[Trojan] Infecté par Pipas. A

Question

Bonjour à tous,Avant tout ma config: Xp proJ'ai été infecté il y a peu par un virus, que mon antivirus (Antivir) a supprimé. Lorsque je lance adaware une première fois, il me supprime toutes les cochonneries. Le 2e passage est clean.Avec spybot, le 1er passage detecte Pipas. A, je supprime, je refait un scan, et il est à nouveau là...Apres plusieurs recherches sur le net, je n'ai pas vraiment trouvé comment supprimer ce trojan   [description ici: http://www.avira.com/fr/threats/TR_Pipas_A_details.html]J'ai donc besoin de votre aide pour virer ce trojan! Quand je veux visiter une page web, par exemple je tappe:  ccm.net, il me dirige une fois vers un site louche, encore une deuxieme fois, et la 3e fois est enfin ccm.Je recois aussi des emails louches...J'ai donc fait un rapport Hijackthis: Logfile of HijackThis v1.99.1Scan saved at 15:53:32, on 23/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Logi_MwX.ExeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exeC:\Program Files\3M\PSNLite\PsnLite.exeC:\Program Files\iPodmini\bin\iPodService.exeC:\PROGRA~1\3M\PSNLite\PSNGive.exeC:\Program Files\Xfire\Xfire.exeC:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Ben\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portailR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO1 - Hosts: localhost 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dmrsj.exe] C:\WINDOWS\system32\dmrsj.exeO4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exeO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [TheTurtle] D:\TheTrutle\TheTurtle\TheTurtle.exeO4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exeO4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missingO16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version6/Applet/wchatsign.cabO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.htmlO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{22159C2F-A2BE-4CD9-9DCD-449FAF495FFB}: NameServer = 85.255.114.46,85.255.112.210O17 - HKLM\System\CCS\Services\Tcpip\..\{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}: NameServer = 85.255.114.46,85.255.112.210O17 - HKLM\System\CCS\Services\Tcpip\..\{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}: NameServer = 85.255.114.46,85.255.112.210O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodmini\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeVoilà, votre aide me serait précieuse :)  (si au passage il ya des truc inutiles a virer ;) )BenJ

BenJ · Answer

Un petit up avant la fin du week end :)

Regis59 · Answer

SalutDis moi, tu as une barre qui est apparun avec comme nom "pharmacy, sex....?"a+

BenJ · Answer

Exact Regis, c'est cette bar avec ecrit Remove Toolbar, Gambling, Pharmacy etc

Regis59 · Answer

SalutCa fait un moment que je ne l avais pas vu ;-)Télécharge cecihttps://www.cjoint.com/?hym7nsMciSLance le programme MoeRegis.Un rapport va s ouvrir, copie colle le moi !A+

BenJ · Answer

Et voila le travail:

Rapport fait à 20:17:11.60 le 24/07/2006
Executé à partir de C:\Documents and Settings\Ben\Bureau\hym7nsMciS_Moe_Regis\Hcsrch
OS: Microsoft Windows XP [version 5.1.2600]

*********************************************

Vérification HKLM\...\...\...\...\ruins

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
"}70012AFC0C76-31A9-1C74-1855-8C579108{"=hex:5e,4d,00,00,4c,0b,2b,22,22,28,56,\
6c,43,56,76,7e,63,72,8e,9f,80,bc,aa,a6,a2,a2,ca,dc,de,c9,f0,cc,fb,dc,21,12,\
05,12,2b,23,20,66,2e,00,00,00
"nxkmd"=hex:3b,69,00,00,0a,35,03,1e,1c,d4,65,7e,75,11,00,00,00

*********************************************

Fichiers détectés :

C:\WINDOWS\rdt.ini Présent !
C:\WINDOWS\System32\dgprpsetup.exe Présent !

*********************************************

Recherche des processus aleatoires
d'après les modèles : cs***.exe, dm***.exe, ya***.exe

C:\WINDOWS\System32

*********************************************

Recherche presence C:\WINDOWS\System32\idemlog.exe...

non trouvé...

Merci de ton aide :)

Regis59 · Answer

Re,

1-Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

2-Télécharge et installe ewido sans le lancer

Ewido:

http://perso.orange.fr/entraide-hijackthis/Ewido/

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Déconnecte toi d'internet c'est important.

puis vérifie ceci:
demarrer > connection > clic droit sur ta connection > propriétés
gestion de reseau
assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"
valide avec ok
- -----------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O1 - Hosts: localhost 127.0.0.1

O4 - HKLM\..\Run: [dmrsj.exe] C:\WINDOWS\system32\dmrsj.exe

O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}: NameServer =
NameServer = 85.255.114.46,85.255.112.210

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}: NameServer = 85.255.114.46,85.255.112.210

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}: NameServer = 85.255.114.46,85.255.112.210

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

ouvre le bloc note et copie et colle ceci à l'interieur:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HCLEAN32.EXE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersion\ruins]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"Disabled"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

[-HKEY_LOCAL_MACHINE\SOFTWARE\WareOut]

Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer

ensuite double clic sur fix.reg et accepte de fusionner

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

1- Double-clic sur KillBox.exe (Pocket Killbox)

Télécharge: Pocket Killbox ici:
http://www.killbox.net/downloads/KillBox.exe

ouvre le bloc note et copie et colle la liste des fichiers à supprimer
ci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver
facilement (sur le bureau par exemple).

C:\WINDOWS\rdt.ini
C:\WINDOWS\System32\dgprpsetup.exe
C:\WINDOWS\system32\dmrsj.exe

1/ lance killbox.exe
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer,
clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot" puis clic
sur "ALL FILES"
6/ Dans le menu du haut clic sur File, puis sur paste
from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur
OUI

Si le pc ne redemarre pas automatiquement ou si killbox t'envois ce message:
"Pending file Rename Operations Registry Data has been Removed by External Process"
ignore le et redemarre le pc normallement

Lance ewdio et fournit moi le rapport
Refais un Hijack this et donne le rapport
Remet moi un moeregis stp

a+

BenJ · Answer

OPTION 1  de SmitfraudfixSmitFraudFix v2.75bRapport fait à 18:40:31.54, 25/07/2006Executé à partir de C:\Documents and Settings\Ben\Bureau\Virus\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600] - Windows_NTFix executé en mode normal»»»»»»»»»»»»»»»»»»»»»»»» C:\»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ben\Application DataC:\Documents and Settings\Ben\Application Data\Install.dat PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ben\Favoris»»»»»»»»»»»»»»»»»»»»»»»» Bureau»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau  »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll»»»»»»»»»»»»»»»»»»»»»»»» Fin_______________________________________________________________________OPTION 2  de SmitfraudfixLorsque je suis en mode sans échec et que je lance le programme, je choisis l’option 2, mais cela quitte le programme, je ne peux pas sauvegarder quelconque rapport !Pour le Hijack, je n’ai pas la ligne avec dmrsj.exe, mais j’ai dmlnb qui ressemble…Pour ewido, j’ai pris le  scan full system,comme tu ne m’a rien dit.Le rapport ewido :ewido anti-spyware - Scan Report--------------------------------------------------------- + Created at:	20:03:10 25/07/2006 + Scan result:	C:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : No action taken.HKLM\SOFTWARE\Classes\CLSID\{47CF0D84-64D8-D3F0-DBD8-09D910B3172B} -> Adware.CoolWebSearch : No action taken.HKLM\SOFTWARE\Classes\CLSID\{57C0C13E-E95C-411D-BCD9-A537E6B2AA24} -> Adware.CoolWebSearch : No action taken.HKLM\SOFTWARE\Classes\CLSID\{CAE597FF-4125-1680-10FC-D57418898CD3} -> Adware.CoolWebSearch : No action taken.C:\WINDOWS\system32\{6F3A2BD4-7FAC-4CA2-93A7-C752CA48524B}.exe -> Adware.Msnagent : No action taken.C:\WINDOWS\system32zspy.exe -> Adware.Raze : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\001E2909-5E4D-4607-ACDD-682327\F9DF5B50-AD09-48B2-9181-DABC27 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\26428D57-E9B4-45C5-82B0-B417F8\090E2257-0436-4C80-AA5E-CB7A20 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\26428D57-E9B4-45C5-82B0-B417F8\6F37A2B1-24E5-4D2B-B172-CE623E -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\26428D57-E9B4-45C5-82B0-B417F8\D7B0E49A-D02C-4381-B182-854252 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\45BC3FF3-99AD-438E-AD3D-23F05F\A9F333E9-9110-4B5D-872D-D7EDF5 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\45BC3FF3-99AD-438E-AD3D-23F05F\B13527FA-AFFA-4B99-837F-A172F6 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\45BC3FF3-99AD-438E-AD3D-23F05F\BDAAB4D8-8280-4E5F-A4BD-62D308 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\9D521339-9764-4D2F-AB77-F76C50\58079F40-472A-42D7-A991-83D84B -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\9D521339-9764-4D2F-AB77-F76C50\65B8F96A-546D-43FA-A60E-82E96D -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\9D521339-9764-4D2F-AB77-F76C50\EEA50EFB-A8B3-46E4-9019-C90B47 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\BAF8EEF4-936D-46BC-9616-3FF715\A463B496-C157-42BF-9591-E0F991 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\EAD65C50-E8E3-480B-A103-053F47\D36DC131-31DF-4C93-8E94-B3F9B0 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\FFC4103A-459A-43A5-9F0C-0ACA2F\74BB55A6-F50C-47B8-8BCA-A78C7F -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\FFC4103A-459A-43A5-9F0C-0ACA2F\AF4FE40E-6164-48F7-AA3F-E85737 -> Adware.WinAD : No action taken.C:\Program Files\Microsoft AntiSpyware\Quarantine\FFC4103A-459A-43A5-9F0C-0ACA2F\F48D1FB0-9477-4522-8129-6D0872 -> Adware.WinAD : No action taken.C:\dd.exe -> Adware.WinAD : No action taken.C:\Documents and Settings\Ben\Cookies\ben@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.C:\Documents and Settings\Ben\Cookies\ben@adtech[2].txt -> TrackingCookie.Adtech : No action taken.C:\Documents and Settings\Ben\Cookies\ben@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.C:\Documents and Settings\Ben\Cookies\ben@com[1].txt -> TrackingCookie.Com : No action taken.C:\Documents and Settings\Ben\Cookies\ben@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.C:\Documents and Settings\Ben\Cookies\ben@estat[1].txt -> TrackingCookie.Estat : No action taken.C:\Documents and Settings\Ben\Cookies\ben@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.C:\Documents and Settings\Ben\Cookies\ben@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.C:\Documents and Settings\Ben\Cookies\ben@overture[1].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Ben\Cookies\ben@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.C:\Documents and Settings\Ben\Cookies\ben@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.C:\Documents and Settings\Ben\Cookies\ben@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.C:\Documents and Settings\Ben\Cookies\ben@weborama[2].txt -> TrackingCookie.Weborama : No action taken.C:\Documents and Settings\Ben\Cookies\ben@zedo[1].txt -> TrackingCookie.Zedo : No action taken.C:\WINDOWS\system32\xwqwl.exe -> Trojan.DNSChanger.ef : No action taken.C:\WINDOWS\system32\{EF1B6E8D-B494-47D1-80CE-83A83D83942A}.exe -> Trojan.Puper.bx : No action taken.C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhost.el : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP629\A0591161.exe -> Trojan.Small.fb : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP629\A0591182.exe -> Trojan.Small.fb : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP630\A0591196.exe -> Trojan.Small.fb : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP632\A0591270.exe -> Trojan.Small.fb : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP633\A0591297.exe -> Trojan.Small.fb : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP634\A0591313.exe -> Trojan.Small.fb : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP634\A0591326.exe -> Trojan.Small.fb : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP634\A0592337.exe -> Trojan.Small.fb : No action taken.C:\System Volume Information\_restore{D11B2D65-7DF3-42C6-812F-63E55C34AB5F}\RP634\A0593352.exe -> Trojan.Small.fb : No action taken.[1144] VM_017B0000 -> Trojan.Small.fb : No action taken.C:\WINDOWS\system32\{CBE749DE-E4DF-4EF0-B558-C272E4C0B611}.exe -> Trojan.Small.gq : No action taken.::Report end____________________________________________Le rapport Hijackthis :Logfile of HijackThis v1.99.1Scan saved at 19:17:47, on 25/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\Logi_MwX.ExeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPodmini\bin\iPodService.exeC:\Program Files\Spamihilator\spamihilator.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exeC:\Program Files\3M\PSNLite\PsnLite.exeC:\PROGRA~1\3M\PSNLite\PSNGive.exeC:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exeC:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exeC:\Documents and Settings\Ben\Bureau\Virus\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portailR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dmddr.exe] C:\WINDOWS\system32\dmddr.exeO4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [TheTurtle] D:\TheTrutle\TheTurtle\TheTurtle.exeO4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exeO4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missingO16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version6/Applet/wchatsign.cabO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.htmlO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodmini\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exePour finir tu as dit: remet moi un moeregis. Qu’est ce que c’est ?!?Merci a toi :)

Regis59 · Answer

Re,lolRelance ewido et supprime tout ce qu il trouvera stpa+

BenJ · Answer

Re,J'ai fait 2 scan ewido.J'ai le trojan Small.fb, il le trouve, et deux fois de suite, il me propose la quarantaine, je fais appliquer, il met 'error while quarantining!'  (risk high )Voilà :)

BenJ · Answer

J'ai fait: 1 fois supprimer: erreur                 1 fois quarantaine: erreur

Regis59 · Answer

Bon coriace la bête lol

1- Donne un nouveau Hijackthis

2-Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

3-Telecharge

https://www.cjoint.com/?hzwNpzBN3h

Execute le et donne le rapport

Merci :-)

BenJ · Answer

Le hijack:

Logfile of HijackThis v1.99.1
Scan saved at 23:43:19, on 25/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPodmini\bin\iPodService.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe
C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ben\Bureau\Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmddr.exe] C:\WINDOWS\system32\dmddr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodmini\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Le silent:

"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"Steam" = (empty string)
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Spamihilator" = ""C:\Program Files\Spamihilator\spamihilator.exe"" ["Michel Krämer"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"MSO" = "uZuZ**" (unwritable string) [file not found]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"dmddr.exe" = "C:\WINDOWS\system32\dmddr.exe" [null data]
"!ewido" = ""C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

Et le dernier:

Rapport fait à 23:45:29.12 le 25/07/2006
Executé à partir de C:\Documents and Settings\Ben\Bureau\Virus\Moe\Hcsrch
OS: Microsoft Windows XP [version 5.1.2600]

*********************************************

Vérification HKLM\...\...\...\...\ruins

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
"}70012AFC0C76-31A9-1C74-1855-8C579108{"=hex:a7,6d,00,00,b7,42,72,75,55,63,19,\
27,0a,09,39,31,2a,25,d1,d6,cb,f7,fd,f9,d5,d5,9d,97,81,80,bb,87,a2,97,68,65,\
4c,45,72,7a,6b,99,2e,00,00,00

*********************************************

Fichiers détectés :

*********************************************

Recherche des processus aleatoires
d'après les modèles : cs***.exe, dm***.exe, ya***.exe

C:\WINDOWS\System32
cstpu.exe
dmddr.exe

*********************************************

Recherche presence C:\WINDOWS\System32\idemlog.exe...

non trouvé...

Regis59 · Answer

On va faire un petit test ok? (sans risques)

Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O4 - HKLM\..\Run: [dmddr.exe] C:\WINDOWS\system32\dmddr.exe

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

A+

BenJ · Answer

Hey,

Je télécharge ton programme,je le lance, je fait ce qu'il demande 'apuuyez sur une touche' dans une zone noire, et ensuite il ouvre le bloc note avec écrit:

Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):00
.....
End vxd check
.....
please post this at the forum

Mais il ne me demande pas de redémarrer!!
Je n'ai pas touché a la ligne pour hijack, j'attends que tu me dises si je dois l'enlever ou non.

Bye bye

Regis59 · Answer

Non, remet moi les 3 rapports de la derniere fois, ca me suffieraa+

BenJ · Answer

Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 12:47:01, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPodmini\bin\iPodService.exe
C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ben\Bureau\Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodmini\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Silenttruc:

"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"Steam" = (empty string)
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Spamihilator" = ""C:\Program Files\Spamihilator\spamihilator.exe"" ["Michel Krämer"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"MSO" = (empty string)
"LogitechGalleryRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"!ewido" = ""C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

Le moe:

Rapport fait à 12:48:14.65 le 27/07/2006
Executé à partir de C:\Documents and Settings\Ben\Bureau\Virus\Moe\Hcsrch
OS: Microsoft Windows XP [version 5.1.2600]

*********************************************

Vérification HKLM\...\...\...\...\ruins

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
"}70012AFC0C76-31A9-1C74-1855-8C579108{"=hex:a7,6d,00,00,b7,42,72,75,55,63,19,\
27,0a,09,39,31,2a,25,d1,d6,cb,f7,fd,f9,d5,d5,9d,97,81,80,bb,87,a2,97,68,65,\
4c,45,72,7a,6b,99,2e,00,00,00

*********************************************

Fichiers détectés :

*********************************************

Recherche des processus aleatoires
d'après les modèles : cs***.exe, dm***.exe, ya***.exe

C:\WINDOWS\System32
cstpu.exe

*********************************************

Recherche presence C:\WINDOWS\System32\idemlog.exe...

non trouvé...

Voila, thanks!

Regis59 · Answer

Desole du retard.

Déconnecte toi d'internet c'est important

puis vérifie ceci:
demarrer > connection > clic droit sur ta connection > propriétés
gestion de reseau
assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"
valide avec ok
- -----------------------------------------------------------------
¤Recherche et supprime ceci:

C:\WINDOWS\System32\cstpu.exe

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

ouvre le bloc note et copie et colle ceci à l'interieur:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersion\ruins]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"Disabled"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

Puis enregistrer sous et dans:
Nom du fichier, met fix.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer

ensuite double clic sur fix.reg et accepte de fusionner

Redemarre et remet les rapports stp

a+

BenJ · Answer

Re,

J'ai virer le fichier, et mes connections sont comme tu as dit.

Voila les rapports:
HIJACK

Logfile of HijackThis v1.99.1
Scan saved at 21:35:29, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPodmini\bin\iPodService.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Ben\Bureau\Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodmini\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

MOE
________________________

Rapport fait à 21:36:09.50 le 27/07/2006
Executé à partir de C:\Documents and Settings\Ben\Bureau\Virus\Moe\Hcsrch
OS: Microsoft Windows XP [version 5.1.2600]

*********************************************

Vérification HKLM\...\...\...\...\ruins

*********************************************

Fichiers détectés :

*********************************************

Recherche des processus aleatoires
d'après les modèles : cs***.exe, dm***.exe, ya***.exe

C:\WINDOWS\System32

*********************************************

Recherche presence C:\WINDOWS\System32\idemlog.exe...

non trouvé...
____________________________________

SILENTRUNNERS

"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"Steam" = (empty string)
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Spamihilator" = ""C:\Program Files\Spamihilator\spamihilator.exe"" ["Michel Krämer"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"MSO" = (empty string)
"LogitechGalleryRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"!ewido" = ""C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Default executables:
--------------------

A+

Regis59 · Answer

SalutTu as spybot?Lance un scan et copie/colle le rapporta+

BenJ · Answer

Of course j'ai spybot :D et adaware aussi ;) Ya des trucs que j'ai toujours eu, comme Active Desktop,et coolwwwserachgooglems. Je ne voi plus PipasA ?!? Eradiqué ? Ah au fait, l'autre jour en redémarrant,Ewido m'a detecté le Trojan SMall, a proposé Clean+Quarantin,en ,j'ai fait oui. Eradiqué? Le rapport: --- Search result list --- Windows.ActiveDesktop: Réglages utilisateur (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1659004503-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1 CoolWWWSearch.Googlems: Réglages utilisateur (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1659004503-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com\*!=W=4 --- Spybot - Search && Destroy version: 1.3 --- 2006-07-14 Includes\Cookies.sbi 2006-07-14 Includes\Dialer.sbi 2006-07-14 Includes\Hijackers.sbi 2006-07-14 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2006-07-14 Includes\Malware.sbi 2006-07-14 Includes\PUPS.sbi 2006-07-14 Includes\Revision.sbi 2006-07-14 Includes\Security.sbi 2006-07-14 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2006-07-14 Includes\Trojans.sbi --- System information --- Windows XP (Build: 2600) Service Pack 2 / Windows XP / SP2: Windows XP Service Pack 2 / Windows XP / SP3: Windows Installer 3.1 (KB893803) --- Startup entries list --- Located: HK_LM:Run, !ewido command: "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized file: C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe size: 6283264 MD5: 10c40f37ac87a18f624143d4fe6e8dec Located: HK_LM:Run, avgnt command: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe size: 233512 MD5: d05a80b5a605f8b8fb0915d1a4905471 Located: HK_LM:Run, HP Software Update command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152 MD5: ac116f16a7716a720a45d7ea47cfd983 Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 278528 MD5: 8778072a594e1310c0b7d0a93771e8bd Located: HK_LM:Run, Logitech Utility command: Logi_MwX.Exe file: C:\WINDOWS\Logi_MwX.Exe size: 19968 MD5: e57163001c8a279ab6b1a06b5834a463 Located: HK_LM:Run, LogitechGalleryRepair command: C:\Program Files\Logitech\Video\ISStart.exe file: C:\Program Files\Logitech\Video\ISStart.exe size: 188416 MD5: 3257a2a9e9943de93ee5438cb2e77359 Located: HK_LM:Run, LogitechVideoRepair command: C:\Program Files\Logitech\Video\ISStart.exe file: C:\Program Files\Logitech\Video\ISStart.exe size: 188416 MD5: 3257a2a9e9943de93ee5438cb2e77359 Located: HK_LM:Run, LogitechVideoTray command: C:\Program Files\Logitech\Video\LogiTray.exe file: C:\Program Files\Logitech\Video\LogiTray.exe size: 65536 MD5: 66fa2cc087dfa905c22a7f83ff59c7dc Located: HK_LM:Run, MessengerPlus3 command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe size: 190024 MD5: b787d9a60fee9c3732c2e2d4571bb716 Located: HK_LM:Run, MSO command: Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup file: C:\WINDOWS\system32\RUNDLL32.EXE size: 33792 MD5: cdd7140c0eaa754c527b983ccc9993cd Located: HK_LM:Run, NvMediaCenter command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit file: C:\WINDOWS\system32\RUNDLL32.EXE size: 33792 MD5: cdd7140c0eaa754c527b983ccc9993cd Located: HK_LM:Run, zBrowser Launcher command: C:\Program Files\Logitech\iTouch\iTouch.exe file: C:\Program Files\Logitech\iTouch\iTouch.exe size: 631362 MD5: 535defd797d14dbc6edc4d746dc23d41 Located: HK_CU:Run, LogitechSoftwareUpdate command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot file: C:\Program Files\Logitech\Video\ManifestEngine.exe size: 196608 MD5: c1913a21cb3a7bf314641acf0a8f81c9 Located: HK_CU:Run, Skype command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized file: C:\Program Files\Skype\Phone\Skype.exe size: 19543592 MD5: bb6d574b1913e9e1c1d1bc1e69dae29b Located: HK_CU:Run, Spamihilator command: "C:\Program Files\Spamihilator\spamihilator.exe" file: C:\Program Files\Spamihilator\spamihilator.exe size: 595968 MD5: 63c6e86d93bbb627875cb5dffe7f0ae1 Located: HK_CU:Run, Steam command: Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe size: 282624 MD5: 5597d0075861cb0a6e6087752d205c0d Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe size: 169472 MD5: 91291ca1490f952d977618544d540b87 Located: Démarrage (tous utilisateurs), NETGEAR WPN111 Smart Wizard.lnk command: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe file: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe size: 491606 MD5: 38a54162f6ef4bcc7b71b66bee3ab24a Located: Démarrage (tous utilisateurs), Post-it® Software Notes Lite.lnk command: C:\Program Files\3M\PSNLite\PsnLite.exe file: C:\Program Files\3M\PSNLite\PsnLite.exe size: 2080768 MD5: 49ad529f6ca9b4b847180e8f1af48e89 Located: Démarrage (utilisateur), Xfire.lnk command: C:\Program Files\Xfire\Xfire.exe file: C:\Program Files\Xfire\Xfire.exe size: 4326992 MD5: 3ad94a4ac6dfab2831b47ed244afe7c3 Located: Démarrage (désactivé), InterVideo WinCinema Manager (DISABLED) command: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE file: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE size: 77824 MD5: bf48304999ce4834c66ce07fd534cd26 Located: Démarrage (désactivé), Lancement rapide d'Adobe Reader (DISABLED) command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE size: 29696 MD5: deb88aef013dd1eefb462d7cad642166 Located: Démarrage (désactivé), Rappels du Calendrier Microsoft Works (DISABLED) command: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe file: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe size: 53317 MD5: 4b3228894d9a22fd458a663684cfd8fe --- Browser helper object list --- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) BHO name: CLSID name: AcroIEHlprObj Class description: Adobe Acrobat reader classification: Legitimate known filename: AcroIEhelper.ocx
AcroIEhelper.dll info link: https://get2.adobe.com/reader/otherversions/ info source: TonyKlein Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 14/12/2004 01:56:50 Date (last access): 27/07/2006 23:18:50 Date (last write): 14/12/2004 01:56:50 Filesize: 63136 Attributes: archive MD5: 42729C3DE75A7A51FC6F9EF6546C9199 CRC32: 4D60BD07 Version: 0.7.0.0 {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) BHO name: CLSID name: Google Toolbar Helper Path: c:\program files\google\ Long name: GoogleToolbar1.dll Short name: GOOGLE~1.DLL Date (created): 27/02/2006 20:36:44 Date (last access): 27/07/2006 23:18:50 Date (last write): 14/02/2006 21:06:14 Filesize: 1204224 Attributes: readonly archive MD5: D91CB7361D7814035F543C7CCAE9DD60 CRC32: 16D568FF Version: 0.3.0.0 --- ActiveX list --- Interface Chat Voila (Interface Chat Voila) DPF name: Interface Chat Voila CLSID name: Interface Chat Wanadoo (Interface Chat Wanadoo) DPF name: Interface Chat Wanadoo CLSID name: Microsoft XML Parser for Java (Microsoft XML Parser for Java) DPF name: Microsoft XML Parser for Java CLSID name: description: classification: Legitimate known filename: %WINDIR%\Java\classes\xmldso.cab info link: info source: Patrick M. Kolla Yahoo! Pool 2 (Yahoo! Pool 2) DPF name: Yahoo! Pool 2 CLSID name: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) DPF name: CLSID name: Checkers Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: msgrchkr.dll Short name: Date (created): 29/05/2003 15:00:18 Date (last access): 27/07/2006 23:25:26 Date (last write): 29/05/2003 15:00:18 Filesize: 77408 Attributes: archive MD5: 42D567DF86B9B7AC4A89664C9651B68B CRC32: 47FF3D19 Version: 0.7.0.1 {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) DPF name: CLSID name: MessengerStatsClient Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: MessengerStatsPAClient.dll Short name: MESSEN~2.DLL Date (created): 06/04/2004 19:03:54 Date (last access): 27/07/2006 23:25:26 Date (last write): 06/04/2004 19:03:54 Filesize: 172072 Attributes: archive MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9 CRC32: 76C3823D Version: 0.9.0.2 {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) DPF name: CLSID name: Shockwave ActiveX Control description: Macromedia ShockWave Flash Player 7 classification: Unknown known filename: SWDIR.DLL info link: info source: Patrick M. Kolla {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.DLL Short name: LEGITC~1.DLL Date (created): 17/05/2006 11:23:38 Date (last access): 26/07/2006 22:10:40 Date (last write): 17/05/2006 11:23:38 Filesize: 579888 Attributes: archive MD5: 99619B070D9AF903E874C2968FEE1E24 CRC32: 87EA3AB2 Version: 0.1.0.5 {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) DPF name: CLSID name: Minesweeper Flags Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: minesweeper.dll Short name: MINESW~1.DLL Date (created): 29/05/2003 15:00:22 Date (last access): 27/07/2006 23:25:26 Date (last write): 29/05/2003 15:00:22 Filesize: 84064 Attributes: archive MD5: F951FD0EA383DF2D49CA0359E4A86968 CRC32: 50A69718 Version: 0.7.0.1 {33564D57-0000-0010-8000-00AA00389B71} () DPF name: CLSID name: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) DPF name: CLSID name: EARTPatchX Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: EARTPX.dll Short name: Date (created): 26/10/2003 15:25:18 Date (last access): 27/07/2006 23:25:26 Date (last write): 26/10/2003 15:25:18 Filesize: 133712 Attributes: archive MD5: B58365C0A1A1A1E94BFD07FD7CC9314C CRC32: 9D644047 Version: 0.1.0.0 {62475759-9E84-458E-A1AB-5D2C442ADFDE} () DPF name: CLSID name: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) DPF name: CLSID name: WUWebControl Class Path: C:\WINDOWS\System32\ Long name: wuweb.dll Short name: Date (created): 03/08/2004 13:59:06 Date (last access): 26/07/2006 22:11:12 Date (last write): 03/08/2004 13:59:06 Filesize: 120288 Attributes: archive MD5: 0CD6248038C70B4C688DBD315D90A97A CRC32: 0EF7DE01 Version: 0.5.0.4 {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) DPF name: CLSID name: HouseCall Control description: Trend Micro Antivirus online scanner classification: Legitimate known filename: XSCAN53.OCX info link: info source: Patrick M. Kolla Path: C:\WINDOWS\DOWNLO~1\ Long name: xscan53.ocx Short name: Date (created): 09/06/2004 17:56:02 Date (last access): 25/07/2006 21:36:50 Date (last write): 09/06/2004 17:56:02 Filesize: 435712 Attributes: archive MD5: DCFFCA7F818B4CF4DF29B8932907735D CRC32: 89BBB9BF Version: 0.5.0.70 {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) DPF name: CLSID name: MessengerStatsClient Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: messengerstatsclient.dll Short name: MESSEN~1.DLL Date (created): 29/05/2003 15:00:20 Date (last access): 27/07/2006 23:25:26 Date (last write): 29/05/2003 15:00:20 Filesize: 160864 Attributes: archive MD5: B069B555A00AA026F657AA4FD13AE154 CRC32: 89BB01E1 Version: 0.7.0.1 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) DPF name: CLSID name: ActiveScan Installer Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: asinst.dll Short name: Date (created): 11/04/2005 12:20:22 Date (last access): 27/07/2006 23:25:26 Date (last write): 11/04/2005 12:20:22 Filesize: 118784 Attributes: archive MD5: 36259D36E842FCF12B3D2F3766E7529F CRC32: F62E6268 Version: 0.57.0.6 {9F1C11AA-197B-4942-BA54-47A8489BB47F} () DPF name: CLSID name: description: Windows Update classification: Legitimate known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll info link: info source: Patrick M. Kolla {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) DPF name: CLSID name: BatchDownloader Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: DigWXMSN.dll Short name: Date (created): 07/04/2005 17:59:08 Date (last access): 27/07/2006 23:25:26 Date (last write): 07/04/2005 17:59:08 Filesize: 191488 Attributes: archive MD5: 718167A6B519B31D5643C034776A70AE CRC32: 363B7B87 Version: 0.10.0.0 {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) DPF name: CLSID name: ZoneIntro Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: ZIntro.ocx Short name: Date (created): 06/04/2004 19:03:12 Date (last access): 25/07/2006 21:36:50 Date (last write): 06/04/2004 19:03:12 Filesize: 85032 Attributes: archive MD5: 65431ACCF09A96C3BE53B7681BFFE44D CRC32: C8777857 Version: 0.9.0.2 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\system32\Macromed\Flash\ Long name: Flash8.ocx Short name: Date (created): 27/08/2005 13:38:56 Date (last access): 27/07/2006 23:18:56 Date (last write): 27/08/2005 13:38:56 Filesize: 1435272 Attributes: archive MD5: 900373C059C2B51CA91BF110DBDECB33 CRC32: F19599BC Version: 0.8.0.0 {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) DPF name: CLSID name: Solitaire Showdown Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: solitaireshowdown.dll Short name: SOLITA~1.DLL Date (created): 29/05/2003 15:00:20 Date (last access): 27/07/2006 23:25:26 Date (last write): 29/05/2003 15:00:20 Filesize: 86112 Attributes: archive MD5: 6E0E81210B17C225AD8DBB86F0C41E32 CRC32: 1C944476 Version: 0.7.0.1 --- Process list --- Spybot - Search && Destroy process list report, 27/07/2006 23:31:31 PID: 0 ( 0) [System] PID: 4 ( 0) System PID: 124 (1000) C:\Program Files\3M\PSNLite\PsnLite.exe PID: 236 ( 880) C:\Program Files\iPodmini\bin\iPodService.exe PID: 272 (1000) C:\Program Files\iTunes\iTunes.exe PID: 388 ( 4) \SystemRoot\System32\smss.exe PID: 464 ( 880) alg.exe PID: 492 (1000) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PID: 812 ( 388) csrss.exe PID: 816 (1000) C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe PID: 836 ( 388) \??\C:\WINDOWS\system32\winlogon.exe PID: 880 ( 836) C:\WINDOWS\system32\services.exe PID: 892 ( 836) C:\WINDOWS\system32\lsass.exe PID: 1000 ( 704) C:\WINDOWS\Explorer.EXE PID: 1040 ( 880) C:\WINDOWS\system32\svchost.exe PID: 1096 ( 880) svchost.exe PID: 1136 ( 880) C:\WINDOWS\System32\svchost.exe PID: 1188 ( 880) svchost.exe PID: 1248 ( 880) svchost.exe PID: 1288 (1000) C:\Program Files\Xfire\Xfire.exe PID: 1348 (1136) C:\WINDOWS\system32\wscntfy.exe PID: 1368 ( 124) C:\PROGRA~1\3M\PSNLite\PSNGive.exe PID: 1420 (1000) C:\WINDOWS\Logi_MwX.Exe PID: 1440 (1000) C:\Program Files\Logitech\iTouch\iTouch.exe PID: 1536 ( 880) C:\WINDOWS\system32\spoolsv.exe PID: 1628 ( 880) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe PID: 1640 ( 880) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe PID: 1692 ( 880) C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe PID: 1716 (1000) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe PID: 1740 ( 880) C:\WINDOWS\System32 vsvc32.exe PID: 1748 (1000) C:\Program Files\Messenger Plus! 3\MsgPlus.exe PID: 1756 ( 880) C:\WINDOWS\system32\HPZipm12.exe PID: 1872 ( 880) C:\WINDOWS\System32\svchost.exe PID: 1896 ( 880) wdfmgr.exe PID: 2032 (1000) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe PID: 2044 (1000) C:\Program Files\iTunes\iTunesHelper.exe PID: 2344 (1040) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe PID: 2992 (1000) C:\Program Files\Internet Explorer\iexplore.exe PID: 3192 (1000) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe PID: 3948 ( 880) C:\WINDOWS\System32\svchost.exe PID: 4016 (1000) C:\Program Files\MSN Messenger\msnmsgr.exe --- Browser start & search pages list --- Spybot - Search && Destroy browser pages report, 27/07/2006 23:31:31 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchURL https://www.google.com/?gws_rd=ssl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page https://www.orange.fr/portail HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\System32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page https://www.msn.com/fr-fr/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: Xfire_LSP MSAFD Tcpip [TCP/IP] GUID: {56559461-2306-4AA6-A44F-972DD0806CB6} Filename: xfire_lsp_9028.dll Protocol 1: Xfire_LSP MSAFD Tcpip [UDP/IP] GUID: {09B88101-02D0-4DEE-A688-4681101F26F2} Filename: xfire_lsp_9028.dll Protocol 2: Xfire_LSP MSAFD Tcpip [RAW/IP] GUID: {5BCD7D46-3E32-454D-AA70-B850B680AB20} Filename: xfire_lsp_9028.dll Protocol 3: Xfire_LSP RSVP UDP Service Provider GUID: {FCE21FA4-C3D9-4B8A-AF41-A484BAD47637} Filename: xfire_lsp_9028.dll Protocol 4: Xfire_LSP RSVP TCP Service Provider GUID: {DA1A8136-BE14-4A16-8E7B-4FAAEF2C9D91} Filename: xfire_lsp_9028.dll Protocol 5: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 6: MSAFD Tcpip [UDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 7: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 8: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32 svpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32 svpsp.dll DB protocol: RSVP * Service Provider Protocol 9: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32 svpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32 svpsp.dll DB protocol: RSVP * Service Provider Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22159C2F-A2BE-4CD9-9DCD-449FAF495FFB}] SEQPACKET 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22159C2F-A2BE-4CD9-9DCD-449FAF495FFB}] DATAGRAM 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5D6808A-CE99-401B-986A-3ED2D6FAC347}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5D6808A-CE99-401B-986A-3ED2D6FAC347}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAF15909-EF3F-48B7-AD12-CCE134B8E1C2}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAF15909-EF3F-48B7-AD12-CCE134B8E1C2}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 20: Xfire_LSP GUID: {C6C30084-C640-4416-A427-19DD8FCF98B2} Filename: xfire_lsp_9028.dll Namespace Provider 0: TCP/IP GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Espace de noms NLA (Network Location Awareness) GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace Bon courage :D

Regis59 · Answer

Re,Le rapport est tout simple ;-)Of course j'ai spybot :D et adaware aussi ;) Tu as des bons logiciels lolYa des trucs que j'ai toujours eu, comme Active Desktop,et coolwwwserachgooglems. Le probleme c est que tu as une ancienne version de spybot, alors procedes comme ceci stp:Télécharge ceci: (merci a S!RI pour ce programme).http://siri.urz.free.fr/Fix/SmitfraudFix.zipExécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapportCopie/colle le sur le poste stp.------------------------------------------------Puis relance le et choisis option 3, accepte la suppression des fichiers de la zone de securité.Relance spybot et regarde si c est clean.Ensuite desinstalles spybot et installe la version récente:Spybot S&D 1.4 (tu as la 1.3)https://www.safer-networking.org/ Démo d’utilisation (merci à Balltrap34 pour cette réalisation).http://pageperso.aol.fr/Balltrap34/demo%20spybot.htmScan ton pc avec, copie/colle le rapport.Je ne voi plus PipasA ?!? Eradiqué ? Of course !! :-DAh au fait, l'autre jour en redémarrant,Ewido m'a detecté le Trojan SMall, a proposé Clean+Quarantin,en ,j'ai fait oui. Eradiqué? Si tu n as plus d alertes oui ! relance ewido par securité !A+;-)

BenJ · Answer

slt. je pars en vacances 15 j, j'ai pas le temps de finir ça. Je reposte dans 15J pour terminer:merci bcp de ton aideA+

Regis59 · Answer

Salut BenJ,Pas de problemes, profites bien de tes vacances :-)Et ramene nous des photos !!!!!lolAllez, repose toi bien, tu vas ou?a+

BenJ · Answer

Me revoila :D. J'étais à Lacanau avec des potes, en camping, sympa :) Alors alors, SmitFraudFix v2.75b Rapport fait à 18:09:00.07, 14/08/2006 Executé à partir de C:\Documents and Settings\Ben\Bureau\Virus\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ben\Application Data C:\Documents and Settings\Ben\Application Data\Install.dat PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ben\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Ma version 1.3 de spybot trouve Windows.ActiveDestkop.. Le rapport: --- Search result list --- Windows.ActiveDesktop: Réglages utilisateur (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1659004503-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1 --- Spybot - Search && Destroy version: 1.3 --- 2006-07-14 Includes\Cookies.sbi 2006-07-14 Includes\Dialer.sbi 2006-07-14 Includes\Hijackers.sbi 2006-07-14 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2006-07-14 Includes\Malware.sbi 2006-07-14 Includes\PUPS.sbi 2006-07-14 Includes\Revision.sbi 2006-07-14 Includes\Security.sbi 2006-07-14 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2006-07-14 Includes\Trojans.sbi --- System information --- Windows XP (Build: 2600) Service Pack 2 / Windows XP / SP2: Windows XP Service Pack 2 / Windows XP / SP3: Windows Installer 3.1 (KB893803) --- Startup entries list --- Located: HK_LM:Run, !ewido command: "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized file: C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe size: 6283264 MD5: 10c40f37ac87a18f624143d4fe6e8dec Located: HK_LM:Run, avgnt command: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe size: 233512 MD5: d05a80b5a605f8b8fb0915d1a4905471 Located: HK_LM:Run, HP Software Update command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152 MD5: ac116f16a7716a720a45d7ea47cfd983 Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 278528 MD5: 8778072a594e1310c0b7d0a93771e8bd Located: HK_LM:Run, Logitech Utility command: Logi_MwX.Exe file: C:\WINDOWS\Logi_MwX.Exe size: 19968 MD5: e57163001c8a279ab6b1a06b5834a463 Located: HK_LM:Run, LogitechGalleryRepair command: C:\Program Files\Logitech\Video\ISStart.exe file: C:\Program Files\Logitech\Video\ISStart.exe size: 188416 MD5: 3257a2a9e9943de93ee5438cb2e77359 Located: HK_LM:Run, LogitechVideoRepair command: C:\Program Files\Logitech\Video\ISStart.exe file: C:\Program Files\Logitech\Video\ISStart.exe size: 188416 MD5: 3257a2a9e9943de93ee5438cb2e77359 Located: HK_LM:Run, LogitechVideoTray command: C:\Program Files\Logitech\Video\LogiTray.exe file: C:\Program Files\Logitech\Video\LogiTray.exe size: 65536 MD5: 66fa2cc087dfa905c22a7f83ff59c7dc Located: HK_LM:Run, MessengerPlus3 command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe size: 190024 MD5: b787d9a60fee9c3732c2e2d4571bb716 Located: HK_LM:Run, MSO command: Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup file: C:\WINDOWS\system32\RUNDLL32.EXE size: 33792 MD5: cdd7140c0eaa754c527b983ccc9993cd Located: HK_LM:Run, NvMediaCenter command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit file: C:\WINDOWS\system32\RUNDLL32.EXE size: 33792 MD5: cdd7140c0eaa754c527b983ccc9993cd Located: HK_LM:Run, zBrowser Launcher command: C:\Program Files\Logitech\iTouch\iTouch.exe file: C:\Program Files\Logitech\iTouch\iTouch.exe size: 631362 MD5: 535defd797d14dbc6edc4d746dc23d41 Located: HK_CU:Run, LogitechSoftwareUpdate command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot file: C:\Program Files\Logitech\Video\ManifestEngine.exe size: 196608 MD5: c1913a21cb3a7bf314641acf0a8f81c9 Located: HK_CU:Run, Skype command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized file: C:\Program Files\Skype\Phone\Skype.exe size: 19543592 MD5: bb6d574b1913e9e1c1d1bc1e69dae29b Located: HK_CU:Run, Spamihilator command: "C:\Program Files\Spamihilator\spamihilator.exe" file: C:\Program Files\Spamihilator\spamihilator.exe size: 595968 MD5: 63c6e86d93bbb627875cb5dffe7f0ae1 Located: HK_CU:Run, Steam command: Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe size: 282624 MD5: 5597d0075861cb0a6e6087752d205c0d Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe size: 169472 MD5: 91291ca1490f952d977618544d540b87 Located: Démarrage (tous utilisateurs), NETGEAR WPN111 Smart Wizard.lnk command: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe file: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe size: 491606 MD5: 38a54162f6ef4bcc7b71b66bee3ab24a Located: Démarrage (tous utilisateurs), Post-it® Software Notes Lite.lnk command: C:\Program Files\3M\PSNLite\PsnLite.exe file: C:\Program Files\3M\PSNLite\PsnLite.exe size: 2080768 MD5: 49ad529f6ca9b4b847180e8f1af48e89 Located: Démarrage (utilisateur), Xfire.lnk command: C:\Program Files\Xfire\Xfire.exe file: C:\Program Files\Xfire\Xfire.exe size: 4423760 MD5: 7de14201671067e570b96a7beb0b4928 Located: Démarrage (désactivé), InterVideo WinCinema Manager (DISABLED) command: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE file: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE size: 77824 MD5: bf48304999ce4834c66ce07fd534cd26 Located: Démarrage (désactivé), Lancement rapide d'Adobe Reader (DISABLED) command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE size: 29696 MD5: deb88aef013dd1eefb462d7cad642166 Located: Démarrage (désactivé), Rappels du Calendrier Microsoft Works (DISABLED) command: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe file: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe size: 53317 MD5: 4b3228894d9a22fd458a663684cfd8fe --- Browser helper object list --- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) BHO name: CLSID name: AcroIEHlprObj Class description: Adobe Acrobat reader classification: Legitimate known filename: AcroIEhelper.ocx
AcroIEhelper.dll info link: https://get2.adobe.com/reader/otherversions/ info source: TonyKlein Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 14/12/2004 01:56:50 Date (last access): 14/08/2006 17:14:38 Date (last write): 14/12/2004 01:56:50 Filesize: 63136 Attributes: archive MD5: 42729C3DE75A7A51FC6F9EF6546C9199 CRC32: 4D60BD07 Version: 0.7.0.0 {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) BHO name: CLSID name: Google Toolbar Helper Path: c:\program files\google\ Long name: GoogleToolbar1.dll Short name: GOOGLE~1.DLL Date (created): 27/02/2006 20:36:44 Date (last access): 14/08/2006 17:14:38 Date (last write): 14/02/2006 21:06:14 Filesize: 1204224 Attributes: readonly archive MD5: D91CB7361D7814035F543C7CCAE9DD60 CRC32: 16D568FF Version: 0.3.0.0 --- ActiveX list --- Interface Chat Voila (Interface Chat Voila) DPF name: Interface Chat Voila CLSID name: Interface Chat Wanadoo (Interface Chat Wanadoo) DPF name: Interface Chat Wanadoo CLSID name: Microsoft XML Parser for Java (Microsoft XML Parser for Java) DPF name: Microsoft XML Parser for Java CLSID name: description: classification: Legitimate known filename: %WINDIR%\Java\classes\xmldso.cab info link: info source: Patrick M. Kolla Yahoo! Pool 2 (Yahoo! Pool 2) DPF name: Yahoo! Pool 2 CLSID name: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) DPF name: CLSID name: Checkers Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: msgrchkr.dll Short name: Date (created): 29/05/2003 15:00:18 Date (last access): 14/08/2006 17:50:54 Date (last write): 29/05/2003 15:00:18 Filesize: 77408 Attributes: archive MD5: 42D567DF86B9B7AC4A89664C9651B68B CRC32: 47FF3D19 Version: 0.7.0.1 {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) DPF name: CLSID name: MessengerStatsClient Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: MessengerStatsPAClient.dll Short name: MESSEN~2.DLL Date (created): 06/04/2004 19:03:54 Date (last access): 14/08/2006 17:50:54 Date (last write): 06/04/2004 19:03:54 Filesize: 172072 Attributes: archive MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9 CRC32: 76C3823D Version: 0.9.0.2 {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) DPF name: CLSID name: Shockwave ActiveX Control description: Macromedia ShockWave Flash Player 7 classification: Unknown known filename: SWDIR.DLL info link: info source: Patrick M. Kolla {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.DLL Short name: LEGITC~1.DLL Date (created): 17/05/2006 11:23:38 Date (last access): 14/08/2006 13:17:52 Date (last write): 17/05/2006 11:23:38 Filesize: 579888 Attributes: archive MD5: 99619B070D9AF903E874C2968FEE1E24 CRC32: 87EA3AB2 Version: 0.1.0.5 {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) DPF name: CLSID name: Minesweeper Flags Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: minesweeper.dll Short name: MINESW~1.DLL Date (created): 29/05/2003 15:00:22 Date (last access): 14/08/2006 17:50:54 Date (last write): 29/05/2003 15:00:22 Filesize: 84064 Attributes: archive MD5: F951FD0EA383DF2D49CA0359E4A86968 CRC32: 50A69718 Version: 0.7.0.1 {33564D57-0000-0010-8000-00AA00389B71} () DPF name: CLSID name: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) DPF name: CLSID name: EARTPatchX Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: EARTPX.dll Short name: Date (created): 26/10/2003 15:25:18 Date (last access): 14/08/2006 17:50:54 Date (last write): 26/10/2003 15:25:18 Filesize: 133712 Attributes: archive MD5: B58365C0A1A1A1E94BFD07FD7CC9314C CRC32: 9D644047 Version: 0.1.0.0 {62475759-9E84-458E-A1AB-5D2C442ADFDE} () DPF name: CLSID name: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) DPF name: CLSID name: WUWebControl Class Path: C:\WINDOWS\System32\ Long name: wuweb.dll Short name: Date (created): 03/08/2004 13:59:06 Date (last access): 14/08/2006 13:18:30 Date (last write): 03/08/2004 13:59:06 Filesize: 120288 Attributes: archive MD5: 0CD6248038C70B4C688DBD315D90A97A CRC32: 0EF7DE01 Version: 0.5.0.4 {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) DPF name: CLSID name: HouseCall Control description: Trend Micro Antivirus online scanner classification: Legitimate known filename: XSCAN53.OCX info link: info source: Patrick M. Kolla Path: C:\WINDOWS\DOWNLO~1\ Long name: xscan53.ocx Short name: Date (created): 09/06/2004 17:56:02 Date (last access): 28/07/2006 16:16:00 Date (last write): 09/06/2004 17:56:02 Filesize: 435712 Attributes: archive MD5: DCFFCA7F818B4CF4DF29B8932907735D CRC32: 89BBB9BF Version: 0.5.0.70 {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) DPF name: CLSID name: MessengerStatsClient Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: messengerstatsclient.dll Short name: MESSEN~1.DLL Date (created): 29/05/2003 15:00:20 Date (last access): 14/08/2006 17:50:54 Date (last write): 29/05/2003 15:00:20 Filesize: 160864 Attributes: archive MD5: B069B555A00AA026F657AA4FD13AE154 CRC32: 89BB01E1 Version: 0.7.0.1 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) DPF name: CLSID name: ActiveScan Installer Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: asinst.dll Short name: Date (created): 11/04/2005 12:20:22 Date (last access): 14/08/2006 17:50:54 Date (last write): 11/04/2005 12:20:22 Filesize: 118784 Attributes: archive MD5: 36259D36E842FCF12B3D2F3766E7529F CRC32: F62E6268 Version: 0.57.0.6 {9F1C11AA-197B-4942-BA54-47A8489BB47F} () DPF name: CLSID name: description: Windows Update classification: Legitimate known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll info link: info source: Patrick M. Kolla {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) DPF name: CLSID name: BatchDownloader Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: DigWXMSN.dll Short name: Date (created): 07/04/2005 17:59:08 Date (last access): 14/08/2006 17:50:54 Date (last write): 07/04/2005 17:59:08 Filesize: 191488 Attributes: archive MD5: 718167A6B519B31D5643C034776A70AE CRC32: 363B7B87 Version: 0.10.0.0 {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) DPF name: CLSID name: ZoneIntro Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: ZIntro.ocx Short name: Date (created): 06/04/2004 19:03:12 Date (last access): 28/07/2006 16:16:00 Date (last write): 06/04/2004 19:03:12 Filesize: 85032 Attributes: archive MD5: 65431ACCF09A96C3BE53B7681BFFE44D CRC32: C8777857 Version: 0.9.0.2 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\system32\Macromed\Flash\ Long name: Flash8.ocx Short name: Date (created): 27/08/2005 13:38:56 Date (last access): 14/08/2006 17:16:08 Date (last write): 27/08/2005 13:38:56 Filesize: 1435272 Attributes: archive MD5: 900373C059C2B51CA91BF110DBDECB33 CRC32: F19599BC Version: 0.8.0.0 {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) DPF name: CLSID name: Solitaire Showdown Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: solitaireshowdown.dll Short name: SOLITA~1.DLL Date (created): 29/05/2003 15:00:20 Date (last access): 14/08/2006 17:50:54 Date (last write): 29/05/2003 15:00:20 Filesize: 86112 Attributes: archive MD5: 6E0E81210B17C225AD8DBB86F0C41E32 CRC32: 1C944476 Version: 0.7.0.1 --- Process list --- Spybot - Search && Destroy process list report, 14/08/2006 17:58:05 PID: 0 ( 0) [System] PID: 4 ( 0) System PID: 272 ( 524) C:\WINDOWS\System32\svchost.exe PID: 396 ( 4) \SystemRoot\System32\smss.exe PID: 456 ( 396) csrss.exe PID: 480 ( 396) \??\C:\WINDOWS\system32\winlogon.exe PID: 524 ( 480) C:\WINDOWS\system32\services.exe PID: 536 ( 480) C:\WINDOWS\system32\lsass.exe PID: 684 ( 524) C:\WINDOWS\system32\svchost.exe PID: 740 ( 524) svchost.exe PID: 780 ( 524) C:\WINDOWS\System32\svchost.exe PID: 832 ( 524) svchost.exe PID: 1000 ( 524) svchost.exe PID: 1076 (1248) C:\WINDOWS\Logi_MwX.Exe PID: 1108 (1248) C:\Program Files\Logitech\iTouch\iTouch.exe PID: 1164 ( 780) C:\WINDOWS\system32\wscntfy.exe PID: 1248 (1196) C:\WINDOWS\Explorer.EXE PID: 1260 (1248) C:\Program Files\Messenger Plus! 3\MsgPlus.exe PID: 1276 (1248) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe PID: 1396 (1248) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe PID: 1440 (1248) C:\Program Files\iTunes\iTunesHelper.exe PID: 1632 ( 524) C:\WINDOWS\system32\spoolsv.exe PID: 1728 ( 524) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe PID: 1740 ( 524) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe PID: 1800 ( 524) C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe PID: 1828 ( 524) C:\WINDOWS\System32 vsvc32.exe PID: 1840 ( 524) C:\WINDOWS\system32\HPZipm12.exe PID: 1888 ( 524) C:\WINDOWS\System32\svchost.exe PID: 1972 ( 524) wdfmgr.exe PID: 1980 (1248) C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe PID: 2032 ( 524) alg.exe PID: 2220 ( 524) C:\Program Files\iPodmini\bin\iPodService.exe PID: 2316 (1248) C:\Program Files\Spamihilator\spamihilator.exe PID: 2336 (1248) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PID: 2356 (1248) C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe PID: 2372 (1248) C:\Program Files\3M\PSNLite\PsnLite.exe PID: 2432 (2372) C:\PROGRA~1\3M\PSNLite\PSNGive.exe PID: 2660 (1248) C:\Program Files\Xfire\Xfire.exe PID: 2688 (1248) C:\Program Files\Internet Explorer\iexplore.exe PID: 3072 ( 684) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe PID: 3484 (1248) C:\Program Files\iTunes\iTunes.exe PID: 3492 (1248) C:\Program Files\MSN Messenger\msnmsgr.exe PID: 3576 (1248) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe --- Browser start & search pages list --- Spybot - Search && Destroy browser pages report, 14/08/2006 17:58:05 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchURL https://www.google.com/?gws_rd=ssl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page https://www.orange.fr/portail HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\System32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page https://www.msn.com/fr-fr/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: Xfire_LSP MSAFD Tcpip [TCP/IP] GUID: {56559461-2306-4AA6-A44F-972DD0806CB6} Filename: xfire_lsp_9028.dll Protocol 1: Xfire_LSP MSAFD Tcpip [UDP/IP] GUID: {09B88101-02D0-4DEE-A688-4681101F26F2} Filename: xfire_lsp_9028.dll Protocol 2: Xfire_LSP MSAFD Tcpip [RAW/IP] GUID: {5BCD7D46-3E32-454D-AA70-B850B680AB20} Filename: xfire_lsp_9028.dll Protocol 3: Xfire_LSP RSVP UDP Service Provider GUID: {FCE21FA4-C3D9-4B8A-AF41-A484BAD47637} Filename: xfire_lsp_9028.dll Protocol 4: Xfire_LSP RSVP TCP Service Provider GUID: {DA1A8136-BE14-4A16-8E7B-4FAAEF2C9D91} Filename: xfire_lsp_9028.dll Protocol 5: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 6: MSAFD Tcpip [UDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 7: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 8: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32 svpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32 svpsp.dll DB protocol: RSVP * Service Provider Protocol 9: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32 svpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32 svpsp.dll DB protocol: RSVP * Service Provider Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22159C2F-A2BE-4CD9-9DCD-449FAF495FFB}] SEQPACKET 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22159C2F-A2BE-4CD9-9DCD-449FAF495FFB}] DATAGRAM 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5D6808A-CE99-401B-986A-3ED2D6FAC347}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5D6808A-CE99-401B-986A-3ED2D6FAC347}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAF15909-EF3F-48B7-AD12-CCE134B8E1C2}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAF15909-EF3F-48B7-AD12-CCE134B8E1C2}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 20: Xfire_LSP GUID: {C6C30084-C640-4416-A427-19DD8FCF98B2} Filename: xfire_lsp_9028.dll Namespace Provider 0: TCP/IP GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Espace de noms NLA (Network Location Awareness) GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace J'ai installé spybot 1.4; il trouve CoolWWWsearch.SearchToolbar CoolWWWsearch HotsearchBar WindowsActiveDestkop Voici le rapport de spybot 1.4: --- Search result list --- CoolWWWSearch: Dossier Programme (Répertoire, nothing done) C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\MSFT\ HotsearchBar: Fichier temporaire (Fichier, nothing done) C:\Documents and Settings\Ben\Local Settings\Temp se17.tmp HotsearchBar: Fichier temporaire (Fichier, nothing done) C:\Documents and Settings\Ben\Local Settings\Temp se18.tmp HotsearchBar: Fichier temporaire (Fichier, nothing done) C:\Documents and Settings\Ben\Local Settings\Temp sb5A.tmp HotsearchBar: Fichier temporaire (Fichier, nothing done) C:\Documents and Settings\Ben\Local Settings\Temp sr5B.tmp Windows.ActiveDesktop: Réglages utilisateur (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1659004503-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1 CoolWWWSearch.SearchToolbar: Réglages (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1659004503-842925246-682003330-1003\Software\SearchToolbar CoolWWWSearch.SearchToolbar: Barre d'outils IE (Clé du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2006-08-14 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2006-02-06 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2006-02-20 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2006-08-11 Includes\Cookies.sbi (*) 2006-08-11 Includes\Dialer.sbi (*) 2006-08-11 Includes\Hijackers.sbi (*) 2006-08-11 Includes\Keyloggers.sbi (*) 2006-08-11 Includes\Malware.sbi (*) 2006-08-11 Includes\PUPS.sbi (*) 2006-08-11 Includes\Revision.sbi (*) 2006-08-11 Includes\Security.sbi (*) 2006-08-11 Includes\Spybots.sbi (*) 2005-02-17 Includes\Tracks.uti 2006-08-11 Includes\Trojans.sbi (*) --- System information --- Windows XP (Build: 2600) Service Pack 2 / Windows XP / SP2: Windows XP Service Pack 2 / Windows XP / SP3: Windows Installer 3.1 (KB893803) --- Startup entries list --- Located: HK_LM:Run, !ewido command: "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized file: C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe size: 6283264 MD5: 10c40f37ac87a18f624143d4fe6e8dec Located: HK_LM:Run, avgnt command: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe size: 233512 MD5: d05a80b5a605f8b8fb0915d1a4905471 Located: HK_LM:Run, HP Software Update command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152 MD5: ac116f16a7716a720a45d7ea47cfd983 Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 278528 MD5: 8778072a594e1310c0b7d0a93771e8bd Located: HK_LM:Run, Logitech Utility command: Logi_MwX.Exe file: C:\WINDOWS\Logi_MwX.Exe size: 19968 MD5: e57163001c8a279ab6b1a06b5834a463 Located: HK_LM:Run, LogitechGalleryRepair command: C:\Program Files\Logitech\Video\ISStart.exe file: C:\Program Files\Logitech\Video\ISStart.exe size: 188416 MD5: 3257a2a9e9943de93ee5438cb2e77359 Located: HK_LM:Run, LogitechVideoRepair command: C:\Program Files\Logitech\Video\ISStart.exe file: C:\Program Files\Logitech\Video\ISStart.exe size: 188416 MD5: 3257a2a9e9943de93ee5438cb2e77359 Located: HK_LM:Run, LogitechVideoTray command: C:\Program Files\Logitech\Video\LogiTray.exe file: C:\Program Files\Logitech\Video\LogiTray.exe size: 65536 MD5: 66fa2cc087dfa905c22a7f83ff59c7dc Located: HK_LM:Run, MessengerPlus3 command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe size: 190024 MD5: b787d9a60fee9c3732c2e2d4571bb716 Located: HK_LM:Run, MSO command: file: Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup file: C:\WINDOWS\system32\RUNDLL32.EXE size: 33792 MD5: cdd7140c0eaa754c527b983ccc9993cd Located: HK_LM:Run, NvMediaCenter command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit file: C:\WINDOWS\system32\RUNDLL32.EXE size: 33792 MD5: cdd7140c0eaa754c527b983ccc9993cd Located: HK_LM:Run, zBrowser Launcher command: C:\Program Files\Logitech\iTouch\iTouch.exe file: C:\Program Files\Logitech\iTouch\iTouch.exe size: 631362 MD5: 535defd797d14dbc6edc4d746dc23d41 Located: HK_CU:Run, LogitechSoftwareUpdate command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot file: C:\Program Files\Logitech\Video\ManifestEngine.exe size: 196608 MD5: c1913a21cb3a7bf314641acf0a8f81c9 Located: HK_CU:Run, Skype command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized file: C:\Program Files\Skype\Phone\Skype.exe size: 19543592 MD5: bb6d574b1913e9e1c1d1bc1e69dae29b Located: HK_CU:Run, Spamihilator command: "C:\Program Files\Spamihilator\spamihilator.exe" file: C:\Program Files\Spamihilator\spamihilator.exe size: 595968 MD5: 63c6e86d93bbb627875cb5dffe7f0ae1 Located: HK_CU:Run, Steam command: file: Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe size: 282624 MD5: 5597d0075861cb0a6e6087752d205c0d Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe size: 169472 MD5: 91291ca1490f952d977618544d540b87 Located: Démarrage (tous utilisateurs), NETGEAR WPN111 Smart Wizard.lnk command: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe file: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe size: 491606 MD5: 38a54162f6ef4bcc7b71b66bee3ab24a Located: Démarrage (tous utilisateurs), Post-it® Software Notes Lite.lnk command: C:\Program Files\3M\PSNLite\PsnLite.exe file: C:\Program Files\3M\PSNLite\PsnLite.exe size: 2080768 MD5: 49ad529f6ca9b4b847180e8f1af48e89 Located: Démarrage (utilisateur), Xfire.lnk command: C:\Program Files\Xfire\Xfire.exe file: C:\Program Files\Xfire\Xfire.exe size: 4423760 MD5: 7de14201671067e570b96a7beb0b4928 Located: Démarrage (désactivé), InterVideo WinCinema Manager (DISABLED) command: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE file: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE size: 77824 MD5: bf48304999ce4834c66ce07fd534cd26 Located: Démarrage (désactivé), Lancement rapide d'Adobe Reader (DISABLED) command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE size: 29696 MD5: deb88aef013dd1eefb462d7cad642166 Located: Démarrage (désactivé), Rappels du Calendrier Microsoft Works (DISABLED) command: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe file: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe size: 53317 MD5: 4b3228894d9a22fd458a663684cfd8fe Located: System.ini, crypt32chain command: crypt32.dll file: crypt32.dll Located: System.ini, cryptnet command: cryptnet.dll file: cryptnet.dll Located: System.ini, cscdll command: cscdll.dll file: cscdll.dll Located: System.ini, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: System.ini, Schedule command: wlnotify.dll file: wlnotify.dll Located: System.ini, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: System.ini, SensLogn command: WlNotify.dll file: WlNotify.dll Located: System.ini, termsrv command: wlnotify.dll file: wlnotify.dll Located: System.ini, wlballoon command: wlnotify.dll file: wlnotify.dll --- Browser helper object list --- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) BHO name: CLSID name: AcroIEHlprObj Class description: Adobe Acrobat reader classification: Legitimate known filename: AcroIEhelper.ocx
AcroIEhelper.dll info link: https://get2.adobe.com/reader/otherversions/ info source: TonyKlein Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 14/12/2004 01:56:50 Date (last access): 14/08/2006 18:15:58 Date (last write): 14/12/2004 01:56:50 Filesize: 63136 Attributes: archive MD5: 42729C3DE75A7A51FC6F9EF6546C9199 CRC32: 4D60BD07 Version: 7.0.0.1333 {53707962-6F74-2D53-2644-206D7942484F} () BHO name: CLSID name: description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\Program Files\Spybot - Search & Destroy\ Long name: SDHelper.dll Short name: Date (created): 14/08/2006 18:11:58 Date (last access): 14/08/2006 18:11:58 Date (last write): 31/05/2005 01:04:00 Filesize: 853672 Attributes: archive MD5: 250D787A5712D7768DDC133B3E477759 CRC32: D4589A41 Version: 1.4.0.0 {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) BHO name: CLSID name: Google Toolbar Helper description: Google toolbar classification: Open for discussion known filename: googletoolbar.dll
googletoolbar*.dll
(* = number)
googletoolbar_en_*.**-big.dll
Googletoolbar_en_*.*.**-deleon.dll info link: http://www.google.com/intl/fr/toolbar/ie/index.html info source: TonyKlein Path: c:\program files\google\ Long name: GoogleToolbar1.dll Short name: GOOGLE~1.DLL Date (created): 27/02/2006 20:36:44 Date (last access): 14/08/2006 18:15:58 Date (last write): 14/02/2006 21:06:14 Filesize: 1204224 Attributes: readonly archive MD5: D91CB7361D7814035F543C7CCAE9DD60 CRC32: 16D568FF Version: 3.0.131.0 --- ActiveX list --- Interface Chat Voila (Interface Chat Voila) DPF name: Interface Chat Voila CLSID name: Installer: Codebase: http://chat9.x-echo.com/version6/Applet/vchatsign.cab Interface Chat Wanadoo (Interface Chat Wanadoo) DPF name: Interface Chat Wanadoo CLSID name: Installer: Codebase: http://chat4.x-echo.com/version6/Applet/wchatsign.cab Microsoft XML Parser for Java (Microsoft XML Parser for Java) DPF name: Microsoft XML Parser for Java CLSID name: Installer: Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab description: classification: Legitimate known filename: %WINDIR%\Java\classes\xmldso.cab info link: info source: Patrick M. Kolla Yahoo! Pool 2 (Yahoo! Pool 2) DPF name: Yahoo! Pool 2 CLSID name: Installer: Codebase: http://download.games.yahoo.com/games/clients/y/pote_x.cab description: classification: Legitimate known filename: info link: info source: Safer Networking Ltd. {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) DPF name: CLSID name: Checkers Class Installer: Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab description: classification: Legitimate known filename: msgrchkr.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: msgrchkr.dll Short name: Date (created): 29/05/2003 15:00:18 Date (last access): 14/08/2006 17:50:54 Date (last write): 29/05/2003 15:00:18 Filesize: 77408 Attributes: archive MD5: 42D567DF86B9B7AC4A89664C9651B68B CRC32: 47FF3D19 Version: 7.1.9502.1 {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) DPF name: CLSID name: MessengerStatsClient Class Installer: Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab description: classification: Legitimate known filename: MessengerStatsPAClient.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: MessengerStatsPAClient.dll Short name: MESSEN~2.DLL Date (created): 06/04/2004 19:03:54 Date (last access): 14/08/2006 17:50:54 Date (last write): 06/04/2004 19:03:54 Filesize: 172072 Attributes: archive MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9 CRC32: 76C3823D Version: 9.2.7513.1 {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) DPF name: CLSID name: Shockwave ActiveX Control Installer: C:\WINDOWS\Downloaded Program Files\erma.inf Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab description: Macromedia ShockWave Flash Player 7 classification: Legitimate known filename: SWDIR.DLL info link: info source: Patrick M. Kolla {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf Codebase: http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab description: classification: Legitimate known filename: LegitCheckControl.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.DLL Short name: LEGITC~1.DLL Date (created): 17/05/2006 11:23:38 Date (last access): 14/08/2006 17:58:06 Date (last write): 17/05/2006 11:23:38 Filesize: 579888 Attributes: archive MD5: 99619B070D9AF903E874C2968FEE1E24 CRC32: 87EA3AB2 Version: 1.5.530.0 {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) DPF name: CLSID name: Minesweeper Flags Class Installer: Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab description: classification: Legitimate known filename: minesweeper.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: minesweeper.dll Short name: MINESW~1.DLL Date (created): 29/05/2003 15:00:22 Date (last access): 14/08/2006 17:50:54 Date (last write): 29/05/2003 15:00:22 Filesize: 84064 Attributes: archive MD5: F951FD0EA383DF2D49CA0359E4A86968 CRC32: 50A69718 Version: 7.1.9502.1 {33564D57-0000-0010-8000-00AA00389B71} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922... description: classification: Legitimate known filename: info link: info source: Safer Networking Ltd. {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) DPF name: CLSID name: EARTPatchX Class Installer: C:\WINDOWS\Downloaded Program Files\EARTPX.inf Codebase: http://www.ea.com/downloads/rtpatch/EARTPX.cab description: classification: Open for discussion known filename: EARTPX.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: EARTPX.dll Short name: Date (created): 26/10/2003 15:25:18 Date (last access): 14/08/2006 17:50:54 Date (last write): 26/10/2003 15:25:18 Filesize: 133712 Attributes: archive MD5: B58365C0A1A1A1E94BFD07FD7CC9314C CRC32: 9D644047 Version: 1.0.0.3 {62475759-9E84-458E-A1AB-5D2C442ADFDE} () DPF name: CLSID name: Installer: Codebase: http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win... description: classification: Open for discussion known filename: info link: info source: Safer Networking Ltd. {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) DPF name: CLSID name: WUWebControl Class Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf Codebase: http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s... description: classification: Legitimate known filename: wuweb.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\System32\ Long name: wuweb.dll Short name: Date (created): 03/08/2004 13:59:06 Date (last access): 14/08/2006 17:58:06 Date (last write): 03/08/2004 13:59:06 Filesize: 120288 Attributes: archive MD5: 0CD6248038C70B4C688DBD315D90A97A CRC32: 0EF7DE01 Version: 5.4.3790.2182 {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) DPF name: CLSID name: HouseCall Control Installer: C:\WINDOWS\Downloaded Program Files\xscan.inf Codebase: https://www.trendmicro.com/en_us/forHome/products/housecall.html description: Trend Micro Antivirus online scanner classification: Legitimate known filename: XSCAN53.OCX info link: info source: Patrick M. Kolla Path: C:\WINDOWS\DOWNLO~1\ Long name: xscan53.ocx Short name: Date (created): 09/06/2004 17:56:02 Date (last access): 14/08/2006 17:58:06 Date (last write): 09/06/2004 17:56:02 Filesize: 435712 Attributes: archive MD5: DCFFCA7F818B4CF4DF29B8932907735D CRC32: 89BBB9BF Version: 5.70.0.1086 {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) DPF name: CLSID name: MessengerStatsClient Class Installer: Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab description: classification: Legitimate known filename: messengerstatsclient.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: messengerstatsclient.dll Short name: MESSEN~1.DLL Date (created): 29/05/2003 15:00:20 Date (last access): 14/08/2006 17:50:54 Date (last write): 29/05/2003 15:00:20 Filesize: 160864 Attributes: archive MD5: B069B555A00AA026F657AA4FD13AE154 CRC32: 89BB01E1 Version: 7.1.9502.1 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) DPF name: CLSID name: ActiveScan Installer Class Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf Codebase: https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab description: classification: Open for discussion known filename: ASINST.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: asinst.dll Short name: Date (created): 11/04/2005 12:20:22 Date (last access): 14/08/2006 17:50:54 Date (last write): 11/04/2005 12:20:22 Filesize: 118784 Attributes: archive MD5: 36259D36E842FCF12B3D2F3766E7529F CRC32: F62E6268 Version: 57.6.0.0 {9F1C11AA-197B-4942-BA54-47A8489BB47F} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.5723842593 description: Windows Update classification: Legitimate known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll info link: info source: Patrick M. Kolla {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) DPF name: CLSID name: BatchDownloader Class Installer: C:\WINDOWS\Downloaded Program Files\DigWXMSN.inf Codebase: http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: DigWXMSN.dll Short name: Date (created): 07/04/2005 17:59:08 Date (last access): 14/08/2006 17:50:54 Date (last write): 07/04/2005 17:59:08 Filesize: 191488 Attributes: archive MD5: 718167A6B519B31D5643C034776A70AE CRC32: 363B7B87 Version: 10.0.910.0 {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) DPF name: CLSID name: ZoneIntro Class Installer: Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab description: classification: Legitimate known filename: ZIntro.ocx info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: ZIntro.ocx Short name: Date (created): 06/04/2004 19:03:12 Date (last access): 14/08/2006 17:58:06 Date (last write): 06/04/2004 19:03:12 Filesize: 85032 Attributes: archive MD5: 65431ACCF09A96C3BE53B7681BFFE44D CRC32: C8777857 Version: 9.2.7513.1 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf Codebase: http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\system32\Macromed\Flash\ Long name: Flash8.ocx Short name: Date (created): 27/08/2005 13:38:56 Date (last access): 14/08/2006 17:16:08 Date (last write): 27/08/2005 13:38:56 Filesize: 1435272 Attributes: archive MD5: 900373C059C2B51CA91BF110DBDECB33 CRC32: F19599BC Version: 8.0.22.0 {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) DPF name: CLSID name: Solitaire Showdown Class Installer: Codebase: http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab description: classification: Legitimate known filename: solitaireshowdown.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: solitaireshowdown.dll Short name: SOLITA~1.DLL Date (created): 29/05/2003 15:00:20 Date (last access): 14/08/2006 17:50:54 Date (last write): 29/05/2003 15:00:20 Filesize: 86112 Attributes: archive MD5: 6E0E81210B17C225AD8DBB86F0C41E32 CRC32: 1C944476 Version: 7.1.9502.1 --- Process list --- PID: 0 ( 0) [System] PID: 388 ( 4) \SystemRoot\System32\smss.exe PID: 452 ( 388) \??\C:\WINDOWS\system32\csrss.exe PID: 848 ( 388) \??\C:\WINDOWS\system32\winlogon.exe PID: 892 ( 848) C:\WINDOWS\system32\services.exe size: 108544 MD5: 63DCDE1A0D86EEB8924D6738FF616EAD PID: 904 ( 848) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 259AF82A0932EEA4F316F92DB94707B6 PID: 1060 ( 892) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 1116 ( 892) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 1260 ( 892) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 1312 ( 892) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 1452 ( 892) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 1760 ( 892) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: DF9FC62AD51CB082B0AE371919A232CB PID: 1856 ( 892) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe size: 34344 MD5: 756696E86515155A2DB03E1CD7C4EBD0 PID: 1868 ( 892) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe size: 192040 MD5: BEE96D31BE5BB8F5E2F7AEB6984D308D PID: 1924 ( 892) C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe size: 172032 MD5: F8D982556A9E0795829632FF0812DC2D PID: 1968 ( 892) C:\WINDOWS\System32 vsvc32.exe size: 110659 MD5: 8FB3996085D399475BACE196CA981A0A PID: 1996 ( 892) C:\WINDOWS\system32\HPZipm12.exe size: 69632 MD5: 9D84376931440F3679BEEF2A414FA493 PID: 200 ( 892) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 224 ( 892) C:\WINDOWS\System32\wdfmgr.exe size: 38912 MD5: C81B8635DEE0D3EF5F64B3DD643023A5 PID: 1248 ( 720) C:\WINDOWS\Explorer.EXE size: 1036288 MD5: 2A7BD330924252A2FD80344FC949BB72 PID: 1656 (1248) C:\WINDOWS\Logi_MwX.Exe size: 19968 MD5: E57163001C8A279AB6B1A06B5834A463 PID: 1684 (1248) C:\Program Files\Logitech\iTouch\iTouch.exe size: 631362 MD5: 535DEFD797D14DBC6EDC4D746DC23D41 PID: 1488 (1248) C:\Program Files\Messenger Plus! 3\MsgPlus.exe size: 190024 MD5: B787D9A60FEE9C3732C2E2D4571BB716 PID: 168 (1248) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152

Regis59 · Answer

Ah super, tu as du t eclater lol----------------------------------------------------------------------------Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5).  ----------------------------------------------------------------------------Relance le programme Smitfraud,Cette fois choisit l’option 2, répond oui a tous ;Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forumEnsuite desinstalles spybot et installe la version récente: Spybot S&D 1.4 (tu as la 1.3) https://www.safer-networking.org/ Démo d’utilisation (merci à Balltrap34 pour cette réalisation). http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm Scan ton pc avec, copie/colle le rapport. A+

[Trojan] Infecté par Pipas. A

25 réponses

Votre réponse

Discussions similaires

Newsletters