOWS\system32\{44F845AD-6F24-4A07-8F79-28266DD6539F}.exe
07/13/06 22:19:36 [Note]: 10002 1
07/13/06 22:19:36 [Info]: Hidden file: c:\WINDOWS\system32\{CC6EFF92-2381-47CF-993E-4291496FBBA5}.exe
07/13/06 22:19:36 [Note]: 10002 1
07/13/06 22:19:37 [Info]: Hidden file: c:\WINDOWS\system32\{D1D2DF02-DFEA-4DCF-9995-A47576F83A24}.exe
07/13/06 22:19:37 [Note]: 10002 1
07/13/06 22:19:37 [Info]: Hidden file: c:\WINDOWS\system32\{D465D9DA-9012-49E8-ACD4-DB5ED0BC0F48}.exe
07/13/06 22:19:37 [Note]: 10002 1
07/13/06 22:19:37 [Info]: Hidden file: c:\WINDOWS\system32\{8E6613D0-E0A2-4F22-A398-3B54FA4A3843}.exe
07/13/06 22:19:37 [Note]: 10002 1
07/13/06 22:19:38 [Info]: Hidden file: c:\WINDOWS\system32\{953C92E9-70D3-4FD2-9B12-0E500AEF39C2}.exe
07/13/06 22:19:38 [Note]: 10002 1
07/13/06 22:19:38 [Info]: Hidden file: c:\WINDOWS\system32\{95854D71-26D7-43A1-84EE-FBA96B51B96A}.exe
07/13/06 22:19:38 [Note]: 10002 1
07/13/06 22:19:38 [Info]: Hidden file: c:\WINDOWS\system32\{97B1BD8D-CE07-4E46-9878-22CB13D42F17}.exe
07/13/06 22:19:38 [Note]: 10002 1
07/13/06 22:19:39 [Info]: Hidden file: c:\WINDOWS\system32\{98CB0F62-9738-4E47-A845-6865A8954173}.exe
07/13/06 22:19:39 [Note]: 10002 1
07/13/06 22:19:39 [Info]: Hidden file: c:\WINDOWS\system32\{211CF0DD-34CC-4B98-98E2-D39CB3ADFE86}.exe
07/13/06 22:19:39 [Note]: 10002 1
07/13/06 22:19:39 [Info]: Hidden file: c:\WINDOWS\system32\{2844F3FA-E8AF-4030-A50F-E62F63202987}.exe
07/13/06 22:19:39 [Note]: 10002 1
07/13/06 22:19:39 [Info]: Hidden file: c:\WINDOWS\system32\{28C1CE15-2B5E-45EF-BD88-07EB42BEEA06}.exe
07/13/06 22:19:39 [Note]: 10002 1
07/13/06 22:19:40 [Info]: Hidden file: c:\WINDOWS\system32\{DD057DF5-2858-44E3-83F4-D65A9BA58D9A}.exe
07/13/06 22:19:40 [Note]: 10002 1
07/13/06 22:19:40 [Info]: Hidden file: c:\WINDOWS\system32\{307FF709-5059-4E0B-A01B-B78441CB84B4}.exe
07/13/06 22:19:40 [Note]: 10002 1
07/13/06 22:19:40 [Info]: Hidden file: c:\WINDOWS\system32\{3185C347-D8F5-4536-8271-4E565716C7C0}.exe
07/13/06 22:19:40 [Note]: 10002 1
07/13/06 22:19:41 [Info]: Hidden file: c:\WINDOWS\system32\{32DBC3FE-988F-4979-9BEF-7C93CBC20BC2}.exe
07/13/06 22:19:41 [Note]: 10002 1
07/13/06 22:19:41 [Info]: Hidden file: c:\WINDOWS\system32\{7A7C360E-934E-4BA8-8803-46035E90C678}.exe
07/13/06 22:19:41 [Note]: 10002 1
07/13/06 22:19:41 [Info]: Hidden file: c:\WINDOWS\system32\{7AE7B399-9BC9-462C-B79B-F24C773A229D}.exe
07/13/06 22:19:41 [Note]: 10002 1
07/13/06 22:19:42 [Info]: Hidden file: c:\WINDOWS\system32\{7F44E57A-2DB0-4B01-8FC0-43AE8A988648}.exe
07/13/06 22:19:42 [Note]: 10002 1
07/13/06 22:19:42 [Info]: Hidden file: c:\WINDOWS\system32\{81313BBB-8D41-4545-B394-0F9BD449F1A2}.exe
07/13/06 22:19:42 [Note]: 10002 1
07/13/06 22:19:42 [Info]: Hidden file: c:\WINDOWS\system32\{A35EB8EB-1AEA-4E0D-A8C6-3A98F3B1E744}.exe
07/13/06 22:19:42 [Note]: 10002 1
07/13/06 22:19:43 [Info]: Hidden file: c:\WINDOWS\system32\{AE32E49A-F598-4952-B9D9-A352F67654E2}.exe
07/13/06 22:19:43 [Note]: 10002 1
07/13/06 22:19:43 [Info]: Hidden file: c:\WINDOWS\system32\{EF68FFFA-945F-4874-ADA0-F9A2FBAFD8B7}.exe
07/13/06 22:19:43 [Note]: 10002 1
07/13/06 22:19:43 [Info]: Hidden file: c:\WINDOWS\system32\{F2F15715-F080-4A98-9AA0-5BA310871A94}.exe
07/13/06 22:19:43 [Note]: 10002 1
07/13/06 22:19:44 [Info]: Hidden file: c:\WINDOWS\system32\{B96AB4F7-96A5-4924-9F1E-671009687F4B}.exe
07/13/06 22:19:44 [Note]: 10002 1
07/13/06 22:19:44 [Info]: Hidden file: c:\WINDOWS\system32\{BCB92C2A-27E7-459D-B8BB-3AFF1EC41749}.exe
07/13/06 22:19:44 [Note]: 10002 1
07/13/06 22:19:44 [Info]: Hidden file: c:\WINDOWS\system32\{C0083EA9-8042-4726-82D3-66FFA1A49955}.exe
07/13/06 22:19:44 [Note]: 10002 1
07/13/06 22:19:44 [Info]: Hidden file: c:\WINDOWS\system32\{C17FE2CC-568A-4C63-A529-B634D9702C86}.exe
07/13/06 22:19:44 [Note]: 10002 1
07/13/06 22:19:45 [Info]: Hidden file: c:\WINDOWS\system32\{C3CC1D9F-F804-470E-8E95-EDDBEF175ACF}.exe
07/13/06 22:19:45 [Note]: 10002 1
07/13/06 22:19:45 [Info]: Hidden file: c:\WINDOWS\system32\{C3EF8EFB-9BBA-40B1-AA9F-13FA9610F4E6}.exe
07/13/06 22:19:45 [Note]: 10002 1
07/13/06 22:19:46 [Info]: Hidden file: c:\WINDOWS\system32\{1718B226-609A-4B34-A15B-740A5179220C}.exe
07/13/06 22:19:46 [Note]: 10002 1
07/13/06 22:19:46 [Info]: Hidden file: c:\WINDOWS\system32\{625A7D82-7F7E-4435-8315-97B220AE1177}.exe
07/13/06 22:19:46 [Note]: 10002 1
07/13/06 22:19:46 [Info]: Hidden file: c:\WINDOWS\system32\{63D98958-32BE-456C-86AF-80B03030E942}.exe
07/13/06 22:19:46 [Note]: 10002 1
07/13/06 22:19:47 [Info]: Hidden file: c:\WINDOWS\system32\{67B8C7CA-5AEA-409F-8609-1B800D6C25B2}.exe
07/13/06 22:19:47 [Note]: 10002 1
07/13/06 22:19:47 [Info]: Hidden file: c:\WINDOWS\system32\{68592422-6A26-420C-B201-82837233C95F}.exe
07/13/06 22:19:47 [Note]: 10002 1
07/13/06 22:19:47 [Info]: Hidden file: c:\WINDOWS\system32\{9BE47A8E-8F40-47B2-B6A6-DE70F8CBD0EA}.exe
07/13/06 22:19:47 [Note]: 10002 1
07/13/06 22:19:47 [Info]: Hidden file: c:\WINDOWS\system32\{9DBDD6F8-3CB9-4806-89C2-B7C491A7D3A3}.exe
07/13/06 22:19:47 [Note]: 10002 1
07/13/06 22:19:48 [Info]: Hidden file: c:\WINDOWS\system32\{9F3427F6-B4ED-4EFE-BB8E-B006E2943A5F}.exe
07/13/06 22:19:48 [Note]: 10002 1
07/13/06 22:19:48 [Info]: Hidden file: c:\WINDOWS\system32\{4F45C52C-E7F1-4DCF-8480-F7FE06CC7C86}.exe
07/13/06 22:19:48 [Note]: 10002 1
07/13/06 22:19:48 [Info]: Hidden file: c:\WINDOWS\system32\{5B8B8C93-202B-46EF-91DC-B32BFBC0CE5E}.exe
07/13/06 22:19:48 [Note]: 10002 1
07/13/06 22:19:49 [Info]: Hidden file: c:\WINDOWS\system32\{E4003183-F968-4F31-8DB5-C8C09854B180}.exe
07/13/06 22:19:49 [Note]: 10002 1
07/13/06 22:19:50 [Info]: Hidden file: c:\WINDOWS\system32\{E7431E18-B4C0-43EC-BF58-A887DFFF5178}.exe
07/13/06 22:19:50 [Note]: 10002 1
07/13/06 22:19:50 [Info]: Hidden file: c:\WINDOWS\system32\{834EA7C5-E17E-46E3-A0AF-DDC483FD32C5}.exe
07/13/06 22:19:50 [Note]: 10002 1
07/13/06 22:19:51 [Info]: Hidden file: c:\WINDOWS\system32\{C7AFC794-2968-4655-989D-BC071450BD7F}.exe
07/13/06 22:19:51 [Note]: 10002 1
07/13/06 22:19:51 [Info]: Hidden file: c:\WINDOWS\system32\{C8BCDE47-34F4-485E-A270-202ED6589590}.exe
07/13/06 22:19:51 [Note]: 10002 1
07/13/06 22:19:51 [Info]: Hidden file: c:\WINDOWS\system32\{CA4A6C01-70E5-4B47-BC4D-D66EE6DA597B}.exe
07/13/06 22:19:51 [Note]: 10002 1
07/13/06 22:19:51 [Info]: Hidden file: c:\WINDOWS\system32\{0FBA2524-10BC-4567-B5BB-FAD74DBD5BE5}.exe
07/13/06 22:19:51 [Note]: 10002 1
07/13/06 22:19:52 [Info]: Hidden file: c:\WINDOWS\system32\{F4DA69CD-DA36-4502-87B7-41C9BC462F62}.exe
07/13/06 22:19:52 [Note]: 10002 1
07/13/06 22:19:52 [Info]: Hidden file: c:\WINDOWS\system32\{F85E23EF-8ED6-4C1A-9299-B38508358C47}.exe
07/13/06 22:19:52 [Note]: 10002 1
07/13/06 22:19:52 [Info]: Hidden file: c:\WINDOWS\system32\{FA5C2546-4A6A-4F0C-92EF-8F8F4A6F4B3B}.exe
07/13/06 22:19:52 [Note]: 10002 1
07/13/06 22:19:53 [Info]: Hidden file: c:\WINDOWS\system32\{333B6EB9-F0BD-4422-9055-F9BB18EDF005}.exe
07/13/06 22:19:53 [Note]: 10002 1
07/13/06 22:19:53 [Info]: Hidden file: c:\WINDOWS\system32\{2BB09A55-C15F-48A4-B765-1414471192F5}.exe
07/13/06 22:19:53 [Note]: 10002 1
07/13/06 22:21:41 [Note]: 7007 0
Voila Regis, mais à noter que les alertes de avast! concernant les chevaux de troies et les adwares, ont cessées, je n'ai plus aucune alerte.
Salut
Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
1- Clik sur demarer < accessoire < bloc note.
Copie colle ceci dans le bloc note:
c:\WINDOWS\system32\csppy.exe
c:\WINDOWS\system32\dmgnl.exe
c:\WINDOWS\system32\{B395F5B2-25E0-4120-A6DF-B7DC4B34C732}.exe
c:\WINDOWS\system32\{3DC88C62-1697-48A5-B01B-D3F02ECF28DF}.exe
c:\WINDOWS\system32\{3E124577-283E-4241-9594-042E98FF1F20}.exe
c:\WINDOWS\system32\{3E52A9B0-9A4A-446C-A020-60B59E9B5FD7}.exe
c:\WINDOWS\system32\{40243105-7CDE-4536-A5AE-6B035BDCDB85}.exe
c:\WINDOWS\system32\{44F845AD-6F24-4A07-8F79-28266DD6539F}.exe
c:\WINDOWS\system32\{CC6EFF92-2381-47CF-993E-4291496FBBA5}.exe
c:\WINDOWS\system32\{D1D2DF02-DFEA-4DCF-9995-A47576F83A24}.exe
c:\WINDOWS\system32\{D465D9DA-9012-49E8-ACD4-DB5ED0BC0F48}.exe
c:\WINDOWS\system32\{8E6613D0-E0A2-4F22-A398-3B54FA4A3843}.exe
c:\WINDOWS\system32\{953C92E9-70D3-4FD2-9B12-0E500AEF39C2}.exe
c:\WINDOWS\system32\{95854D71-26D7-43A1-84EE-FBA96B51B96A}.exe
c:\WINDOWS\system32\{97B1BD8D-CE07-4E46-9878-22CB13D42F17}.exe
c:\WINDOWS\system32\{98CB0F62-9738-4E47-A845-6865A8954173}.exe
c:\WINDOWS\system32\{211CF0DD-34CC-4B98-98E2-D39CB3ADFE86}.exe
c:\WINDOWS\system32\{2844F3FA-E8AF-4030-A50F-E62F63202987}.exe
c:\WINDOWS\system32\{28C1CE15-2B5E-45EF-BD88-07EB42BEEA06}.exe
c:\WINDOWS\system32\{DD057DF5-2858-44E3-83F4-D65A9BA58D9A}.exe
c:\WINDOWS\system32\{307FF709-5059-4E0B-A01B-B78441CB84B4}.exe
c:\WINDOWS\system32\{3185C347-D8F5-4536-8271-4E565716C7C0}.exe
c:\WINDOWS\system32\{32DBC3FE-988F-4979-9BEF-7C93CBC20BC2}.exe
c:\WINDOWS\system32\{7A7C360E-934E-4BA8-8803-46035E90C678}.exe
c:\WINDOWS\system32\{7AE7B399-9BC9-462C-B79B-F24C773A229D}.exe
c:\WINDOWS\system32\{7F44E57A-2DB0-4B01-8FC0-43AE8A988648}.exe
c:\WINDOWS\system32\{81313BBB-8D41-4545-B394-0F9BD449F1A2}.exe
c:\WINDOWS\system32\{A35EB8EB-1AEA-4E0D-A8C6-3A98F3B1E744}.exe
c:\WINDOWS\system32\{AE32E49A-F598-4952-B9D9-A352F67654E2}.exe
c:\WINDOWS\system32\{EF68FFFA-945F-4874-ADA0-F9A2FBAFD8B7}.exe
c:\WINDOWS\system32\{F2F15715-F080-4A98-9AA0-5BA310871A94}.exe
c:\WINDOWS\system32\{B96AB4F7-96A5-4924-9F1E-671009687F4B}.exe
c:\WINDOWS\system32\{BCB92C2A-27E7-459D-B8BB-3AFF1EC41749}.exe
c:\WINDOWS\system32\{C0083EA9-8042-4726-82D3-66FFA1A49955}.exe
c:\WINDOWS\system32\{C17FE2CC-568A-4C63-A529-B634D9702C86}.exe
c:\WINDOWS\system32\{C3CC1D9F-F804-470E-8E95-EDDBEF175ACF}.exe
c:\WINDOWS\system32\{C3EF8EFB-9BBA-40B1-AA9F-13FA9610F4E6}.exe
c:\WINDOWS\system32\{1718B226-609A-4B34-A15B-740A5179220C}.exe
c:\WINDOWS\system32\{625A7D82-7F7E-4435-8315-97B220AE1177}.exe
c:\WINDOWS\system32\{63D98958-32BE-456C-86AF-80B03030E942}.exe
c:\WINDOWS\system32\{67B8C7CA-5AEA-409F-8609-1B800D6C25B2}.exe
c:\WINDOWS\system32\{68592422-6A26-420C-B201-82837233C95F}.exe
c:\WINDOWS\system32\{9BE47A8E-8F40-47B2-B6A6-DE70F8CBD0EA}.exe
c:\WINDOWS\system32\{9DBDD6F8-3CB9-4806-89C2-B7C491A7D3A3}.exe
c:\WINDOWS\system32\{9F3427F6-B4ED-4EFE-BB8E-B006E2943A5F}.exe
c:\WINDOWS\system32\{4F45C52C-E7F1-4DCF-8480-F7FE06CC7C86}.exe
c:\WINDOWS\system32\{5B8B8C93-202B-46EF-91DC-B32BFBC0CE5E}.exe
c:\WINDOWS\system32\{E4003183-F968-4F31-8DB5-C8C09854B180}.exe
c:\WINDOWS\system32\{E7431E18-B4C0-43EC-BF58-A887DFFF5178}.exe
c:\WINDOWS\system32\{834EA7C5-E17E-46E3-A0AF-DDC483FD32C5}.exe
c:\WINDOWS\system32\{C7AFC794-2968-4655-989D-BC071450BD7F}.exe
c:\WINDOWS\system32\{C8BCDE47-34F4-485E-A270-202ED6589590}.exe
c:\WINDOWS\system32\{CA4A6C01-70E5-4B47-BC4D-D66EE6DA597B}.exe
c:\WINDOWS\system32\{0FBA2524-10BC-4567-B5BB-FAD74DBD5BE5}.exe
c:\WINDOWS\system32\{F4DA69CD-DA36-4502-87B7-41C9BC462F62}.exe
c:\WINDOWS\system32\{F85E23EF-8ED6-4C1A-9299-B38508358C47}.exe
c:\WINDOWS\system32\{FA5C2546-4A6A-4F0C-92EF-8F8F4A6F4B3B}.exe
c:\WINDOWS\system32\{333B6EB9-F0BD-4422-9055-F9BB18EDF005}.exe
c:\WINDOWS\system32\{2BB09A55-C15F-48A4-B765-1414471192F5}.exe
Puis fais edition < selectioner tous
Puis edition < copier
2-Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans File < clik sur "Paste from Clipboard"
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.
Et après reposte un log HijackThis + silent runner + black light.
A+
Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
1- Clik sur demarer < accessoire < bloc note.
Copie colle ceci dans le bloc note:
c:\WINDOWS\system32\csppy.exe
c:\WINDOWS\system32\dmgnl.exe
c:\WINDOWS\system32\{B395F5B2-25E0-4120-A6DF-B7DC4B34C732}.exe
c:\WINDOWS\system32\{3DC88C62-1697-48A5-B01B-D3F02ECF28DF}.exe
c:\WINDOWS\system32\{3E124577-283E-4241-9594-042E98FF1F20}.exe
c:\WINDOWS\system32\{3E52A9B0-9A4A-446C-A020-60B59E9B5FD7}.exe
c:\WINDOWS\system32\{40243105-7CDE-4536-A5AE-6B035BDCDB85}.exe
c:\WINDOWS\system32\{44F845AD-6F24-4A07-8F79-28266DD6539F}.exe
c:\WINDOWS\system32\{CC6EFF92-2381-47CF-993E-4291496FBBA5}.exe
c:\WINDOWS\system32\{D1D2DF02-DFEA-4DCF-9995-A47576F83A24}.exe
c:\WINDOWS\system32\{D465D9DA-9012-49E8-ACD4-DB5ED0BC0F48}.exe
c:\WINDOWS\system32\{8E6613D0-E0A2-4F22-A398-3B54FA4A3843}.exe
c:\WINDOWS\system32\{953C92E9-70D3-4FD2-9B12-0E500AEF39C2}.exe
c:\WINDOWS\system32\{95854D71-26D7-43A1-84EE-FBA96B51B96A}.exe
c:\WINDOWS\system32\{97B1BD8D-CE07-4E46-9878-22CB13D42F17}.exe
c:\WINDOWS\system32\{98CB0F62-9738-4E47-A845-6865A8954173}.exe
c:\WINDOWS\system32\{211CF0DD-34CC-4B98-98E2-D39CB3ADFE86}.exe
c:\WINDOWS\system32\{2844F3FA-E8AF-4030-A50F-E62F63202987}.exe
c:\WINDOWS\system32\{28C1CE15-2B5E-45EF-BD88-07EB42BEEA06}.exe
c:\WINDOWS\system32\{DD057DF5-2858-44E3-83F4-D65A9BA58D9A}.exe
c:\WINDOWS\system32\{307FF709-5059-4E0B-A01B-B78441CB84B4}.exe
c:\WINDOWS\system32\{3185C347-D8F5-4536-8271-4E565716C7C0}.exe
c:\WINDOWS\system32\{32DBC3FE-988F-4979-9BEF-7C93CBC20BC2}.exe
c:\WINDOWS\system32\{7A7C360E-934E-4BA8-8803-46035E90C678}.exe
c:\WINDOWS\system32\{7AE7B399-9BC9-462C-B79B-F24C773A229D}.exe
c:\WINDOWS\system32\{7F44E57A-2DB0-4B01-8FC0-43AE8A988648}.exe
c:\WINDOWS\system32\{81313BBB-8D41-4545-B394-0F9BD449F1A2}.exe
c:\WINDOWS\system32\{A35EB8EB-1AEA-4E0D-A8C6-3A98F3B1E744}.exe
c:\WINDOWS\system32\{AE32E49A-F598-4952-B9D9-A352F67654E2}.exe
c:\WINDOWS\system32\{EF68FFFA-945F-4874-ADA0-F9A2FBAFD8B7}.exe
c:\WINDOWS\system32\{F2F15715-F080-4A98-9AA0-5BA310871A94}.exe
c:\WINDOWS\system32\{B96AB4F7-96A5-4924-9F1E-671009687F4B}.exe
c:\WINDOWS\system32\{BCB92C2A-27E7-459D-B8BB-3AFF1EC41749}.exe
c:\WINDOWS\system32\{C0083EA9-8042-4726-82D3-66FFA1A49955}.exe
c:\WINDOWS\system32\{C17FE2CC-568A-4C63-A529-B634D9702C86}.exe
c:\WINDOWS\system32\{C3CC1D9F-F804-470E-8E95-EDDBEF175ACF}.exe
c:\WINDOWS\system32\{C3EF8EFB-9BBA-40B1-AA9F-13FA9610F4E6}.exe
c:\WINDOWS\system32\{1718B226-609A-4B34-A15B-740A5179220C}.exe
c:\WINDOWS\system32\{625A7D82-7F7E-4435-8315-97B220AE1177}.exe
c:\WINDOWS\system32\{63D98958-32BE-456C-86AF-80B03030E942}.exe
c:\WINDOWS\system32\{67B8C7CA-5AEA-409F-8609-1B800D6C25B2}.exe
c:\WINDOWS\system32\{68592422-6A26-420C-B201-82837233C95F}.exe
c:\WINDOWS\system32\{9BE47A8E-8F40-47B2-B6A6-DE70F8CBD0EA}.exe
c:\WINDOWS\system32\{9DBDD6F8-3CB9-4806-89C2-B7C491A7D3A3}.exe
c:\WINDOWS\system32\{9F3427F6-B4ED-4EFE-BB8E-B006E2943A5F}.exe
c:\WINDOWS\system32\{4F45C52C-E7F1-4DCF-8480-F7FE06CC7C86}.exe
c:\WINDOWS\system32\{5B8B8C93-202B-46EF-91DC-B32BFBC0CE5E}.exe
c:\WINDOWS\system32\{E4003183-F968-4F31-8DB5-C8C09854B180}.exe
c:\WINDOWS\system32\{E7431E18-B4C0-43EC-BF58-A887DFFF5178}.exe
c:\WINDOWS\system32\{834EA7C5-E17E-46E3-A0AF-DDC483FD32C5}.exe
c:\WINDOWS\system32\{C7AFC794-2968-4655-989D-BC071450BD7F}.exe
c:\WINDOWS\system32\{C8BCDE47-34F4-485E-A270-202ED6589590}.exe
c:\WINDOWS\system32\{CA4A6C01-70E5-4B47-BC4D-D66EE6DA597B}.exe
c:\WINDOWS\system32\{0FBA2524-10BC-4567-B5BB-FAD74DBD5BE5}.exe
c:\WINDOWS\system32\{F4DA69CD-DA36-4502-87B7-41C9BC462F62}.exe
c:\WINDOWS\system32\{F85E23EF-8ED6-4C1A-9299-B38508358C47}.exe
c:\WINDOWS\system32\{FA5C2546-4A6A-4F0C-92EF-8F8F4A6F4B3B}.exe
c:\WINDOWS\system32\{333B6EB9-F0BD-4422-9055-F9BB18EDF005}.exe
c:\WINDOWS\system32\{2BB09A55-C15F-48A4-B765-1414471192F5}.exe
Puis fais edition < selectioner tous
Puis edition < copier
2-Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans File < clik sur "Paste from Clipboard"
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.
Et après reposte un log HijackThis + silent runner + black light.
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir Régis, Malheureusement rien ne vas plus lol
j'ai bien télécharger ce que tu m'as demandé,
ensuite j'ai bien collé les aussi les lignes demandé, au moment de la confimation pour reboot, il m'inscrit la message d'erreur suivant :
- " Pending file removed opération registry data has been romeved by extrerial process "
Moi qui ne connais pas le logiciel je ne sais pas comment interpréter ce msg...
Merci encore de te prendre la tete pour mon probleme.. Bonne nuit
++
j'ai bien télécharger ce que tu m'as demandé,
ensuite j'ai bien collé les aussi les lignes demandé, au moment de la confimation pour reboot, il m'inscrit la message d'erreur suivant :
- " Pending file removed opération registry data has been romeved by extrerial process "
Moi qui ne connais pas le logiciel je ne sais pas comment interpréter ce msg...
Merci encore de te prendre la tete pour mon probleme.. Bonne nuit
++
Salut RED-1 !!
Comme je te l indiquais a la fin du message, mais tu n as pas du le voir:
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Apparemment c est le meme message, il est attendu, ne t inquiete pas.
Tu l'ignores, clik ok!
Ensuite redemarre et donne moi les rapports !
lol Merci de tout lire avant d effectuer les manips, ca t aurais evité une frayeur lol
a++
Comme je te l indiquais a la fin du message, mais tu n as pas du le voir:
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Apparemment c est le meme message, il est attendu, ne t inquiete pas.
Tu l'ignores, clik ok!
Ensuite redemarre et donne moi les rapports !
lol Merci de tout lire avant d effectuer les manips, ca t aurais evité une frayeur lol
a++
